Trojaner-Board - Virus, der alle Virenscans killt

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Virus, der alle Virenscans killt (https://www.trojaner-board.de/101219-virus-alle-virenscans-killt.html)

Ich hoffe, es war deine Absicht, den Kerio-Ordner komplett zu löschen?

Combofix Logfile:

Code:

ComboFix 11-07-12.09 - User 12.07.2011  23:04:59.2.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2046.1478 [GMT 2:00]

ausgeführt von:: h:\dokumente und einstellungen\User\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: h:\dokumente und einstellungen\User\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

FILE ::

"H:\avenger.exe"

"h:\windows\system32\drivers\fwdrv.sys"

"h:\windows\system32\drivers\SSHDRV82.sys"

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

H:\avenger.exe

h:\programme\Kerio

h:\programme\Kerio\Personal Firewall 4\assist.exe

h:\programme\Kerio\Personal Firewall 4\cfgconv.exe

h:\programme\Kerio\Personal Firewall 4\ChangeLog.rtf

h:\programme\Kerio\Personal Firewall 4\Config\charts.dat

h:\programme\Kerio\Personal Firewall 4\Config\ids.cfg

h:\programme\Kerio\Personal Firewall 4\Config\kpf.cfg

h:\programme\Kerio\Personal Firewall 4\Config\kpf.cfg.bak

h:\programme\Kerio\Personal Firewall 4\Config\update.cfg

h:\programme\Kerio\Personal Firewall 4\DbgHelp\dbghelp.dll

h:\programme\Kerio\Personal Firewall 4\gkh.dll

h:\programme\Kerio\Personal Firewall 4\kfe.dll

h:\programme\Kerio\Personal Firewall 4\kpf4-cz.chm

h:\programme\Kerio\Personal Firewall 4\kpf4-de.chm

h:\programme\Kerio\Personal Firewall 4\kpf4-en.chm

h:\programme\Kerio\Personal Firewall 4\kpf4gui.exe

h:\programme\Kerio\Personal Firewall 4\kpf4ss.exe

h:\programme\Kerio\Personal Firewall 4\logs\debug.log

h:\programme\Kerio\Personal Firewall 4\logs\debug.log.idx

h:\programme\Kerio\Personal Firewall 4\logs\error.log

h:\programme\Kerio\Personal Firewall 4\logs\error.log.idx

h:\programme\Kerio\Personal Firewall 4\logs\ids.log

h:\programme\Kerio\Personal Firewall 4\logs\ids.log.idx

h:\programme\Kerio\Personal Firewall 4\logs\network.log

h:\programme\Kerio\Personal Firewall 4\logs\network.log.idx

h:\programme\Kerio\Personal Firewall 4\logs\system.log

h:\programme\Kerio\Personal Firewall 4\logs\system.log.idx

h:\programme\Kerio\Personal Firewall 4\logs\warning.log

h:\programme\Kerio\Personal Firewall 4\logs\warning.log.idx

h:\programme\Kerio\Personal Firewall 4\logs\web.log

h:\programme\Kerio\Personal Firewall 4\logs\web.log.idx

h:\programme\Kerio\Personal Firewall 4\server.dbk

h:\programme\Kerio\Personal Firewall 4\Trans\Kpf4_cz.klf

h:\programme\Kerio\Personal Firewall 4\Trans\Kpf4_de.klf

h:\programme\Kerio\Personal Firewall 4\Trans\Kpf4_en.klf

h:\programme\Kerio\Personal Firewall 4\Trans\Kpf4_fr.klf

h:\programme\Kerio\Personal Firewall 4\Trans\Kpf4_hu.klf

h:\programme\Kerio\Personal Firewall 4\Trans\Kpf4_it.klf

h:\programme\Kerio\Personal Firewall 4\Trans\Kpf4_nl.klf

h:\programme\Kerio\Personal Firewall 4\Trans\Kpf4_pl.klf

h:\windows\assembly\GAC_MSIL\desktop.ini

h:\windows\system32\drivers\fwdrv.sys

h:\windows\system32\drivers\SSHDRV82.sys

J:\Autorun.inf

O:\Autorun.inf

P:\Autorun.inf

.

h:\windows\system32\drivers\SSHDRV82.sys . . . ist infiziert!! . . . Failed to find a valid replacement.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_FWDRV

-------\Legacy_SSHDRV82

-------\Service_fwdrv

-------\Service_SSHDRV82

-------\Legacy_KPF4

-------\Legacy_KPF4

-------\Service_KPF4

-------\Service_KPF4

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-06-12 bis 2011-07-12  ))))))))))))))))))))))))))))))

.

.

2011-07-13 06:34 . 2011-07-13 01:13        --------        d-----w-        H:\_OTL

2011-07-12 20:22 . 2008-04-13 18:40        62976        ----a-w-        h:\windows\system32\drivers\cdrom.sys

2011-07-12 15:35 . 2011-07-12 15:35        --------        d-----w-        h:\dokumente und einstellungen\User\Anwendungsdaten\Avira

2011-07-12 15:33 . 2011-06-17 10:35        61960        ----a-w-        h:\windows\system32\drivers\avgntflt.sys

2011-07-12 15:33 . 2011-06-17 10:35        137656        ----a-w-        h:\windows\system32\drivers\avipbb.sys

2011-07-12 15:33 . 2009-09-29 16:12        45416        ----a-w-        h:\windows\system32\drivers\avgntdd.sys

2011-07-12 15:33 . 2009-09-29 16:12        22360        ----a-w-        h:\windows\system32\drivers\avgntmgr.sys

2011-07-12 15:33 . 2011-07-12 15:33        --------        d-----w-        h:\programme\Avira

2011-07-12 15:33 . 2011-07-12 15:33        --------        d-----w-        h:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira

2011-07-12 06:44 . 2008-04-13 18:40        62976        -c--a-w-        h:\windows\system32\dllcache\cdrom.sys

2011-07-11 23:58 . 2011-05-29 07:11        39984        ----a-w-        h:\windows\system32\drivers\mbamswissarmy.sys

2011-07-11 23:58 . 2011-05-29 07:11        22712        ----a-w-        h:\windows\system32\drivers\mbam.sys

2011-07-08 19:54 . 2011-07-08 21:15        --------        d-----w-        h:\programme\Panda Security

2011-07-08 16:54 . 2011-07-08 16:54        --------        d--h--w-        h:\windows\PIF

2011-07-08 16:39 . 2011-07-11 23:58        --------        d-----w-        h:\programme\Malwarebytes' Anti-Malware

2011-07-08 15:18 . 2011-07-08 15:18        --------        d-----w-        h:\dokumente und einstellungen\User\Anwendungsdaten\Malwarebytes

2011-07-08 15:18 . 2011-07-08 15:18        --------        d-----w-        h:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2011-07-08 15:08 . 2011-07-08 15:11        --------        d-----w-        h:\dokumente und einstellungen\Administrator

2011-07-08 14:52 . 2011-07-08 14:52        --------        d-----w-        h:\dokumente und einstellungen\User\Anwendungsdaten\QuickScan

2011-07-08 14:10 . 2011-07-12 07:09        --------        d-----w-        h:\programme\TrojanHunter 5.3

2011-07-08 13:50 . 2011-07-08 13:50        --------        d-----w-        h:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\GreatBarcodeGenerator.com

2011-07-05 07:08 . 2011-07-05 07:08        11776        ----a-w-        h:\programme\Mozilla Firefox\plugins\nprjplug.dll

2011-07-05 07:08 . 2011-07-05 07:08        --------        d-----w-        h:\programme\Gemeinsame Dateien\xing shared

2011-07-05 07:07 . 2011-07-05 07:07        105472        ----a-w-        h:\programme\Mozilla Firefox\plugins\nprpjplug.dll

2011-06-23 22:10 . 2011-04-21 13:37        105472        -c----w-        h:\windows\system32\dllcache\mup.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-05 07:07 . 2008-04-01 19:35        348160        ----a-w-        h:\windows\system32\msvcr71.dll

2011-05-04 02:52 . 2010-04-28 06:10        472808        ----a-w-        h:\windows\system32\deployJava1.dll

2011-05-04 00:25 . 2008-01-26 10:31        73728        ----a-w-        h:\windows\system32\javacpl.cpl

2011-05-02 15:31 . 2008-01-05 12:02        692736        ----a-w-        h:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-08-04 12:00        151552        ----a-w-        h:\windows\system32\schannel.dll

2011-04-29 16:19 . 2004-10-28 01:14        456320        ----a-w-        h:\windows\system32\drivers\mrxsmb.sys

2011-04-28 08:42 . 2008-01-19 15:17        3835624        ----a-w-        h:\windows\system32\SpoonUninstall.exe

2011-04-21 13:37 . 2004-08-04 12:00        105472        ----a-w-        h:\windows\system32\drivers\mup.sys

2003-11-25 14:41 . 2003-11-25 14:41        1681920        -c--a-w-        h:\programme\InstantCopy.msi

2003-10-16 08:48 . 2003-10-16 08:48        1822520        ------w-        h:\programme\instmsiw.exe

2003-10-16 08:48 . 2003-10-16 08:48        1708856        ------w-        h:\programme\instmsi.exe

2003-10-16 08:48 . 2003-10-16 08:48        50176        ------w-        h:\programme\InstantCopy.exe

2011-06-16 04:32 . 2011-07-09 09:06        142296        ----a-w-        h:\programme\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2007-09-16 8491008]

"HP Software Update"="h:\programme\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"QuickTime Task"="h:\programme\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="h:\programme\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"Adobe Reader Speed Launcher"="h:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="h:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="h:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-04-08 254696]

"TkBellExe"="h:\programme\real\realplayer\update\realsched.exe" [2011-07-05 273544]

"avgnt"="h:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"z:\\Dragon Age\\bin_ship\\daorigins.exe"=

"z:\\Dragon Age\\DAOriginsLauncher.exe"=

"h:\dokumente und einstellungen\User\Anwendungsdaten\Facebook\facebook.exe"= h:\dokumente und einstellungen\User\Anwendungsdaten\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook

"z:\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

"h:\\Programme\\Steam\\Steam.exe"=

"h:\\Programme\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=

"h:\\Programme\\Bonjour\\mDNSResponder.exe"=

"h:\\Programme\\iTunes\\iTunes.exe"=

.

R0 DiskSec;Magix Volume Filter Driver;h:\windows\system32\drivers\disksec.sys [22.12.2010 12:28 14208]

R2 AntiVirSchedulerService;Avira AntiVir Planer;h:\programme\Avira\AntiVir Desktop\sched.exe [12.07.2011 17:33 136360]

R2 FreeAgentGoNext Service;Seagate Service;z:\sync\FreeAgentService.exe [25.09.2009 23:32 189736]

R3 RRNetCapMP;RRNetCapMP;h:\windows\system32\drivers\rrnetcap.sys [01.04.2011 10:22 31848]

R3 SndTAudio;SndTAudio;h:\windows\system32\drivers\SndTAudio.sys [09.11.2009 20:15 23096]

R3 SndTVideo;SndTVideo;h:\windows\system32\drivers\SndTVideo.sys [09.11.2009 20:15 3768]

S2 gupdate1c9cdab2a076840;Google Update Service (gupdate1c9cdab2a076840);h:\programme\Google\Update\GoogleUpdate.exe [05.05.2009 19:58 133104]

S3 1199536707;Virtual Bus for Microsoft ACPI-Compliant System; [x]

S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;z:\dragon age\bin_ship\daupdatersvc.service.exe [15.12.2009 22:07 25832]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;h:\programme\MAGIX\Common\Database\bin\fbserver.exe [30.06.2008 19:27 1527900]

S3 gupdatem;Google Update-Dienst (gupdatem);h:\programme\Google\Update\GoogleUpdate.exe [05.05.2009 19:58 133104]

S3 HTCAND32;HTC Device Driver;h:\windows\system32\drivers\ANDROIDUSB.sys [12.06.2010 00:44 24576]

S3 MBAMSwissArmy;MBAMSwissArmy;h:\windows\system32\drivers\mbamswissarmy.sys [12.07.2011 01:58 39984]

S3 RRNetCap;RRNetCap Service;h:\windows\system32\drivers\rrnetcap.sys [01.04.2011 10:22 31848]

S3 SMServer;SMServer;h:\windows\system32\snmvtsvc.exe [09.11.2009 22:17 110592]

S3 UPnPService;UPnPService;h:\programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe [30.06.2008 19:28 544768]

S4 sptd;sptd;h:\windows\system32\drivers\sptd.sys [03.11.2009 13:00 691696]

.

Inhalt des "geplante Tasks" Ordners

.

2011-07-12 h:\windows\Tasks\AppleSoftwareUpdate.job

- h:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2011-07-12 h:\windows\Tasks\Google Software Updater.job

- h:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-05 17:56]

.

2011-07-12 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- h:\programme\Google\Update\GoogleUpdate.exe [2009-05-05 17:58]

.

2011-07-12 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- h:\programme\Google\Update\GoogleUpdate.exe [2009-05-05 17:58]

.

2011-07-10 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1614895754-839522115-1004Core.job

- h:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2011-07-08 09:03]

.

2011-07-12 h:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1614895754-839522115-1004UA.job

- h:\dokumente und einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2011-07-08 09:03]

.

2011-07-12 h:\windows\Tasks\PCCT - MAGIX AG.job

- h:\programme\MAGIX\PC_Check_Tuning_2010_Download-Version\MxTray.exe [2010-12-22 08:13]

.

2011-07-12 h:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-1614895754-839522115-1004.job

- h:\programme\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]

.

2011-07-12 h:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-1614895754-839522115-1004.job

- h:\programme\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.msn.com

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://www.msn.com

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube to Mp3 Converter - h:\dokumente und einstellungen\User\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Nach Microsoft &Excel exportieren - h:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Save YouTube Video - h:\programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm

IE: Save YouTube Video as MP3 - h:\programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}

LSP: mswsock.dll

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - h:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\ch6nvy61.default\

FF - prefs.js: browser.startup.homepage - www.google.de

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-07-12 23:12

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

.

h:\windows\$NtUninstallKB48765$:SummaryInformation 0 bytes hidden from API

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 1

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-05de-3f8a-4724fd62c10f}\InprocServer32*]

"Class"=hex:45,fe,6b,d8,22,e6,cc,1a,c8,eb,a0,d6,f1,de,f7,8a,0d,ea,bf,e5,ce,13,

   16,01,b4,01,cd,5d,ef,8b,f8,28,b4,01,6f,b3,64,87,9a,1b,17,c7,a2,f3,9b,ab,ef,\

"ThreadingModel"="Apartment"

@="h:\\WINDOWS\\system32\\OLE32.DLL"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-2b20-bb9c-0a68fd62c10f}\InprocServer32*]

"Class"=hex:f6,88,3f,03,a4,0b,ec,35,87,ed,d5,e5,2b,32,24,55,32,c9,1b,6e,dc,72,

   b2,8c,1c,dc,90,da,ce,1f,53,ff,35,81,28,e5,91,2b,fe,97,11,5e,dd,5f,8b,79,35,\

"ThreadingModel"="Apartment"

@="h:\\WINDOWS\\system32\\OLE32.DLL"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-996d-fcd3-f310fd62c10f}\InprocServer32*]

"Class"=hex:e4,de,d5,e6,31,14,b8,31,18,f6,7c,91,8c,6d,3d,73,1f,0a,53,26,04,96,

   d0,04,fc,5d,12,4c,23,53,cd,9f,df,96,b7,6a,8a,f6,4d,77,d3,f1,16,1d,de,39,2d,\

"ThreadingModel"="Apartment"

@="h:\\WINDOWS\\system32\\OLE32.DLL"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-9d00-9d71-cd86fd62c10f}\InprocServer32*]

"Class"=hex:e0,f3,f4,85,8b,31,3c,f9,00,d6,5b,c5,14,ce,55,89,bd,2f,26,d5,3b,80,

   90,37,03,f7,64,c6,47,cb,5e,b4,1c,85,28,bb,58,f0,16,d0,b0,5f,5c,41,6a,17,a4,\

"ThreadingModel"="Apartment"

@="h:\\WINDOWS\\system32\\OLE32.DLL"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-bfaf-8565-8f3afd62c10f}\InprocServer32*]

"Class"=hex:50,30,76,f1,17,eb,2b,80,88,08,36,3f,15,01,9e,22,21,a0,9f,45,78,f5,

   60,d6,15,65,06,e3,23,45,2c,42,b2,31,c3,f1,94,68,11,67,e1,b1,34,56,00,2d,da,\

"ThreadingModel"="Apartment"

@="h:\\WINDOWS\\system32\\OLE32.DLL"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-c9a9-15ec-be68fd62c10f}\InprocServer32*]

"Class"=hex:bf,80,f4,9f,20,45,a0,09,e7,a3,eb,fc,8d,56,d1,06,c5,1c,6f,eb,66,90,

   ae,f9,4a,7e,8a,06,f9,aa,06,1b,59,82,89,70,4f,60,9a,81,ee,86,91,81,5c,a3,3c,\

"ThreadingModel"="Apartment"

@="h:\\WINDOWS\\system32\\OLE32.DLL"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-ce53-04ae-490efd62c10f}\InprocServer32*]

"Class"=hex:a8,45,04,e0,3c,4a,b6,e2,aa,07,8e,3d,20,1f,98,e4,5b,8d,e8,27,ab,3d,

   6c,35,c0,13,d4,52,87,ff,99,02,3a,58,8a,1c,a0,ad,1c,c6,9c,e4,39,cf,fd,fe,f3,\

"ThreadingModel"="Apartment"

@="h:\\WINDOWS\\system32\\OLE32.DLL"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\*PNPc2c3\0000]

@DACL=(02 0000)

"Service"="1199536707"

"ClassGUID"="{4D36E97D-E325-11CE-BFC1-08002BE10318}"

"Class"="System"

"DeviceDesc"="PCI bus"

"Mfg"="Technologies Inc"

"LocationInformation"="on Microsoft ACPI-Compliant System"

"ConfigFlags"=dword:00000000

"Capabilities"=dword:00000000

.

------------------------ Weitere laufende Prozesse ------------------------

.

h:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

h:\programme\Bonjour\mDNSResponder.exe

h:\windows\system32\wdfmgr.exe

h:\programme\Canon\CAL\CALMAIN.exe

h:\programme\iPod\bin\iPodService.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-07-12  23:16:24 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-07-12 21:16

ComboFix2.txt  2011-07-12 20:29

.

Vor Suchlauf: 3.746.443.264 Bytes frei

Nach Suchlauf: 3.718.696.960 Bytes frei

.

- - End Of File - - DAE132390B8C7E7F9FC31744A0A477BF

--- --- ---

Und plötzlich meldet sich die Windows Firewall.. hatte ich doch immer deaktiviert seit Jahr und Tag :wtf:

Wieso war Kerio denn noch installiert? :confused:
Es wurde nicht als PFW aufgeführt und demnach ging ich von einen Rest bzw. einer fehlgeschlagenen Deinstallation aus. Wie auch immer, ohne Kerio ist dein Rechner besser dran. Verwende die Windows-Firewall.

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Sooo... hier das GMER-Log. Ich habe den Scanvorgang abgebrochen. Das Programm untersucht ja JEDE einzelne Datei! Falls das bis hier nicht ausreicht, lasse ich den Scan heute Nacht komplett laufen.
GMER Logfile:

Code:

GMER 1.0.15.15640 - GMER - Rootkit Detector and Remover

Rootkit scan 2011-07-13 00:11:33

Windows 5.1.2600 Service Pack 3 

Running: u63sdlfo.exe; Driver: H:\DOKUME~1\User\LOKALE~1\Temp\pwacqaoc.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT    BA686BDE                                                                                                            ZwCreateKey

SSDT    BA686BD4                                                                                                            ZwCreateThread

SSDT    BA686BE3                                                                                                            ZwDeleteKey

SSDT    BA686BED                                                                                                            ZwDeleteValueKey

SSDT    BA686BF2                                                                                                            ZwLoadKey

SSDT    BA686BC0                                                                                                            ZwOpenProcess

SSDT    BA686BC5                                                                                                            ZwOpenThread

SSDT    BA686BFC                                                                                                            ZwReplaceKey

SSDT    BA686BF7                                                                                                            ZwRestoreKey

SSDT    BA686BE8                                                                                                            ZwSetValueKey
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text   ntkrnlpa.exe!ZwCallbackReturn + 2FC0                                                                                8050485C 4 Bytes  CALL 990AB0CC 

?       Combo-Fix.sys                                                                                                       Das System kann die angegebene Datei nicht finden. !

.text   H:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xB80C8360, 0x307AC7, 0xE8000020]

.text   cdrom.sys                                                                                                           BA219000 5 Bytes  [43, 02, C7, 43, 0C]

.text   cdrom.sys                                                                                                           BA219006 43 Bytes  [00, 80, 00, 75, 19, 8B, 45, ...]

.text   cdrom.sys                                                                                                           BA219033 89 Bytes  [89, 43, 14, C6, 43, 0A, 06, ...]

.text   cdrom.sys                                                                                                           BA21908D 59 Bytes  JMP BA218FAC \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)

.text   cdrom.sys                                                                                                           BA2190C9 42 Bytes  [74, 41, 81, FF, 48, 00, 07, ...]

.text   ...                                                                                                                 

?       H:\WINDOWS\system32\DRIVERS\cdrom.sys                                                                               suspicious PE modification

?       H:\ComboFix\catchme.sys                                                                                             Das System kann den angegebenen Pfad nicht finden. !

?       H:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                          Das System kann die angegebene Datei nicht finden. !
 

---- User code sections - GMER 1.0.15 ----
 

.text   H:\programme\real\realplayer\update\realsched.exe[2808] kernel32.dll!SetUnhandledExceptionFilter                    7C84495D 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

.text   H:\Programme\Mozilla Firefox\firefox.exe[3844] ntdll.dll!LdrLoadDll                                                 7C92632D 5 Bytes  JMP 00401410 H:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT     \SystemRoot\system32\DRIVERS\cdrom.sys[HAL.dll!KfLowerIrql]                                                         185D8BE6

IAT     \SystemRoot\system32\DRIVERS\cdrom.sys[HAL.dll!KeGetCurrentIrql]                                                    AC0FCE8B

IAT     \SystemRoot\system32\DRIVERS\cdrom.sys[HAL.dll!KfRaiseIrql]                                                         5D3218CB
 

---- Devices - GMER 1.0.15 ----
 

Device                                                                                                                      pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)

Device  \Driver\Disk \GLOBAL??\ACPI#PNP0303#2&da1a3ff&0                                                                     B921C890
 

---- Modules - GMER 1.0.15 ----
 

Module  (noname) (*** hidden *** )                                                                                          B2B6F000-B2B78000 (36864 bytes)                                                                                    
 

---- Threads - GMER 1.0.15 ----
 

Thread  System [4:2000]                                                                                                     B921D6F0

Thread  System [4:2004]                                                                                                     B921D6F0

Thread  System [4:3168]                                                                                                     B2B73D20

Thread  System [4:3264]                                                                                                     B2B73D20
 

---- Registry - GMER 1.0.15 ----
 

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x21 0x0F 0xF1 0xA4 ...

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 H:\Programme\DAEMON Tools Lite\

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x36 0x01 0xFD 0xEA ...

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xCD 0xE2 0x73 0x04 ...

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0xA8 0x64 0xDA 0x0C ...

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x21 0x0F 0xF1 0xA4 ...

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     H:\Programme\DAEMON Tools Lite\

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x36 0x01 0xFD 0xEA ...

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xCD 0xE2 0x73 0x04 ...

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0xA8 0x64 0xDA 0x0C ...

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-05de-3f8a-4724fd62c10f}\InprocServer32                                   

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-05de-3f8a-4724fd62c10f}\InprocServer32@Class                             0x45 0xFE 0x6B 0xD8 ...

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-05de-3f8a-4724fd62c10f}\InprocServer32@ThreadingModel                    Apartment

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-05de-3f8a-4724fd62c10f}\InprocServer32@                                  H:\WINDOWS\system32\OLE32.DLL

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2b20-bb9c-0a68fd62c10f}\InprocServer32                                   

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2b20-bb9c-0a68fd62c10f}\InprocServer32@Class                             0xF6 0x88 0x3F 0x03 ...

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2b20-bb9c-0a68fd62c10f}\InprocServer32@ThreadingModel                    Apartment

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2b20-bb9c-0a68fd62c10f}\InprocServer32@                                  H:\WINDOWS\system32\OLE32.DLL

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-996d-fcd3-f310fd62c10f}\InprocServer32                                   

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-996d-fcd3-f310fd62c10f}\InprocServer32@Class                             0xE4 0xDE 0xD5 0xE6 ...

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-996d-fcd3-f310fd62c10f}\InprocServer32@ThreadingModel                    Apartment

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-996d-fcd3-f310fd62c10f}\InprocServer32@                                  H:\WINDOWS\system32\OLE32.DLL

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9d00-9d71-cd86fd62c10f}\InprocServer32                                   

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9d00-9d71-cd86fd62c10f}\InprocServer32@Class                             0xE0 0xF3 0xF4 0x85 ...

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9d00-9d71-cd86fd62c10f}\InprocServer32@ThreadingModel                    Apartment

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9d00-9d71-cd86fd62c10f}\InprocServer32@                                  H:\WINDOWS\system32\OLE32.DLL

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-bfaf-8565-8f3afd62c10f}\InprocServer32                                   

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-bfaf-8565-8f3afd62c10f}\InprocServer32@Class                             0x50 0x30 0x76 0xF1 ...

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-bfaf-8565-8f3afd62c10f}\InprocServer32@ThreadingModel                    Apartment

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-bfaf-8565-8f3afd62c10f}\InprocServer32@                                  H:\WINDOWS\system32\OLE32.DLL

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c9a9-15ec-be68fd62c10f}\InprocServer32                                   

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c9a9-15ec-be68fd62c10f}\InprocServer32@Class                             0xBF 0x80 0xF4 0x9F ...

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c9a9-15ec-be68fd62c10f}\InprocServer32@ThreadingModel                    Apartment

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c9a9-15ec-be68fd62c10f}\InprocServer32@                                  H:\WINDOWS\system32\OLE32.DLL

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ce53-04ae-490efd62c10f}\InprocServer32                                   

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ce53-04ae-490efd62c10f}\InprocServer32@Class                             0xA8 0x45 0x04 0xE0 ...

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ce53-04ae-490efd62c10f}\InprocServer32@ThreadingModel                    Apartment

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ce53-04ae-490efd62c10f}\InprocServer32@                                  H:\WINDOWS\system32\OLE32.DLL
 

---- EOF - GMER 1.0.15 ----

--- --- ---
Und hier OSAM:
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 00:15:24 on 13.07.2011
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 5.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Adobe Gamma" - "Adobe Systems, Inc." - H:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl

"Avira AntiVir Personal" - "Avira GmbH" - H:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - H:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - H:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Nero BurnRights" - "Nero AG" - H:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

"QuickTime" - "Apple Inc." - H:\Programme\QuickTime\QTSystem\QuickTime.cpl

"TSSMPM" - "Teleca Sweden AB" - H:\Programme\HTC\HTC Sync\Mobile Phone Monitor\tssmpm.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"AFS2k" (AFS2K) - "Oak Technology Inc." - H:\WINDOWS\system32\drivers\AFS2K.sys

"AnyDVD" (AnyDVD) - "SlySoft, Inc." - H:\WINDOWS\System32\Drivers\AnyDVD.sys

"Aspi32" (Aspi32) - "Adaptec" - H:\WINDOWS\system32\drivers\Aspi32.sys

"avgio" (avgio) - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\avipbb.sys

"Cardex" (Cardex) - "Windows (R) 2000 DDK provider" - H:\WINDOWS\system32\drivers\TBPANEL.SYS

"catchme" (catchme) - ? - H:\ComboFix\catchme.sys  (File not found)

"Changer" (Changer) - ? - H:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"DiskSec" (DiskSec) - "MAGIX" - H:\WINDOWS\system32\drivers\DiskSec.sys

"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - H:\WINDOWS\System32\Drivers\ElbyCDFL.sys

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - H:\WINDOWS\System32\Drivers\ElbyCDIO.sys

"ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - H:\WINDOWS\System32\Drivers\ElbyDelay.sys

"gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - H:\WINDOWS\gdrv.sys

"i2omgmt" (i2omgmt) - ? - H:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - H:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - H:\WINDOWS\system32\drivers\mbamswissarmy.sys

"mbr" (mbr) - ? - H:\DOKUME~1\User\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"PCIDump" (PCIDump) - ? - H:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - H:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - H:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - H:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - H:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"pwacqaoc" (pwacqaoc) - ? - H:\DOKUME~1\User\LOKALE~1\Temp\pwacqaoc.sys  (Hidden registry entry, rootkit activity | File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - H:\WINDOWS\System32\Drivers\PxHelp20.sys

"RRNetCap Service" (RRNetCap) - "RapidSolution Software AG" - H:\WINDOWS\System32\DRIVERS\rrnetcap.sys

"RRNetCapMP" (RRNetCapMP) - "RapidSolution Software AG" - H:\WINDOWS\System32\DRIVERS\rrnetcap.sys

"SndTAudio" (SndTAudio) - "Windows (R) Codename Longhorn DDK provider" - H:\WINDOWS\System32\drivers\SndTAudio.sys

"SndTVideo" (SndTVideo) - "Windows (R) 2000 DDK provider" - H:\WINDOWS\System32\DRIVERS\SndTVideo.sys

"SSHDRV61" (SSHDRV61) - ? - H:\WINDOWS\system32\drivers\SSHDRV61.sys  (File found, but it contains no detailed information)

"ssmdrv" (ssmdrv) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"TBPanel" (TBPanel) - "Windows (R) 2000 DDK provider" - H:\WINDOWS\system32\drivers\TBPanel.sys

"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - H:\WINDOWS\System32\drivers\tbhsd.sys

"Virtual Bus for Microsoft ACPI-Compliant System" (1199536707) - ? - H:\WINDOWS\system32\drivers\1199536707.sys  (File not found)

"WDICA" (WDICA) - ? - H:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)" (ZD1211BU(ZyDAS)) - "ZyDAS Technology Corporation" - H:\WINDOWS\System32\DRIVERS\zd1211Bu.sys
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - H:\WINDOWS\system32\Rundll32.exe H:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - "Illustrate" - H:\Programme\Illustrate\dBpowerAMP\dBShell.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - H:\Programme\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll

{F5D92341-0A64-11D0-9956-0000E8096023} "CD Copy Shell Extension" - ? -   (File not found | COM-object registry key not found)

{F5D92342-0A64-11D0-9956-0000E8096023} "CD Wizard Shell Extension" - ? -   (File not found | COM-object registry key not found)

{ABC70703-32AF-11d4-90C4-D483A70F4825} "CMenuExtender" - "Revenger inc." - H:\Programme\iColorFolder\CMExt.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - "Illustrate" - H:\Programme\Illustrate\dBpowerAMP\dBShell.dll

{FCF608CF-5716-47C3-A1A8-991D873AF72B} "Delphi Context Menu Shell Extension Example" - ? -   (File not found | COM-object registry key not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - H:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - H:\WINDOWS\system32\nvshell.dll

{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" - "Illustrate" - H:\Programme\Illustrate\dBpowerAMP\dMCShell.dll

{88895560-9AA2-1069-930E-00AA0030EBC8} "Erweiterung für HyperTerminal-Icons" - ? -   (File not found | COM-object registry key not found)

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - H:\Programme\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - H:\Programme\Microsoft Office\OFFICE11\msohev.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - H:\WINDOWS\system32\nvshell.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - h:\programme\real\realplayer\rpshell.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - H:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - H:\WINDOWS\system32\dfshim.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - H:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - H:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

<binary data> "DAEMON Tools Toolbar" - ? - H:\Programme\DAEMON Tools Toolbar\DTToolbar.dll

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - H:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"PartyPoker.com" - ? - H:\Programme\PartyGaming\PartyPoker\RunApp.exe  (File not found)

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - H:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

<binary data> "DAEMON Tools Toolbar" - ? - H:\Programme\DAEMON Tools Toolbar\DTToolbar.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{AE7CD045-E861-484f-8273-0445EE161910} "AcroIEToolbarHelper Class" - "Adobe Systems Incorporated" - H:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - H:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
 

[Logon]

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "H:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "H:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"avgnt" - "Avira GmbH" - "H:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"HP Software Update" - "Hewlett-Packard" - H:\Programme\Hp\HP Software Update\HPWuSchd2.exe

"iTunesHelper" - "Apple Inc." - "H:\Programme\iTunes\iTunesHelper.exe"

"QuickTime Task" - "Apple Inc." - "H:\Programme\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

"TkBellExe" - "RealNetworks, Inc." - "H:\programme\real\realplayer\update\realsched.exe"  -osboot
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Adobe PDF Port" - "Adobe Systems Incorporated." - H:\WINDOWS\system32\AdobePDF.dll

"HP Discovery Port Monitor (HP Officejet 6500 E710a-f)" - "Hewlett-Packard Co." - H:\WINDOWS\system32\HPDiscoPM5512.dll

"hpzlnt07" - "HP" - H:\WINDOWS\system32\hpzlnt07.dll

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - H:\WINDOWS\system32\mdimon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - H:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

"Adobe Version Cue CS2" (Adobe Version Cue CS2) - ? - H:\WINDOWS\system32\drivers\Adobe Version Cue CS2.sys  (File not found)

"Anwendungsverwaltung" (AppMgmt) - ? - H:\WINDOWS\System32\appmgmts.dll  (File not found)

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Automatic Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll  (File not found)

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\sched.exe

"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - H:\Programme\Canon\CAL\CALMAIN.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - H:\Programme\Bonjour\mDNSResponder.exe

"Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - "BioWare" - Z:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - H:\Programme\MAGIX\Common\Database\bin\fbserver.exe

"getPlus(R) Helper" (getPlus(R) Helper) - "NOS Microsystems Ltd." - H:\Programme\NOS\bin\getPlus_HelperSvc.exe

"Google Software Updater" (gusvc) - "Google" - H:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate1c9cdab2a076840)" (gupdate1c9cdab2a076840) - "Google Inc." - H:\Programme\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - H:\Programme\Google\Update\GoogleUpdate.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - H:\Programme\iPod\bin\iPodService.exe

"Java Quick Starter" (JavaQuickStarterService) - ? - H:\Programme\Java\jre6\bin\jqs.exe  (File not found)

"NBService" (NBService) - "Nero AG" - H:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - ? - H:\WINDOWS\system32\drivers\rpcapd.sys  (File not found)

"Seagate Service" (FreeAgentGoNext Service) - "Seagate Technology LLC" - Z:\Sync\FreeAgentService.exe

"SMServer" (SMServer) - "SMServer" - H:\WINDOWS\system32\snmvtsvc.exe

"UPnPService" (UPnPService) - "Magix AG" - H:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - H:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

Und der MBR

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x020110f8

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F78000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F67000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F48000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA4BC000 DiskSec.sys
0xBA0C8000 VolSnap.sys
0xB9F30000 atapi.sys
0xBA0D8000 jraid.sys
0xB9F18000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xBA0E8000 disk.sys
0xBA0F8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EF8000 fltmgr.sys
0xB9EE6000 sr.sys
0xBA108000 PxHelp20.sys
0xB9ECF000 KSecDD.sys
0xB9E42000 Ntfs.sys
0xB9E15000 NDIS.sys
0xBA118000 Combo-Fix.sys
0xB9DFB000 Mup.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB80C8000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB80B4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA4B0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8090000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA340000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8068000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB804F000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA594000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB803B000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA378000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA208000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xB8024000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xBA5E0000 \SystemRoot\System32\Drivers\ElbyDelay.sys
0xBA380000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0xBA218000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA228000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8001000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA388000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA73A000 \SystemRoot\system32\DRIVERS\SndTVideo.sys
0xBA238000 \SystemRoot\system32\drivers\SndTAudio.sys
0xB7FDD000 \SystemRoot\system32\drivers\portcls.sys
0xBA248000 \SystemRoot\system32\drivers\drmk.sys
0xBA258000 \SystemRoot\system32\drivers\tbhsd.sys
0xBA73B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA268000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7FC6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA278000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA288000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA390000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB7FB5000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA298000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA398000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\rrnetcap.sys
0xBA5E2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7F57000 \SystemRoot\system32\DRIVERS\update.sys
0xB9DD7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA2C8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA2F8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5E6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB4853000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB96EE000 \??\H:\WINDOWS\system32\drivers\SSHDRV61.sys
0xBA5EC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7EC000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5EE000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3D0000 \SystemRoot\System32\drivers\vga.sys
0xBA5F0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3D8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3E0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA564000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB4626000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB45CD000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB457D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB4557000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB4535000 \SystemRoot\System32\drivers\afd.sys
0xB96DE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB96CE000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB450A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB449A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB96BE000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA3F8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA400000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA408000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xB4474000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA588000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB967E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA418000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA5F6000 \??\H:\Programme\Avira\AntiVir Desktop\avgio.sys
0xB484F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB484B000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xBA430000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB91F6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB43AA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA616000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB468C000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA470000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6FB000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF596000 \SystemRoot\System32\ATMFD.DLL
0xB411D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB4142000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3E98000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB3DBB000 \SystemRoot\system32\drivers\wdmaud.sys
0xB9276000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA5C0000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xBA5C2000 \SystemRoot\System32\Drivers\TBPanel.SYS
0xB3D9B000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xB3B24000 \SystemRoot\System32\Drivers\HTTP.sys
0xB39DC000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA460000 \??\H:\ComboFix\catchme.sys
0xBA612000 \??\H:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB293E000 \??\H:\DOKUME~1\User\LOKALE~1\Temp\pwacqaoc.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 36):
0 System Idle Process
4 System
880 H:\WINDOWS\system32\smss.exe
928 csrss.exe
952 H:\WINDOWS\system32\winlogon.exe
996 H:\WINDOWS\system32\services.exe
1008 H:\WINDOWS\system32\lsass.exe
1200 H:\WINDOWS\system32\svchost.exe
1268 svchost.exe
1392 H:\WINDOWS\system32\svchost.exe
1548 svchost.exe
1644 svchost.exe
1804 H:\WINDOWS\system32\spoolsv.exe
1872 H:\Programme\Avira\AntiVir Desktop\sched.exe
1972 svchost.exe
728 H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
780 H:\Programme\Bonjour\mDNSResponder.exe
1364 Z:\Sync\FreeAgentService.exe
1808 H:\WINDOWS\system32\svchost.exe
124 H:\WINDOWS\system32\svchost.exe
592 wdfmgr.exe
1488 H:\Programme\Canon\CAL\CALMAIN.exe
632 alg.exe
2732 H:\Programme\HP\HP Software Update\hpwuschd2.exe
2748 H:\Programme\iTunes\iTunesHelper.exe
2796 H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
2808 H:\Programme\Real\RealPlayer\Update\realsched.exe
2824 H:\Programme\Avira\AntiVir Desktop\avgnt.exe
3248 H:\Programme\iPod\bin\iPodService.exe
3792 H:\WINDOWS\explorer.exe
3844 H:\Programme\Mozilla Firefox\firefox.exe
2892 H:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
2208 H:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
552 H:\Programme\HTC\HTC Sync\Sync Manager\SyncIndicator.exe
908 H:\Programme\Mozilla Firefox\plugin-container.exe
1540 H:\Dokumente und Einstellungen\User\Desktop\MBRCheck.exe

\\.\H: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\Z: --> \\.\PhysicalDrive0 at offset 0x0000000c`34f34a00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD321KJ, Rev: CP100-12

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

Done!

Zitat:

"SSHDRV61" (SSHDRV61) - ? - H:\WINDOWS\system32\drivers\SSHDRV61.sys (File found, but it contains no detailed information)

Bitte mit OSAM deaktivieren und löschen

Scheint geklappt zu haben!

Mach bitte ein neues Log mit GMER und OSAM

Hallo Arne,
war tagsüber unterwegs, daher erst jetzt...

Frage: Benötigst du den KOMPLETTEN GMER Log? Ich habe nach 40 Minuten wieder abgebrochen. Hier ist er:

GMER Logfile:

Code:

GMER 1.0.15.15640 - hxxp://www.gmer.net

Rootkit scan 2011-07-13 20:54:18

Windows 5.1.2600 Service Pack 3 

Running: u63sdlfo.exe; Driver: H:\DOKUME~1\User\LOKALE~1\Temp\pwacqaoc.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT    BA7E12F6                                                                                                            ZwCreateKey

SSDT    BA7E12EC                                                                                                            ZwCreateThread

SSDT    BA7E12FB                                                                                                            ZwDeleteKey

SSDT    BA7E1305                                                                                                            ZwDeleteValueKey

SSDT    BA7E130A                                                                                                            ZwLoadKey

SSDT    BA7E12D8                                                                                                            ZwOpenProcess

SSDT    BA7E12DD                                                                                                            ZwOpenThread

SSDT    BA7E1314                                                                                                            ZwReplaceKey

SSDT    BA7E130F                                                                                                            ZwRestoreKey

SSDT    BA7E1300                                                                                                            ZwSetValueKey
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text   H:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xB86F4360, 0x307AC7, 0xE8000020]

.text   cdrom.sys                                                                                                           B9716000 5 Bytes  [43, 02, C7, 43, 0C]

.text   cdrom.sys                                                                                                           B9716006 43 Bytes  [00, 80, 00, 75, 19, 8B, 45, ...]

.text   cdrom.sys                                                                                                           B9716033 89 Bytes  [89, 43, 14, C6, 43, 0A, 06, ...]

.text   cdrom.sys                                                                                                           B971608D 59 Bytes  JMP B9715FAC \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)

.text   cdrom.sys                                                                                                           B97160C9 42 Bytes  [74, 41, 81, FF, 48, 00, 07, ...]

.text   ...                                                                                                                 

?       H:\WINDOWS\system32\DRIVERS\cdrom.sys                                                                               suspicious PE modification
 

---- User code sections - GMER 1.0.15 ----
 

.text   H:\programme\real\realplayer\update\realsched.exe[1372] kernel32.dll!SetUnhandledExceptionFilter                    7C84495D 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT     \SystemRoot\system32\DRIVERS\cdrom.sys[HAL.dll!KfLowerIrql]                                                         185D8BE6

IAT     \SystemRoot\system32\DRIVERS\cdrom.sys[HAL.dll!KeGetCurrentIrql]                                                    AC0FCE8B

IAT     \SystemRoot\system32\DRIVERS\cdrom.sys[HAL.dll!KfRaiseIrql]                                                         5D3218CB
 

---- Devices - GMER 1.0.15 ----
 

Device                                                                                                                      pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)

Device  \Driver\Disk \GLOBAL??\ACPI#PNP0303#2&da1a3ff&0                                                                     BA2CE890
 

---- Modules - GMER 1.0.15 ----
 

Module  (noname) (*** hidden *** )                                                                                          BA2F8000-BA301000 (36864 bytes)                                                                                    
 

---- Threads - GMER 1.0.15 ----
 

Thread  System [4:112]                                                                                                      BA2FCD20

Thread  System [4:116]                                                                                                      BA2FCD20

Thread  System [4:120]                                                                                                      BA2CF6F0

Thread  System [4:124]                                                                                                      BA2CF6F0
 

---- Registry - GMER 1.0.15 ----
 

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x21 0x0F 0xF1 0xA4 ...

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 H:\Programme\DAEMON Tools Lite\

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x36 0x01 0xFD 0xEA ...

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xCD 0xE2 0x73 0x04 ...

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0xA8 0x64 0xDA 0x0C ...

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x21 0x0F 0xF1 0xA4 ...

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     H:\Programme\DAEMON Tools Lite\

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x36 0x01 0xFD 0xEA ...

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xCD 0xE2 0x73 0x04 ...

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  

Reg     HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0xA8 0x64 0xDA 0x0C ...

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-05de-3f8a-4724fd62c10f}\InprocServer32                                   

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-05de-3f8a-4724fd62c10f}\InprocServer32@Class                             0x45 0xFE 0x6B 0xD8 ...

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-05de-3f8a-4724fd62c10f}\InprocServer32@ThreadingModel                    Apartment

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-05de-3f8a-4724fd62c10f}\InprocServer32@                                  H:\WINDOWS\system32\OLE32.DLL

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2b20-bb9c-0a68fd62c10f}\InprocServer32                                   

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2b20-bb9c-0a68fd62c10f}\InprocServer32@Class                             0xF6 0x88 0x3F 0x03 ...

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2b20-bb9c-0a68fd62c10f}\InprocServer32@ThreadingModel                    Apartment

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2b20-bb9c-0a68fd62c10f}\InprocServer32@                                  H:\WINDOWS\system32\OLE32.DLL

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-996d-fcd3-f310fd62c10f}\InprocServer32                                   

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-996d-fcd3-f310fd62c10f}\InprocServer32@Class                             0xE4 0xDE 0xD5 0xE6 ...

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-996d-fcd3-f310fd62c10f}\InprocServer32@ThreadingModel                    Apartment

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-996d-fcd3-f310fd62c10f}\InprocServer32@                                  H:\WINDOWS\system32\OLE32.DLL

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9d00-9d71-cd86fd62c10f}\InprocServer32                                   

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9d00-9d71-cd86fd62c10f}\InprocServer32@Class                             0xE0 0xF3 0xF4 0x85 ...

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9d00-9d71-cd86fd62c10f}\InprocServer32@ThreadingModel                    Apartment

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9d00-9d71-cd86fd62c10f}\InprocServer32@                                  H:\WINDOWS\system32\OLE32.DLL

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-bfaf-8565-8f3afd62c10f}\InprocServer32                                   

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-bfaf-8565-8f3afd62c10f}\InprocServer32@Class                             0x50 0x30 0x76 0xF1 ...

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-bfaf-8565-8f3afd62c10f}\InprocServer32@ThreadingModel                    Apartment

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-bfaf-8565-8f3afd62c10f}\InprocServer32@                                  H:\WINDOWS\system32\OLE32.DLL

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c9a9-15ec-be68fd62c10f}\InprocServer32                                   

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c9a9-15ec-be68fd62c10f}\InprocServer32@Class                             0xBF 0x80 0xF4 0x9F ...

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c9a9-15ec-be68fd62c10f}\InprocServer32@ThreadingModel                    Apartment

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c9a9-15ec-be68fd62c10f}\InprocServer32@                                  H:\WINDOWS\system32\OLE32.DLL

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ce53-04ae-490efd62c10f}\InprocServer32                                   

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ce53-04ae-490efd62c10f}\InprocServer32@Class                             0xA8 0x45 0x04 0xE0 ...

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ce53-04ae-490efd62c10f}\InprocServer32@ThreadingModel                    Apartment

Reg     HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ce53-04ae-490efd62c10f}\InprocServer32@                                  H:\WINDOWS\system32\OLE32.DLL
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Und Osam

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 20:58:56 on 13.07.2011
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 5.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Adobe Gamma" - "Adobe Systems, Inc." - H:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl

"Avira AntiVir Personal" - "Avira GmbH" - H:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - H:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - H:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Nero BurnRights" - "Nero AG" - H:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

"QuickTime" - "Apple Inc." - H:\Programme\QuickTime\QTSystem\QuickTime.cpl

"TSSMPM" - "Teleca Sweden AB" - H:\Programme\HTC\HTC Sync\Mobile Phone Monitor\tssmpm.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"AFS2k" (AFS2K) - "Oak Technology Inc." - H:\WINDOWS\system32\drivers\AFS2K.sys

"AnyDVD" (AnyDVD) - "SlySoft, Inc." - H:\WINDOWS\System32\Drivers\AnyDVD.sys

"Aspi32" (Aspi32) - "Adaptec" - H:\WINDOWS\system32\drivers\Aspi32.sys

"avgio" (avgio) - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\avipbb.sys

"Cardex" (Cardex) - "Windows (R) 2000 DDK provider" - H:\WINDOWS\system32\drivers\TBPANEL.SYS

"catchme" (catchme) - ? - H:\ComboFix\catchme.sys  (File not found)

"Changer" (Changer) - ? - H:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"DiskSec" (DiskSec) - "MAGIX" - H:\WINDOWS\system32\drivers\DiskSec.sys

"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - H:\WINDOWS\System32\Drivers\ElbyCDFL.sys

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - H:\WINDOWS\System32\Drivers\ElbyCDIO.sys

"ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - H:\WINDOWS\System32\Drivers\ElbyDelay.sys

"gdrv" (gdrv) - "Windows (R) 2000 DDK provider" - H:\WINDOWS\gdrv.sys

"i2omgmt" (i2omgmt) - ? - H:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - H:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - H:\WINDOWS\system32\drivers\mbamswissarmy.sys

"PCIDump" (PCIDump) - ? - H:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - H:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - H:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - H:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - H:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"pwacqaoc" (pwacqaoc) - ? - H:\DOKUME~1\User\LOKALE~1\Temp\pwacqaoc.sys  (Hidden registry entry, rootkit activity | File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - H:\WINDOWS\System32\Drivers\PxHelp20.sys

"RRNetCap Service" (RRNetCap) - "RapidSolution Software AG" - H:\WINDOWS\System32\DRIVERS\rrnetcap.sys

"RRNetCapMP" (RRNetCapMP) - "RapidSolution Software AG" - H:\WINDOWS\System32\DRIVERS\rrnetcap.sys

"SndTAudio" (SndTAudio) - "Windows (R) Codename Longhorn DDK provider" - H:\WINDOWS\System32\drivers\SndTAudio.sys

"SndTVideo" (SndTVideo) - "Windows (R) 2000 DDK provider" - H:\WINDOWS\System32\DRIVERS\SndTVideo.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"TBPanel" (TBPanel) - "Windows (R) 2000 DDK provider" - H:\WINDOWS\system32\drivers\TBPanel.sys

"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - H:\WINDOWS\System32\drivers\tbhsd.sys

"Virtual Bus for Microsoft ACPI-Compliant System" (1199536707) - ? - H:\WINDOWS\system32\drivers\1199536707.sys  (File not found)

"WDICA" (WDICA) - ? - H:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)" (ZD1211BU(ZyDAS)) - "ZyDAS Technology Corporation" - H:\WINDOWS\System32\DRIVERS\zd1211Bu.sys

(Disabled) "SSHDRV61" (SSHDRV61) - ? - H:\WINDOWS\system32\drivers\SSHDRV61.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - H:\WINDOWS\system32\Rundll32.exe H:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - "Illustrate" - H:\Programme\Illustrate\dBpowerAMP\dBShell.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - H:\Programme\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll

{F5D92341-0A64-11D0-9956-0000E8096023} "CD Copy Shell Extension" - ? -   (File not found | COM-object registry key not found)

{F5D92342-0A64-11D0-9956-0000E8096023} "CD Wizard Shell Extension" - ? -   (File not found | COM-object registry key not found)

{ABC70703-32AF-11d4-90C4-D483A70F4825} "CMenuExtender" - "Revenger inc." - H:\Programme\iColorFolder\CMExt.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - "Illustrate" - H:\Programme\Illustrate\dBpowerAMP\dBShell.dll

{FCF608CF-5716-47C3-A1A8-991D873AF72B} "Delphi Context Menu Shell Extension Example" - ? -   (File not found | COM-object registry key not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - H:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - H:\WINDOWS\system32\nvshell.dll

{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" - "Illustrate" - H:\Programme\Illustrate\dBpowerAMP\dMCShell.dll

{88895560-9AA2-1069-930E-00AA0030EBC8} "Erweiterung für HyperTerminal-Icons" - ? -   (File not found | COM-object registry key not found)

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - H:\Programme\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - H:\Programme\Microsoft Office\OFFICE11\msohev.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - H:\WINDOWS\system32\nvshell.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - h:\programme\real\realplayer\rpshell.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - H:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - H:\WINDOWS\system32\dfshim.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - H:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - H:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

<binary data> "DAEMON Tools Toolbar" - ? - H:\Programme\DAEMON Tools Toolbar\DTToolbar.dll

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - H:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"PartyPoker.com" - ? - H:\Programme\PartyGaming\PartyPoker\RunApp.exe  (File not found)

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - H:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

<binary data> "DAEMON Tools Toolbar" - ? - H:\Programme\DAEMON Tools Toolbar\DTToolbar.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{AE7CD045-E861-484f-8273-0445EE161910} "AcroIEToolbarHelper Class" - "Adobe Systems Incorporated" - H:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - H:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
 

[Logon]

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "H:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "H:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"avgnt" - "Avira GmbH" - "H:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"HP Software Update" - "Hewlett-Packard" - H:\Programme\Hp\HP Software Update\HPWuSchd2.exe

"iTunesHelper" - "Apple Inc." - "H:\Programme\iTunes\iTunesHelper.exe"

"QuickTime Task" - "Apple Inc." - "H:\Programme\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

"TkBellExe" - "RealNetworks, Inc." - "H:\programme\real\realplayer\update\realsched.exe"  -osboot
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Adobe PDF Port" - "Adobe Systems Incorporated." - H:\WINDOWS\system32\AdobePDF.dll

"HP Discovery Port Monitor (HP Officejet 6500 E710a-f)" - "Hewlett-Packard Co." - H:\WINDOWS\system32\HPDiscoPM5512.dll

"hpzlnt07" - "HP" - H:\WINDOWS\system32\hpzlnt07.dll

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - H:\WINDOWS\system32\mdimon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - H:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

"Adobe Version Cue CS2" (Adobe Version Cue CS2) - ? - H:\WINDOWS\system32\drivers\Adobe Version Cue CS2.sys  (File not found)

"Anwendungsverwaltung" (AppMgmt) - ? - H:\WINDOWS\System32\appmgmts.dll  (File not found)

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Automatic Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll  (File not found)

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - H:\Programme\Avira\AntiVir Desktop\sched.exe

"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - H:\Programme\Canon\CAL\CALMAIN.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - H:\Programme\Bonjour\mDNSResponder.exe

"Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - "BioWare" - Z:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - H:\Programme\MAGIX\Common\Database\bin\fbserver.exe

"getPlus(R) Helper" (getPlus(R) Helper) - "NOS Microsystems Ltd." - H:\Programme\NOS\bin\getPlus_HelperSvc.exe

"Google Software Updater" (gusvc) - "Google" - H:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate1c9cdab2a076840)" (gupdate1c9cdab2a076840) - "Google Inc." - H:\Programme\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - H:\Programme\Google\Update\GoogleUpdate.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - H:\Programme\iPod\bin\iPodService.exe

"Java Quick Starter" (JavaQuickStarterService) - ? - H:\Programme\Java\jre6\bin\jqs.exe  (File not found)

"NBService" (NBService) - "Nero AG" - H:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - ? - H:\WINDOWS\system32\drivers\rpcapd.sys  (File not found)

"Seagate Service" (FreeAgentGoNext Service) - "Seagate Technology LLC" - Z:\Sync\FreeAgentService.exe

"SMServer" (SMServer) - "SMServer" - H:\WINDOWS\system32\snmvtsvc.exe

"UPnPService" (UPnPService) - "Magix AG" - H:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - H:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

PUH! Ich habe definitiv zu viel Zeugs auf der Platte! Der Scan mit dem Superantispyware hat über eine Stunde gedauert! Und er hat 36 Dateien gefunden! :daumenrunter: Jetzt sind sie in Quarantäne. Kann cih sie löschen, bevor ich den nächsten Scan mache?

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/13/2011 at 11:51 PM

Application Version : 4.55.1000

Core Rules Database Version : 7403
Trace Rules Database Version: 5215

Scan type : Complete Scan
Total Scan Time : 01:25:42

Memory items scanned : 402
Memory threats detected : 0
Registry items scanned : 8267
Registry threats detected : 0
File items scanned : 116108
File threats detected : 36

Adware.Tracking Cookie
H:\Dokumente und Einstellungen\User\Cookies\user@forum.usenext[1].txt
.apmebf.com [ H:\Dokumente und Einstellungen\TEMP\Anwendungsdaten\Mozilla\Firefox\Profiles\924zubxh.default\cookies.sqlite ]
.mediaplex.com [ H:\Dokumente und Einstellungen\TEMP\Anwendungsdaten\Mozilla\Firefox\Profiles\924zubxh.default\cookies.sqlite ]
.mediaplex.com [ H:\Dokumente und Einstellungen\TEMP\Anwendungsdaten\Mozilla\Firefox\Profiles\924zubxh.default\cookies.sqlite ]
.adfarm1.adition.com [ H:\Dokumente und Einstellungen\TEMP\Anwendungsdaten\Mozilla\Firefox\Profiles\924zubxh.default\cookies.sqlite ]
.doubleclick.net [ H:\Dokumente und Einstellungen\TEMP\Anwendungsdaten\Mozilla\Firefox\Profiles\924zubxh.default\cookies.sqlite ]
.ads.quartermedia.de [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.ads.quartermedia.de [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.ads.quartermedia.de [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.apmebf.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.mediaplex.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.doubleclick.net [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.smartadserver.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.smartadserver.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.smartadserver.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
ad.yieldmanager.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
rotator.adjuggler.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
rotator.adjuggler.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
adsrv.admediate.net [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
adsrv.admediate.net [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.webmasterplan.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.atdmt.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
ad.yieldmanager.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.bs.serving-sys.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.serving-sys.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.serving-sys.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.serving-sys.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.serving-sys.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.serving-sys.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.serving-sys.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.serving-sys.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.imrworldwide.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.imrworldwide.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.adfarm1.adition.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
.adfarm1.adition.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]
ad3.adfarm1.adition.com [ H:\Dokumente und Einstellungen\Ulli\Anwendungsdaten\Mozilla\Firefox\Profiles\y8ax8g37.default\cookies.sqlite ]

Das sind nur Cookies die sind eh harmlos.

Puh! Ein Glück! Den Malwarescan lasse ich heute Nacht durchlaufen, muss jetzt noch ein bisschen am Rechner arbeiten. Auf jeden Fall schon einmal VIELEN DANK für deine freundliche und kompetente Hilfe!

Noch eine Frage: Ich habe zur Zeit folgende Schutzprogramme installiert:
- Avira free
- MAGIX PC Check & Tuning 2010

Kerio habe ich nicht mehr, und auf deine Empfehlung hin auch nicht mehr neu installiert.

Mit dem CC-Cleaner räume ich regelmäßig auf.

Welche Empfehlungen hast du zum künftigen Schutz? Ich habe ja nun einige neue Programme auf dem Rechner (Superantispyware, Malwarebytes...)

Taugt Avira, oder sollte ich auf McAfe, Kaspersky und Co zurückgreifen?

Vielen Dank
Oliver

Zitat:

Taugt Avira, oder sollte ich auf McAfe, Kaspersky und Co zurückgreifen?

Nimm MSE oder Avast

Zitat:

MAGIX PC Check & Tuning 2010

Hört sich nach dem üblichen Schlangenöl an. Finger weg! Finger weg auch wenn angeblichen Registry-Bereingungen und/oder Optimierungen!