Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen

cosinus · 08.04.2011, 14:57

Ja bitte wvcheck machen.

torock · 08.04.2011, 15:04

hier die logs von wvcheck:

Windows Validation Check
Version: 1.9.11.5
Log Created On: 1559_08-04-2011
-----------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 2
Windows Mode: Normal
Systemroot Path: C:\WINDOWS

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2011-04-08 08:06:17
Last Success Time for Update Download: 2011-04-08 13:52:11
Last Success Time for Update Installation: 2011-04-08 10:41:23

WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------

WVCheck's File Dump
-----------------------
WVCheck found no known bad files.

WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.

WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.

WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.

WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.

WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 56785fd5236d7b22cf471a6da9db46d8

-------- End of File, program close at 1559_08-04-2011 --------

cosinus · 08.04.2011, 15:12

Das sieht freundlicher aus.
Probier bitte jetzt CF nochmal aus - cofi.exe neu runterladen!!

torock · 08.04.2011, 15:34

shit! hab cf neu runter geladen und als das programm dateien löschen wollte ist der computer wiedermal abgestürzt.

torock · 08.04.2011, 17:01

hab hier was von combofix:

ComboFix 11-04-07.08 - Administrator 08.04.2011 17:41:00.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.3326.2798 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Administrator\Desktop\cofi.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))

---- Vorheriger Suchlauf -------

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\1.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\a.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\b.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\c.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\d.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\e.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\f.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\g.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\h.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\i.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\J.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\k.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\l.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\m.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\mru.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\n.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\o.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\p.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\q.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\r.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\s.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\t.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\u.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\v.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\w.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\x.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\y.xml
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong\Data\z.xml
C:\Dokumente und Einstellungen\Administrator\Desktop\Internet Explorer.lnk
C:\WINDOWS\user32.dll

((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_H8SRTD.SYS

((((((((((((((((((((((( Dateien erstellt von 2011-03-08 bis 2011-04-08 ))))))))))))))))))))))))))))))

2011-04-08 14:02:58 . 2011-04-08 15:36:50 578560 ----a-w- C:\WINDOWS\system32\user32.dll
2011-04-08 11:02:40 . 2011-04-08 11:02:40 580096 ----a-w- C:\user32.dll
2011-04-08 08:07:22 . 2011-04-08 08:07:22 -------- d-----w- C:\Programme\MSXML 4.0
2011-04-07 23:15:44 . 2011-04-07 23:15:45 -------- d-----w- C:\Programme\Windows Media Connect 2
2011-04-07 07:04:09 . 2011-04-07 07:04:09 -------- d-----w- C:\WINDOWS\system32\CatRoot_bak
2011-04-04 20:55:33 . 2011-04-04 20:55:33 -------- d-----w- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com
2011-04-04 20:55:21 . 2011-04-04 20:55:40 -------- d-----w- C:\Programme\SUPERAntiSpyware
2011-04-04 20:50:13 . 2011-04-04 20:50:13 -------- d-----w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2011-04-04 20:03:14 . 2011-04-04 20:07:32 -------- d-----w- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Online Solutions
2011-04-03 18:01:10 . 2011-02-23 13:56:55 371544 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-04-03 16:36:11 . 2011-04-03 16:36:11 -------- d-----w- C:\_OTL
2011-04-02 15:12:46 . 2010-12-20 16:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-04-02 15:12:43 . 2011-04-02 15:13:36 -------- d-----w- C:\Programme\Malwarebytes' Anti-Malware
2011-04-02 15:12:43 . 2010-12-20 16:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-03-31 15:47:56 . 2011-03-31 15:47:56 -------- d-----w- C:\Programme\Enigma Software Group
2011-03-31 15:47:29 . 2011-03-31 16:53:51 -------- d-----w- C:\WINDOWS\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-03-30 16:58:11 . 2011-03-30 16:58:11 -------- d-----w- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2011-03-30 16:58:03 . 2011-03-30 16:58:03 -------- d-----w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-03-24 22:01:53 . 2011-03-24 22:01:55 -------- d-----w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Jagd Simulator 2011
2011-03-24 18:29:59 . 2011-03-24 18:29:46 65536 ----a-w- C:\WINDOWS\TADSUINS.EXE

(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-02-23 14:04:21 . 2010-07-22 20:56:47 40648 ----a-w- C:\WINDOWS\avastSS.scr
2011-02-23 14:04:17 . 2010-07-22 20:56:47 190016 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2011-02-23 13:56:45 . 2010-07-22 20:57:11 301528 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2011-02-23 13:55:49 . 2010-07-22 20:57:09 49240 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-02-23 13:55:47 . 2010-07-22 20:57:08 102232 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-02-23 13:55:44 . 2010-07-22 20:57:08 96344 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2011-02-23 13:55:10 . 2010-07-22 20:57:10 25432 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-02-23 13:54:57 . 2010-07-22 20:57:06 30680 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-02-23 13:54:55 . 2010-07-22 20:57:11 19544 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-02-02 20:40:23 . 2010-10-07 22:00:16 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2011-02-02 18:19:39 . 2009-07-12 18:46:56 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2011-01-14 19:36:05 . 2011-01-14 19:36:05 81408 ----a-w- C:\WINDOWS\system32\drivers\SSHDRV86.sys

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04:11 122512 ----a-w- e:\Programme\Alwil Software\Avast5\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="C:\Programme\Free Download Manager\fdm.exe" [2009-05-23 20:43:48 3444783]
"BitTorrent DNA"="C:\Programme\DNA\btdna.exe" [2009-11-13 09:50:18 323392]
"Steam"="C:\Programme\Steam\Steam.exe" [2010-11-18 17:34:59 1242448]
"AutoStartNPSAgent"="C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-09-17 21:19:56 102400]
"SUPERAntiSpyware"="C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 22:24:21 2423752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-06-10 06:29:34 1657376]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-06-10 06:28:50 13758464]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2009-10-02 15:08:19 198160]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-06-19 08:53:28 570664]
"NBKeyScan"="C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-06-08 08:31:04 2221352]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 03:47:04 35760]
"Adobe ARM"="C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 22:07:44 932288]
"SweetIM"="C:\Programme\SweetIM\Messenger\SweetIM.exe" [2010-12-20 16:15:28 111928]
"SunJavaUpdateSched"="C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-10-29 13:49:28 249064]
"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 04:03:58 221184]
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-08-09 04:03:38 81920]
"Malwarebytes' Anti-Malware"="C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 16:08:56 443728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-06-01 19:06:00 15360]

C:\Dokumente und Einstellungen\Administrator\Startmen\Programme\Autostart\
PMB Medien-Prfung.lnk - C:\Programme\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-12-11 333088]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Belkin Dienstprogramm fr kabellose Netzwerke.lnk - C:\Programme\Belkin\F5D8053\v6\BelkinWCUI.exe [2010-7-5 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21:41 548352 ----a-w- C:\Programme\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"=C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
"RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"Alcmtr"=ALCMTR.EXE
"RTHDCPL"=RTHDCPL.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Programme\\Opera\\opera.exe"=
"C:\\Programme\\DNA\\btdna.exe"=
"C:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"C:\\Programme\\devolo\\informer\\devinf.exe"=
"C:\\Programme\\Free Download Manager\\fdm.exe"=
"C:\\Programme\\Codemasters\\DiRT2\\dirt2_game.exe"=
"C:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Programme\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Programme\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Programme\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"C:\\Programme\\Landwirtschafts Simulator 2011\\FarmingSimulator2011.exe"=
"C:\\Programme\\Landwirtschafts Simulator 2011\\game.exe"=
"C:\\Programme\\ICQ7.2\\ICQ.exe"=
"C:\\Programme\\ICQ7.2\\aolload.exe"=
"E:\\Programme\\Call of Duty Black Ops\\BlackOps.exe"=
"E:\\Programme\\TmUnitedForever\\TmForever.exe"=
"C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
"E:\\Programme\\Ubisoft\\DIE SIEDLER - Aufstieg eines Königreichs\\base\\bin\\Settlers6.exe"=

R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [28.08.2009 12:29:14 691696]
R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [03.04.2011 20:01:10 371544]
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [22.07.2010 22:57:11 301528]
R1 SASDIFSV;SASDIFSV;C:\Programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 20:25:48 12872]
R1 SASKUTIL;SASKUTIL;C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 20:41:30 67656]
R2 acedrv11;acedrv11;C:\WINDOWS\system32\drivers\ACEDRV11.sys [24.02.2010 12:22:10 185472]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [22.07.2010 22:57:11 19544]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [17.09.2010 23:02:08 233472]
R2 ICQ Service;ICQ Service;C:\Programme\ICQ6Toolbar\ICQ Service.exe [12.07.2009 19:26:58 247096]
R2 MBAMService;MBAMService;C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [02.04.2011 17:12:46 363344]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);C:\WINDOWS\system32\drivers\npf_devolo.sys [13.07.2009 17:57:04 35840]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [17.09.2010 23:02:08 36608]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [02.04.2011 17:12:43 20952]
S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys --> C:\WINDOWS\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys --> C:\WINDOWS\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Programme\Google\Update\GoogleUpdate.exe [04.02.2011 23:45:08 136176]
S3 esgiguard;esgiguard;\??\C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys --> C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PLCMPR5.SYS --> C:\WINDOWS\system32\PLCMPR5.SYS [?]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8192su.sys --> C:\WINDOWS\system32\DRIVERS\RTL8192su.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [17.09.2010 23:02:29 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [17.09.2010 23:02:29 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [17.09.2010 23:02:29 121856]
S3 TfNetMon;TfNetMon;\??\C:\WINDOWS\system32\drivers\TfNetMon.sys --> C:\WINDOWS\system32\drivers\TfNetMon.sys [?]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - FSUSBEXDISK

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

Inhalt des "geplante Tasks" Ordners

2011-04-08 C:\WINDOWS\Tasks\1-Klick-Wartung.job
- C:\Programme\TuneUp Utilities 2008\OneClick.exe [2007-12-14 11:17:08 . 2007-12-14 11:17:08]

2011-04-08 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Programme\Google\Update\GoogleUpdate.exe [2011-02-04 21:45:08 . 2011-02-04 21:44:41]

2011-04-08 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Programme\Google\Update\GoogleUpdate.exe [2011-02-04 21:45:08 . 2011-02-04 21:44:41]

------- Zusätzlicher Suchlauf -------

uStart Page = hxxp://www.google.com/
mStart Page =
mWindow Title = Microsoft Internet Explorer
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://de.search.yahoo.com
IE: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm
IE: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Videos mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlfvideo.htm
DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - hxxp://www.turntool.com/ViewerInstall.exe
FF - ProfilePath - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\jsomkbr7.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.freenet.de/index.html
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\Programme\Mozilla Firefox 4.0 Beta 9\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programme\real\realplayer\browserrecord\firefox\ext
FF - Ext: Java Quick Starter: jqs@sun.com - C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF - user.js: yahoo.homepage.dontask - true

- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file)
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-08 17:49:02
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

vielleicht hilft dir das weiter.

cosinus · 08.04.2011, 17:55

Anscheinend hats die richtige user32.dll gerichtet.
Mach bitte neue Logs mit den schon eingesetzten Tools:

- Kaspersky TDSS-Killer
- GMER
- OSAM
- MBRCheck

Da sich die Situation am Rechner jetzt grundlegend geändert hat. Schließlich muss man davon ausgehen, dass ständig eine essentielle Systemdatei schädlich verändert war.

torock · 08.04.2011, 18:14

hier das von kaspersky:

2011/04/08 19:12:05.0953 0488 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/08 19:12:06.0281 0488 ================================================================================
2011/04/08 19:12:06.0281 0488 SystemInfo:
2011/04/08 19:12:06.0281 0488
2011/04/08 19:12:06.0281 0488 OS Version: 5.1.2600 ServicePack: 2.0
2011/04/08 19:12:06.0281 0488 Product type: Workstation
2011/04/08 19:12:06.0281 0488 ComputerName: RON
2011/04/08 19:12:06.0281 0488 UserName: Administrator
2011/04/08 19:12:06.0281 0488 Windows directory: C:\WINDOWS
2011/04/08 19:12:06.0281 0488 System windows directory: C:\WINDOWS
2011/04/08 19:12:06.0281 0488 Processor architecture: Intel x86
2011/04/08 19:12:06.0281 0488 Number of processors: 2
2011/04/08 19:12:06.0281 0488 Page size: 0x1000
2011/04/08 19:12:06.0281 0488 Boot type: Normal boot
2011/04/08 19:12:06.0281 0488 ================================================================================
2011/04/08 19:12:06.0453 0488 Initialize success
2011/04/08 19:12:24.0453 2424 ================================================================================
2011/04/08 19:12:24.0453 2424 Scan started
2011/04/08 19:12:24.0453 2424 Mode: Manual;
2011/04/08 19:12:24.0453 2424 ================================================================================
2011/04/08 19:12:24.0703 2424 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/04/08 19:12:24.0828 2424 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\WINDOWS\system32\drivers\acedrv11.sys
2011/04/08 19:12:24.0875 2424 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/08 19:12:24.0906 2424 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/08 19:12:24.0984 2424 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/04/08 19:12:25.0046 2424 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/04/08 19:12:25.0093 2424 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/04/08 19:12:25.0218 2424 AnyDVD (1460bd4fabe0e99f61eda67ea0d16d07) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/04/08 19:12:25.0250 2424 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/08 19:12:25.0375 2424 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/04/08 19:12:25.0390 2424 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/04/08 19:12:25.0421 2424 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/04/08 19:12:25.0453 2424 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/04/08 19:12:25.0468 2424 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/04/08 19:12:25.0500 2424 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/04/08 19:12:25.0531 2424 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/08 19:12:25.0562 2424 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/08 19:12:25.0625 2424 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/04/08 19:12:25.0640 2424 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/08 19:12:25.0671 2424 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/08 19:12:25.0687 2424 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/08 19:12:25.0718 2424 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/04/08 19:12:25.0734 2424 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/04/08 19:12:25.0781 2424 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/08 19:12:25.0828 2424 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/08 19:12:25.0875 2424 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/08 19:12:25.0921 2424 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/08 19:12:26.0062 2424 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/08 19:12:26.0125 2424 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/08 19:12:26.0140 2424 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/08 19:12:26.0156 2424 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/08 19:12:26.0203 2424 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/08 19:12:26.0234 2424 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/08 19:12:26.0281 2424 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/04/08 19:12:26.0359 2424 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/08 19:12:26.0375 2424 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/08 19:12:26.0390 2424 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/08 19:12:26.0406 2424 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/08 19:12:26.0453 2424 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/08 19:12:26.0500 2424 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/04/08 19:12:26.0515 2424 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/08 19:12:26.0531 2424 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/08 19:12:26.0578 2424 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/08 19:12:26.0625 2424 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/08 19:12:26.0656 2424 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/08 19:12:26.0703 2424 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/08 19:12:26.0781 2424 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/08 19:12:26.0812 2424 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/08 19:12:26.0953 2424 IntcAzAudAddService (1824c4894aa438cd06c976e44b9e7353) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/04/08 19:12:27.0031 2424 intelppm (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/08 19:12:27.0062 2424 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/08 19:12:27.0109 2424 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/08 19:12:27.0109 2424 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/08 19:12:27.0140 2424 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/08 19:12:27.0187 2424 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/08 19:12:27.0234 2424 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/08 19:12:27.0265 2424 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/08 19:12:27.0312 2424 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/08 19:12:27.0359 2424 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/08 19:12:27.0406 2424 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/08 19:12:27.0437 2424 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/08 19:12:27.0500 2424 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/04/08 19:12:27.0531 2424 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys
2011/04/08 19:12:27.0562 2424 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/08 19:12:27.0609 2424 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/08 19:12:27.0640 2424 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/08 19:12:27.0656 2424 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/08 19:12:27.0687 2424 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/08 19:12:27.0703 2424 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/08 19:12:27.0750 2424 MRxSmb (5ddc9a1b2eb5a4bf010ce8c019a18c1f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/08 19:12:27.0765 2424 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/08 19:12:27.0812 2424 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/08 19:12:27.0828 2424 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/08 19:12:27.0843 2424 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/08 19:12:27.0875 2424 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/08 19:12:27.0890 2424 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/08 19:12:27.0921 2424 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/08 19:12:27.0937 2424 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/08 19:12:27.0984 2424 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/08 19:12:28.0000 2424 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/08 19:12:28.0015 2424 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/08 19:12:28.0031 2424 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/08 19:12:28.0062 2424 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/08 19:12:28.0125 2424 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/08 19:12:28.0156 2424 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/08 19:12:28.0203 2424 NPF_devolo (75ac610a7481cb1f343dc971249bcb19) C:\WINDOWS\system32\drivers\npf_devolo.sys
2011/04/08 19:12:28.0218 2424 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/08 19:12:28.0343 2424 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/08 19:12:28.0609 2424 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/08 19:12:28.0687 2424 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/08 19:12:28.0687 2424 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/08 19:12:28.0734 2424 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/08 19:12:28.0765 2424 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys
2011/04/08 19:12:28.0781 2424 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/08 19:12:28.0812 2424 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/08 19:12:28.0843 2424 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/04/08 19:12:28.0890 2424 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/08 19:12:28.0953 2424 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/08 19:12:28.0984 2424 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/08 19:12:29.0125 2424 PnkBstrK (3a6f6d4e8caae0497a511d493e3b6fa9) C:\WINDOWS\system32\drivers\PnkBstrK.sys
2011/04/08 19:12:29.0171 2424 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/08 19:12:29.0187 2424 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/08 19:12:29.0203 2424 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/08 19:12:29.0250 2424 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/08 19:12:29.0328 2424 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/08 19:12:29.0343 2424 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/08 19:12:29.0359 2424 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/08 19:12:29.0375 2424 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/08 19:12:29.0406 2424 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/08 19:12:29.0406 2424 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/08 19:12:29.0453 2424 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/08 19:12:29.0468 2424 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/08 19:12:29.0500 2424 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/08 19:12:29.0578 2424 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/04/08 19:12:29.0656 2424 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/08 19:12:29.0671 2424 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/08 19:12:29.0828 2424 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/08 19:12:29.0890 2424 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
2011/04/08 19:12:29.0937 2424 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/04/08 19:12:29.0953 2424 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/04/08 19:12:29.0968 2424 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/08 19:12:29.0984 2424 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\WINDOWS\system32\drivers\sfsync02.sys
2011/04/08 19:12:30.0015 2424 SI3132 (7d494c2000287595d87b9ff6b080d3ff) C:\WINDOWS\system32\DRIVERS\SI3132.sys
2011/04/08 19:12:30.0031 2424 SiFilter (df978385397187ba5e5e1c9c56a80a1a) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
2011/04/08 19:12:30.0078 2424 SiRemFil (aaab072321d75a366269a6d089f3d71e) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
2011/04/08 19:12:30.0109 2424 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/08 19:12:30.0156 2424 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/08 19:12:30.0156 2424 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/08 19:12:30.0156 2424 sptd - detected Locked file (1)
2011/04/08 19:12:30.0187 2424 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/08 19:12:30.0265 2424 Srv (553007ecce7f6565bbe645beb66d3b69) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/08 19:12:30.0296 2424 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2011/04/08 19:12:30.0328 2424 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2011/04/08 19:12:30.0343 2424 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2011/04/08 19:12:30.0390 2424 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
2011/04/08 19:12:30.0406 2424 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
2011/04/08 19:12:30.0437 2424 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
2011/04/08 19:12:30.0484 2424 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/04/08 19:12:30.0531 2424 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/08 19:12:30.0625 2424 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/08 19:12:30.0718 2424 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/08 19:12:30.0750 2424 Tcpip (583e063fdc888ca30d05c2724b0d7ef4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/08 19:12:30.0781 2424 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/08 19:12:30.0796 2424 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/08 19:12:30.0843 2424 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/08 19:12:30.0953 2424 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/08 19:12:31.0015 2424 Update (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/08 19:12:31.0062 2424 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/08 19:12:31.0093 2424 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/08 19:12:31.0125 2424 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/08 19:12:31.0156 2424 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/08 19:12:31.0171 2424 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/08 19:12:31.0203 2424 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/08 19:12:31.0250 2424 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/08 19:12:31.0265 2424 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/08 19:12:31.0312 2424 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/08 19:12:31.0375 2424 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/08 19:12:31.0406 2424 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/08 19:12:31.0437 2424 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/08 19:12:31.0546 2424 ================================================================================
2011/04/08 19:12:31.0546 2424 Scan finished
2011/04/08 19:12:31.0546 2424 ================================================================================
2011/04/08 19:12:31.0546 1120 Detected object count: 1
2011/04/08 19:12:34.0375 1120 Locked file(sptd) - User select action: Skip
2011/04/08 19:12:59.0000 1812 ================================================================================
2011/04/08 19:12:59.0000 1812 Scan started
2011/04/08 19:12:59.0000 1812 Mode: Manual;
2011/04/08 19:12:59.0000 1812 ================================================================================
2011/04/08 19:12:59.0140 1812 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/04/08 19:12:59.0234 1812 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\WINDOWS\system32\drivers\acedrv11.sys
2011/04/08 19:12:59.0265 1812 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/08 19:12:59.0296 1812 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/08 19:12:59.0375 1812 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/04/08 19:12:59.0421 1812 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/04/08 19:12:59.0468 1812 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/04/08 19:12:59.0609 1812 AnyDVD (1460bd4fabe0e99f61eda67ea0d16d07) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/04/08 19:12:59.0640 1812 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/08 19:12:59.0750 1812 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/04/08 19:12:59.0796 1812 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/04/08 19:12:59.0812 1812 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/04/08 19:12:59.0843 1812 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/04/08 19:12:59.0875 1812 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/04/08 19:12:59.0906 1812 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/04/08 19:12:59.0921 1812 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/08 19:12:59.0968 1812 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/08 19:13:00.0031 1812 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/04/08 19:13:00.0062 1812 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/08 19:13:00.0093 1812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/08 19:13:00.0125 1812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/08 19:13:00.0171 1812 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/04/08 19:13:00.0171 1812 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/04/08 19:13:00.0281 1812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/08 19:13:00.0328 1812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/08 19:13:00.0375 1812 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/08 19:13:00.0421 1812 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/08 19:13:00.0562 1812 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/08 19:13:00.0625 1812 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/08 19:13:00.0656 1812 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/08 19:13:00.0703 1812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/08 19:13:00.0765 1812 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/08 19:13:00.0812 1812 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/08 19:13:00.0843 1812 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/04/08 19:13:00.0953 1812 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/08 19:13:00.0968 1812 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/08 19:13:00.0984 1812 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/08 19:13:01.0015 1812 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/08 19:13:01.0062 1812 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/08 19:13:01.0093 1812 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/04/08 19:13:01.0125 1812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/08 19:13:01.0125 1812 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/08 19:13:01.0156 1812 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/08 19:13:01.0187 1812 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/08 19:13:01.0218 1812 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/08 19:13:01.0281 1812 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/08 19:13:01.0359 1812 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/08 19:13:01.0390 1812 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/08 19:13:01.0531 1812 IntcAzAudAddService (1824c4894aa438cd06c976e44b9e7353) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/04/08 19:13:01.0578 1812 intelppm (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/08 19:13:01.0625 1812 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/08 19:13:01.0671 1812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/08 19:13:01.0687 1812 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/08 19:13:01.0718 1812 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/08 19:13:01.0750 1812 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/08 19:13:01.0796 1812 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/08 19:13:01.0828 1812 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/08 19:13:01.0875 1812 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/08 19:13:01.0921 1812 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/08 19:13:01.0953 1812 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/08 19:13:02.0000 1812 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/08 19:13:02.0078 1812 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/04/08 19:13:02.0140 1812 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys
2011/04/08 19:13:02.0156 1812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/08 19:13:02.0187 1812 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/08 19:13:02.0234 1812 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/08 19:13:02.0250 1812 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/08 19:13:02.0265 1812 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/08 19:13:02.0296 1812 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/08 19:13:02.0343 1812 MRxSmb (5ddc9a1b2eb5a4bf010ce8c019a18c1f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/08 19:13:02.0359 1812 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/08 19:13:02.0406 1812 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/08 19:13:02.0421 1812 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/08 19:13:02.0437 1812 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/08 19:13:02.0468 1812 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/08 19:13:02.0484 1812 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/08 19:13:02.0515 1812 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/08 19:13:02.0531 1812 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/08 19:13:02.0578 1812 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/08 19:13:02.0593 1812 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/08 19:13:02.0609 1812 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/08 19:13:02.0625 1812 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/08 19:13:02.0640 1812 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/08 19:13:02.0703 1812 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/08 19:13:02.0718 1812 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/08 19:13:02.0765 1812 NPF_devolo (75ac610a7481cb1f343dc971249bcb19) C:\WINDOWS\system32\drivers\npf_devolo.sys
2011/04/08 19:13:02.0796 1812 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/08 19:13:02.0828 1812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/08 19:13:03.0000 1812 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/08 19:13:03.0078 1812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/08 19:13:03.0078 1812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/08 19:13:03.0125 1812 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/08 19:13:03.0187 1812 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys
2011/04/08 19:13:03.0203 1812 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/08 19:13:03.0234 1812 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/08 19:13:03.0281 1812 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/04/08 19:13:03.0296 1812 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/08 19:13:03.0328 1812 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/08 19:13:03.0375 1812 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/08 19:13:03.0531 1812 PnkBstrK (3a6f6d4e8caae0497a511d493e3b6fa9) C:\WINDOWS\system32\drivers\PnkBstrK.sys
2011/04/08 19:13:03.0562 1812 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/08 19:13:03.0578 1812 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/08 19:13:03.0609 1812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/08 19:13:03.0656 1812 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/08 19:13:03.0750 1812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/08 19:13:03.0765 1812 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/08 19:13:03.0781 1812 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/08 19:13:03.0796 1812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/08 19:13:03.0828 1812 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/08 19:13:03.0843 1812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/08 19:13:03.0875 1812 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/08 19:13:03.0906 1812 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/08 19:13:03.0953 1812 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/08 19:13:04.0015 1812 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/04/08 19:13:04.0078 1812 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/08 19:13:04.0093 1812 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/08 19:13:04.0156 1812 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/08 19:13:04.0203 1812 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
2011/04/08 19:13:04.0250 1812 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/04/08 19:13:04.0265 1812 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/04/08 19:13:04.0281 1812 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/08 19:13:04.0296 1812 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\WINDOWS\system32\drivers\sfsync02.sys
2011/04/08 19:13:04.0343 1812 SI3132 (7d494c2000287595d87b9ff6b080d3ff) C:\WINDOWS\system32\DRIVERS\SI3132.sys
2011/04/08 19:13:04.0359 1812 SiFilter (df978385397187ba5e5e1c9c56a80a1a) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
2011/04/08 19:13:04.0390 1812 SiRemFil (aaab072321d75a366269a6d089f3d71e) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
2011/04/08 19:13:04.0468 1812 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/08 19:13:04.0500 1812 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/08 19:13:04.0500 1812 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/08 19:13:04.0515 1812 sptd - detected Locked file (1)
2011/04/08 19:13:04.0578 1812 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/08 19:13:04.0625 1812 Srv (553007ecce7f6565bbe645beb66d3b69) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/08 19:13:04.0656 1812 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2011/04/08 19:13:04.0687 1812 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2011/04/08 19:13:04.0718 1812 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2011/04/08 19:13:04.0750 1812 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
2011/04/08 19:13:04.0781 1812 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
2011/04/08 19:13:04.0796 1812 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
2011/04/08 19:13:04.0859 1812 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/04/08 19:13:04.0906 1812 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/08 19:13:04.0953 1812 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/08 19:13:05.0031 1812 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/08 19:13:05.0062 1812 Tcpip (583e063fdc888ca30d05c2724b0d7ef4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/08 19:13:05.0109 1812 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/08 19:13:05.0125 1812 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/08 19:13:05.0156 1812 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/08 19:13:05.0296 1812 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/08 19:13:05.0343 1812 Update (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/08 19:13:05.0390 1812 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/08 19:13:05.0421 1812 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/08 19:13:05.0453 1812 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/08 19:13:05.0468 1812 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/08 19:13:05.0484 1812 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/08 19:13:05.0531 1812 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/08 19:13:05.0625 1812 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/08 19:13:05.0656 1812 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/08 19:13:05.0718 1812 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/08 19:13:05.0781 1812 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/08 19:13:05.0843 1812 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/08 19:13:05.0875 1812 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/08 19:13:06.0000 1812 ================================================================================
2011/04/08 19:13:06.0000 1812 Scan finished
2011/04/08 19:13:06.0000 1812 ================================================================================
2011/04/08 19:13:06.0015 1952 Detected object count: 1
2011/04/08 19:13:11.0031 1952 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/08 19:13:11.0031 1952 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/08 19:13:11.0062 1952 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
2011/04/08 19:13:11.0062 1952 Locked file(sptd) - User select action: Quarantine

cosinus · 08.04.2011, 18:29

SPTD ist ok, die kannste drauf lassen!

torock · 09.04.2011, 19:26

hallo arne,
mach grad GMER check, der geht aber immernoch nur im abgesicherten modus.
hat das schon was zubedeuten?

cosinus · 09.04.2011, 20:46

Nein GMER bringt das System öfter zum Absturz. GMER untersucht auf einer sehr niedrigen Ebene, da ist das durchaus normal.

torock · 09.04.2011, 20:51

hi arne,

hier die logs von GMER im abgesicherten modus:

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-09 21:44:15
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3250410AS rev.3.AAC
Running: 2vz9c3k8.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxtdrpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                   0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                0xD7 0x9F 0x9C 0x88 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                       0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                    0xD7 0x9F 0x9C 0x88 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore@DisableSR   \t                        1
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout                    15
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota                       10000
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler                                     yes
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk                                    
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout                    90
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota                      10000
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs                   1

---- EOF - GMER 1.0.15 ----

--- --- ---

mache jetzt noch osam und mbrcheck

torock · 09.04.2011, 21:22

und hier von mbrcheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\TUKERNEL.EXE
0x80720000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF74E3000 spvy.sys
0xF7989000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF74CB000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF749C000 ACPI.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7876000 pci.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7627000 MountMgr.sys
0xF7857000 ftdisk.sys
0xF798B000 dmload.sys
0xF7831000 dmio.sys
0xF770F000 PartMgr.sys
0xF7637000 sfsync02.sys
0xF7647000 VolSnap.sys
0xF796F000 atapi.sys
0xF795E000 SI3132.sys
0xF7657000 disk.sys
0xF7667000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB87E1000 fltMgr.sys
0xB87CF000 sr.sys
0xF789B000 SiWinAcc.sys
0xF7677000 PxHelp20.sys
0xB8718000 KSecDD.sys
0xB868B000 Ntfs.sys
0xB865E000 NDIS.sys
0xF798D000 SiRemFil.sys
0xF7717000 sfhlp02.sys
0xB864C000 sfdrv01.sys
0xB8631000 Mup.sys
0xF745C000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF743C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB79D0000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB79BC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB7997000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB797D000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF7787000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB795A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF778F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7797000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF742C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF779F000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xF741C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF740C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7937000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A84000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB7925000 \SystemRoot\system32\DRIVERS\bridge.sys
0xF77A7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7887000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB85FD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB78E6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB87BF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB87AF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB7835000 \SystemRoot\system32\DRIVERS\psched.sys
0xB879F000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77AF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB7804000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB878F000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7995000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7780000 \SystemRoot\system32\DRIVERS\update.sys
0xB85F1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB876F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB51B0000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB518E000 \SystemRoot\system32\drivers\portcls.sys
0xF76C7000 \SystemRoot\system32\drivers\drmk.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79A1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF79A7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB85B5000 \SystemRoot\System32\Drivers\Null.SYS
0xF79A9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77F7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF77FF000 \SystemRoot\System32\drivers\vga.sys
0xF79AD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79AF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7807000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF780F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF793B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB5133000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB50DB000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF76F7000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB5092000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF748C000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF747C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB4FCA000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7727000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB4FA8000 \SystemRoot\System32\drivers\afd.sys
0xF746C000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB4F86000 \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
0xF7757000 \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
0xB4F5B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB4EEC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF744C000 \SystemRoot\System32\Drivers\Fips.SYS
0xB4EA4000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB777C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB78D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB7778000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB4E46000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF777F000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xB77DC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB50C3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB78A6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB4DB6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79D9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB7919000 \SystemRoot\System32\drivers\Dxapi.sys
0xB77CC000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB818D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB4E26000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xB4E22000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB77E4000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB4A60000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB4839000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB4640000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB45EC000 \??\C:\WINDOWS\system32\drivers\acedrv11.sys
0xB45A9000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xB4797000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xB4467000 \SystemRoot\system32\DRIVERS\srv.sys
0xB4561000 \SystemRoot\system32\drivers\npf_devolo.sys
0xB4327000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xB439F000 \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
0xB3F7A000 \SystemRoot\system32\drivers\wdmaud.sys
0xB40FF000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3DFC000 \SystemRoot\System32\Drivers\HTTP.sys
0xB3C6C000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 SYSTEM
1000 C:\WINDOWS\system32\smss.exe
1080 csrss.exe
1108 C:\WINDOWS\system32\winlogon.exe
1164 C:\WINDOWS\system32\services.exe
1176 C:\WINDOWS\system32\lsass.exe
1340 C:\WINDOWS\system32\nvsvc32.exe
1368 C:\WINDOWS\system32\svchost.exe
1456 svchost.exe
1620 C:\WINDOWS\system32\svchost.exe
1784 svchost.exe
1860 svchost.exe
172 E:\Programme\Alwil Software\Avast5\AvastSvc.exe
988 C:\WINDOWS\system32\spoolsv.exe
1508 C:\WINDOWS\system32\FsUsbExService.Exe
1568 C:\Programme\ICQ6Toolbar\ICQ Service.exe
2004 C:\Programme\Java\jre6\bin\jqs.exe
196 C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
440 C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
564 C:\WINDOWS\system32\oodag.exe
604 C:\WINDOWS\system32\IoctlSvc.exe
620 C:\WINDOWS\system32\PnkBstrA.exe
632 C:\WINDOWS\system32\PnkBstrB.exe
1836 C:\WINDOWS\system32\wuauclt.exe
2260 alg.exe
3256 C:\WINDOWS\system32\wbem\wmiapsrv.exe
3480 wmiprvse.exe
736 C:\WINDOWS\explorer.exe
748 C:\WINDOWS\system32\wscntfy.exe
3108 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
2448 C:\Programme\SweetIM\Messenger\SweetIM.exe
2464 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
2736 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
2744 C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
2808 C:\Programme\Free Download Manager\fdm.exe
2840 C:\Programme\DNA\btdna.exe
2848 C:\Programme\Steam\Steam.exe
2884 C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe
2924 C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
2172 C:\Programme\Belkin\F5D8053\v6\Belkinwcui.exe
3648 C:\Programme\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
252 C:\WINDOWS\system32\wuauclt.exe
1440 C:\Programme\Mozilla Firefox\firefox.exe
2868 C:\WINDOWS\system32\msiexec.exe
1780 C:\Programme\Mozilla Firefox\plugin-container.exe
1604 C:\WINDOWS\system32\wbem\wmiadap.exe
2128 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3652 C:\WINDOWS\system32\dllhost.exe
3728 msdtc.exe
1748 C:\Dokumente und Einstellungen\Administrator\Desktop\MBRCheck.exe
2140 C:\WINDOWS\SoftwareDistribution\Download\3e594b60493d692efce2887e5c682ac1\update\update.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000018`69e61600 (NTFS)

PhysicalDrive0 Model Number: ST3250410AS, Rev: 3.AAC

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

Done!

torock · 09.04.2011, 21:38

und hier noch das log von osam:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:37:10 on 09.04.2011

OS: Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 6.00.2900.2180

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2008\OneClick.exe
"WGASetup.job" - "Microsoft Corporation" - C:\WINDOWS\system32\KB905474\wgasetup.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ac3filter.cpl" - ? - C:\WINDOWS\system32\ac3filter.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv11.sys
"AEGIS Protocol (IEEE 802.1x) v3.4.5.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"catchme" (catchme) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
"esgiguard" (esgiguard) - ? - C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"NetGroup Packet Filter Driver (devolo)" (NPF_devolo) - "CACE Technologies" - C:\WINDOWS\system32\drivers\npf_devolo.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PLCMPR5 NDIS Protocol Driver" (PLCMPR5) - ? - C:\WINDOWS\system32\PLCMPR5.SYS  (File not found)
"PnkBstrK" (PnkBstrK) - ? - C:\WINDOWS\system32\drivers\PnkBstrK.sys  (File found, but it contains no detailed information)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter" (RTL8192su) - ? - C:\WINDOWS\System32\DRIVERS\RTL8192su.sys  (File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"Secdrv" (Secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - C:\WINDOWS\System32\DRIVERS\secdrv.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"TfFsMon" (TfFsMon) - ? - C:\WINDOWS\System32\drivers\TfFsMon.sys  (File not found)
"TfNetMon" (TfNetMon) - ? - C:\WINDOWS\system32\drivers\TfNetMon.sys  (File not found)
"TfSysMon" (TfSysMon) - ? - C:\WINDOWS\System32\drivers\TfSysMon.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - ? -   (File not found | COM-object registry key not found)
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - e:\Programme\Alwil Software\Avast5\ashShell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{36D94110-787C-4828-9C1B-0DAFEBC36069} "EditPlus 3" - ? - C:\Programme\EditPlus 3\eppshell.dll  (File found, but it contains no detailed information)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\programme\real\realplayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2008\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{472734EA-242A-422B-ADF8-83D1E48CC825}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} "{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}" - ? -   (File not found | COM-object registry key not found)
{EEE6C35D-6118-11DC-9C72-001320C79847} "{EEE6C35D-6118-11DC-9C72-001320C79847}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{402EE96E-2CE8-482D-ADA5-CECEEA07E16D} "{402EE96E-2CE8-482D-ADA5-CECEEA07E16D}" - ? -   (File not found | COM-object registry key not found) / hxxp://www.turntool.com/ViewerInstall.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe
"PartyPoker.com" - ? - e:\Programme\PartyGaming\PartyPoker\RunApp.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - ? -   (File not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Belkin Dienstprogramm für kabellose Netzwerke.lnk" - "Belkin International, Inc." - C:\Programme\Belkin\F5D8053\v6\Belkinwcui.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini
"PMB Medien-Prüfung.lnk" - "Sony Corporation" - C:\Programme\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe
"BitTorrent DNA" - "BitTorrent, Inc." - "C:\Programme\DNA\btdna.exe"
"Free Download Manager" - "FreeDownloadManager.ORG" - C:\Programme\Free Download Manager\fdm.exe -autorun
"Steam" - "Valve Corporation" - "C:\Programme\Steam\Steam.exe" -silent
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NBKeyScan" - "Nero AG" - "C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"SweetIM" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Messenger\SweetIM.exe
"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - e:\Programme\Alwil Software\Avast5\AvastSvc.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\WINDOWS\system32\FsUsbExService.Exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\WINDOWS\system32\IoctlSvc.exe
"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"PnkBstrB" (PnkBstrB) - ? - C:\WINDOWS\system32\PnkBstrB.exe  (File found, but it contains no detailed information)
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\WINDOWS\System32\TuneUpDefragService.exe
"TuneUp WinStyler Theme Service" (TUWinStylerThemeSvc) - ? - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe  (File not found)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 09.04.2011, 21:39

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

torock · 09.04.2011, 22:54

hier die logs von superantispyware:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/09/2011 at 11:52 PM

Application Version : 4.50.1002

Core Rules Database Version : 6797
Trace Rules Database Version: 4609

Scan type : Complete Scan
Total Scan Time : 01:03:02

Memory items scanned : 529
Memory threats detected : 0
Registry items scanned : 8535
Registry threats detected : 0
File items scanned : 113517
File threats detected : 0

08.04.2011, 14:57	#61
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen Ja bitte wvcheck machen. __________________ Logfiles bitte immer in CODE-Tags posten

08.04.2011, 15:12	#63
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen Das sieht freundlicher aus. Probier bitte jetzt CF nochmal aus - cofi.exe neu runterladen!! __________________ __________________

08.04.2011, 18:29	#68
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen SPTD ist ok, die kannste drauf lassen! __________________ Logfiles bitte immer in CODE-Tags posten

09.04.2011, 20:46	#70
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen Nein GMER bringt das System öfter zum Absturz. GMER untersucht auf einer sehr niedrigen Ebene, da ist das durchaus normal. __________________ Logfiles bitte immer in CODE-Tags posten

09.04.2011, 21:39	#74
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen

Plagegeister aller Art und deren Bekämpfung: Malewarebytes löscht dateien nicht und andere webseite versucht zuzugreifen