Internet Explorer startet in regelmäßigen Abständen automatisch - Virus Verdacht

#1 Hallo,
habe folgendes Problem. Seid heute startet der Internet Explorer automatisch und lädt verschiedene Pages, meist Werbung ohne mein Eingreifen. Habe Verdacht, dass sich ein Trojaner oder Virus etc. da zu schaffen macht.

Was kann ich nun tun? Für Hilfe wäre ich dankbar.

#2 Hi,

1. Malwarebytes
http://www.malwarebytes.org/affiliates/g2g/mbam-setup.exe
Malwarebytes bitte installieren, aktualisieren, einen Quick Scan durchführen, evt. Funde entfernen lassen und das Log posten.

2. OTL
http://oldtimer.geekstogo.com/OTL.exe
Starte das Programm, setze Häckchen bei "Scanne alle Benutzer", "LOP Prüfung" und "Purity Prüfung", kopiere unten in das Script-Feld rein:

Zitat

netsvcs
msconfig

und klicke auf Scan. Poste bitte die OTL.txt und Extras.txt

#3 hallo,

vielen Dank für die ersten Hinweise

hier das Log von malwarebytes

Zitat

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4937

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

24.10.2010 21:19:59
mbam-log-2010-10-24 (21-19-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 154229
Laufzeit: 17 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\Anke Heyden\Lokale Einstellungen\Temp\Msh.exe (Rootkit.TDSS) -> Unloaded process successfully.
C:\WINDOWS\Mkipia.exe (Rootkit.TDSS) -> Unloaded process successfully.

Infizierte Speichermodule:
c:\WINDOWS\system32\sshnas21.dll (Rootkit.TDSS) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IJKUK66HMN (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\X3EKEPXJP2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ijkuk66hmn (Rootkit.TDSS) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\WINDOWS\system32\sshnas21.dll (Rootkit.TDSS) -> Delete on reboot.
C:\Dokumente und Einstellungen\Anke Heyden\Lokale Einstellungen\Temp\Msh.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Mkipia.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Anke Heyden\Lokale Einstellungen\Temp\Msf.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Anke Heyden\Lokale Einstellungen\Temp\Msg.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Anke Heyden\Lokale Einstellungen\Temp\Msi.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Anke Heyden\Lokale Einstellungen\Temp\Msj.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#4 Hier die OTL.txt

Zitat

OTL logfile created on: 24.10.2010 21:30:46 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Dokumente und Einstellungen\Anke Heyden\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

447,00 Mb Total Physical Memory | 139,00 Mb Available Physical Memory | 31,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,25 Gb Total Space | 14,89 Gb Free Space | 50,90% Space Free | Partition Type: NTFS
Drive D: | 14,66 Gb Total Space | 1,77 Gb Free Space | 12,09% Space Free | Partition Type: NTFS
Drive E: | 12,01 Gb Total Space | 9,64 Gb Free Space | 80,28% Space Free | Partition Type: FAT32

Computer Name: ANKE | User Name: Anke Heyden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010.10.24 20:56:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Anke Heyden\Desktop\OTL.exe
PRC - [2010.10.23 18:14:21 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.09.15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Essentials\msseces.exe
PRC - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010.02.26 07:10:20 | 021,979,992 | ---- | M] () -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Dropbox\bin\Dropbox.exe
PRC - [2010.01.29 23:20:26 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010.01.27 13:30:16 | 001,312,848 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe
PRC - [2009.05.19 19:39:44 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005.05.27 11:24:52 | 000,310,272 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2005.01.24 14:56:30 | 000,180,224 | ---- | M] () -- C:\Programme\OSD\OSD.exe
PRC - [2005.01.20 21:04:22 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2001.02.23 11:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010.10.24 20:56:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Anke Heyden\Desktop\OTL.exe
MOD - [2010.10.24 19:32:51 | 000,050,688 | -H-- | M] () -- C:\WINDOWS\system32\hostgsvc.dll
MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office10\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.01.29 23:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.04.06 17:03:28 | 000,110,592 | ---- | M] () [Disabled | Stopped] -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2001.02.23 11:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2010.03.21 14:11:47 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.10 13:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.11.10 13:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.03.27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2006.11.30 15:14:22 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45unic.sys -- (se45unic) Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM)
DRV - [2006.11.30 15:14:14 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45obex.sys -- (se45obex)
DRV - [2006.11.30 15:14:10 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mgmt.sys -- (se45mgmt) Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM)
DRV - [2006.11.30 15:14:10 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45nd5.sys -- (se45nd5) Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS)
DRV - [2006.11.30 15:14:04 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mdm.sys -- (se45mdm)
DRV - [2006.11.30 15:14:04 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mdfl.sys -- (se45mdfl)
DRV - [2006.11.30 15:13:56 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45bus.sys -- (se45bus) Sony Ericsson Device 069 driver (WDM)
DRV - [2006.03.15 10:35:06 | 000,017,664 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AWISp50.sys -- (AWISp50)
DRV - [2005.08.31 11:34:52 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2005.08.31 11:34:10 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005.07.29 17:26:54 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005.07.29 17:21:32 | 000,011,988 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005.05.17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005.04.30 15:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005.04.30 15:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005.03.25 18:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2005.03.25 17:33:58 | 000,124,160 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\W33ND.SYS -- (W33ND)
DRV - [2005.01.28 18:48:58 | 002,310,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.12.20 16:10:14 | 001,271,463 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004.10.19 14:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004.10.08 15:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003.10.21 09:32:56 | 000,004,608 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\NTPrime.sys -- (NTPrime)
DRV - [2001.08.17 13:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tchibo.de
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tchibo.de
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tchibo.de

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tchibo.de
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3135623792-1572117677-2383357432-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-3135623792-1572117677-2383357432-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.23 18:14:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.23 18:14:32 | 000,000,000 | ---D | M]

[2008.08.26 11:35:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Mozilla\Extensions
[2010.10.24 17:23:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Mozilla\Firefox\Profiles\x77j6xjw.default\extensions
[2010.10.16 13:36:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Mozilla\Firefox\Profiles\x77j6xjw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.10.12 18:00:34 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Mozilla\Firefox\Profiles\x77j6xjw.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.06.26 08:20:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Mozilla\Firefox\Profiles\x77j6xjw.default\extensions\DTToolbar@toolbarnet.com
[2010.03.21 14:20:11 | 000,000,523 | ---- | M] () -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Mozilla\Firefox\Profiles\x77j6xjw.default\searchplugins\daemon-search.xml
[2009.10.07 13:45:27 | 000,000,684 | ---- | M] () -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Mozilla\Firefox\Profiles\x77j6xjw.default\searchplugins\woerterbuchinfo.xml
[2010.10.24 17:23:21 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.06.30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\npOGAPlugin.dll
[2010.04.07 10:24:32 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.07 10:24:32 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.07 10:24:32 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.07 10:24:32 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.07 10:24:32 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.02.01 21:32:10 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {04AA1A9F-C015-44AE-9ED6-8616C5DD3446} - No CLSID value found.
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office10\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office10\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-3135623792-1572117677-2383357432-1006\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3135623792-1572117677-2383357432-1006\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [EvtMgr6] C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MSSE] c:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OSD] C:\Programme\OSD\OSD.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Anke Heyden\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3135623792-1572117677-2383357432-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office10\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office10\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office10\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office10\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120491581828 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Anke Heyden\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Anke Heyden\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office10\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.07.04 16:22:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005.04.06 17:24:02 | 000,000,302 | RH-- | M] () - E:\AUTOEXEC.org -- [ FAT32 ]
O32 - AutoRun File - [2005.04.07 13:29:04 | 000,000,880 | -H-- | M] () - E:\AUTOEXECold.bat -- [ FAT32 ]
O32 - AutoRun File - [2005.04.12 02:14:18 | 000,000,437 | RH-- | M] () - E:\AUTOEXEC.bat -- [ FAT32 ]
O33 - MountPoints2\{285bf2b4-0b2d-11dd-a5ab-0060b3d4930a}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{285bf2b4-0b2d-11dd-a5ab-0060b3d4930a}\Shell\explore\Command - "" = F:\RECYCLER\INFO.exe -- File not found
O33 - MountPoints2\{285bf2b4-0b2d-11dd-a5ab-0060b3d4930a}\Shell\open\Command - "" = F:\RECYCLER\INFO.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: mounexec - (C:\WINDOWS\system32\hostgsvc.dll) - C:\WINDOWS\system32\hostgsvc.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

MsConfig - Services: "Fax"
MsConfig - Services: "BlueSoleil Hid Service"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Anke Heyden^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE - File not found
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe File not found
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.10.24 21:28:20 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Anke Heyden\Desktop\OTL.exe
[2010.10.24 20:58:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Malwarebytes
[2010.10.24 20:58:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.10.24 20:58:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.10.24 20:58:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.10.24 20:58:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.23 18:30:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GoldWave
[2010.10.23 18:25:54 | 000,000,000 | ---D | C] -- C:\Programme\GoldWave
[2010.10.14 22:21:23 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010.10.14 22:21:21 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010.10.06 18:24:53 | 000,000,000 | ---D | C] -- C:\Programme\XMind
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.10.24 21:29:33 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.10.24 21:24:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.24 21:23:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.24 21:23:47 | 469,286,912 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.24 20:56:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Anke Heyden\Desktop\OTL.exe
[2010.10.24 19:32:51 | 000,050,688 | -H-- | M] () -- C:\WINDOWS\System32\hostgsvc.dll
[2010.10.23 19:22:06 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.20 22:11:05 | 000,095,232 | ---- | M] () -- C:\Dokumente und Einstellungen\Anke Heyden\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.20 18:56:23 | 000,000,149 | ---- | M] () -- C:\Dokumente und Einstellungen\Anke Heyden\default.pls
[2010.10.19 22:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010.10.15 15:52:46 | 000,312,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.15 08:28:37 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.10.06 18:26:08 | 000,000,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Anke Heyden\Desktop\XMind.lnk
[2010.09.29 16:37:11 | 000,001,070 | ---- | M] () -- C:\Dokumente und Einstellungen\Anke Heyden\Desktop\MediaManager.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.10.24 19:32:49 | 000,050,688 | -H-- | C] () -- C:\WINDOWS\System32\hostgsvc.dll
[2010.10.06 18:26:08 | 000,000,681 | ---- | C] () -- C:\Dokumente und Einstellungen\Anke Heyden\Desktop\XMind.lnk
[2010.07.14 18:44:28 | 000,000,072 | ---- | C] () -- C:\WINDOWS\CrocChem.INI
[2010.03.28 19:52:17 | 000,000,446 | ---- | C] () -- C:\WINDOWS\CrocPhys.INI
[2010.03.28 19:51:27 | 000,000,021 | ---- | C] () -- C:\WINDOWS\crocclip.ini
[2010.03.21 14:11:46 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.07.25 18:01:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2009.04.10 18:27:46 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2009.04.10 18:27:46 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2009.04.10 18:27:46 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2009.04.10 18:18:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009.04.10 18:18:46 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007.09.05 11:39:37 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007.08.28 17:29:19 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2007.08.17 18:36:19 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007.08.17 18:36:19 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007.08.17 18:36:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007.08.17 18:11:25 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007.08.01 21:41:03 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Anke Heyden\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.09.24 15:12:40 | 000,052,705 | ---- | C] () -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006.09.24 15:12:40 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006.09.24 15:12:28 | 000,002,167 | ---- | C] () -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\HPSU_48BitScanUpdate.log
[2006.09.24 15:12:28 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006.09.24 15:09:58 | 000,006,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006.09.24 15:09:58 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006.07.19 23:19:29 | 000,049,342 | ---- | C] () -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Update_HP_RedboxHprblog_HPSU.log
[2006.07.19 23:19:29 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006.02.08 17:39:48 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2005.11.01 19:14:40 | 000,005,172 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2005.10.14 21:50:51 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.10.14 21:05:04 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\NTPrime.sys
[2005.10.14 16:38:10 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.10.14 16:33:41 | 000,067,280 | ---- | C] () -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\wklnhst.dat
[2005.10.14 15:35:38 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.10.14 15:31:12 | 000,095,232 | ---- | C] () -- C:\Dokumente und Einstellungen\Anke Heyden\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.10.14 15:03:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005.08.12 17:37:46 | 000,189,440 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005.07.29 17:21:32 | 000,011,988 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2005.07.05 16:06:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.07.05 12:04:57 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\E973B8E39C.sys
[2005.07.05 12:04:56 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005.07.05 12:02:49 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005.07.05 01:03:04 | 000,000,846 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.07.04 17:11:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.07.04 16:40:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2005.07.04 16:37:50 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004.12.16 17:32:54 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2002.01.08 19:03:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MiniBrowser.dll
[2001.07.06 16:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1999.04.08 15:47:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\FViGxDS1.dll
[1997.11.21 18:03:20 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1997.09.30 14:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

[color=#E56717]========== LOP Check ==========[/color]

[2007.03.07 16:15:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth
[2010.03.26 19:51:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010.07.03 10:52:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2010.10.23 18:30:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GoldWave
[2009.04.10 18:26:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2007.08.01 21:23:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2005.07.05 11:48:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2010.07.03 10:52:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Canon
[2010.03.26 20:30:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Canon Easy-WebPrint EX
[2008.07.14 21:19:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\ConceptDraw MINDMAP
[2008.07.14 21:19:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\ConceptDraw MindMap 6
[2010.03.21 14:10:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\DAEMON Tools
[2010.10.24 21:26:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Dropbox
[2008.12.29 12:41:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\DynaGeo
[2006.01.05 20:08:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\iGrafx
[2009.02.06 12:12:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Image Zone Express
[2008.05.03 15:35:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\KompoZer
[2010.03.26 21:10:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Leadertech
[2009.05.18 23:04:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\MAXQDA2007
[2005.10.14 21:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Micrografx
[2007.10.08 12:56:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Printer Info Cache
[2009.11.17 12:14:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\SpeedProject
[2010.03.01 18:05:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\TeamViewer
[2007.08.01 21:30:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Teleca
[2008.11.11 10:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp Nussbächer\Anwendungsdaten\Teleca
[2010.10.24 21:29:33 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

#5 und hier die EXTRAS.txt

Zitat

OTL Extras logfile created on: 24.10.2010 21:30:46 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Dokumente und Einstellungen\Anke Heyden\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

447,00 Mb Total Physical Memory | 139,00 Mb Available Physical Memory | 31,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,25 Gb Total Space | 14,89 Gb Free Space | 50,90% Space Free | Partition Type: NTFS
Drive D: | 14,66 Gb Total Space | 1,77 Gb Free Space | 12,09% Space Free | Partition Type: NTFS
Drive E: | 12,01 Gb Total Space | 9,64 Gb Free Space | 80,28% Space Free | Partition Type: FAT32

Computer Name: ANKE | User Name: Anke Heyden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\WINWORD.EXE" /n /dde File not found
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Programme\Müller Foto\Müller Foto\Müller Foto.exe" "-Foto %1" ()
Directory [Müller Foto] -- "C:\Programme\Müller Foto\Müller Foto\Müller Foto.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 6.2 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 6.2 -- File not found
"C:\Programme\CA\Etrust Antivirus\InocIT.exe" = C:\Programme\CA\Etrust Antivirus\InocIT.exe:*:Enabled:InocIT -- File not found
"C:\Programme\CA\Etrust Antivirus\Realmon.exe" = C:\Programme\CA\Etrust Antivirus\Realmon.exe:*:Enabled:Realmon -- File not found
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- File not found
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- File not found
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- File not found
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- File not found
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- File not found
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- File not found
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- File not found
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- File not found
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- File not found
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- File not found
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- File not found
"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"C:\Dokumente und Einstellungen\Anke Heyden\Desktop\Empire Earth\Empire Earth.exe" = C:\Dokumente und Einstellungen\Anke Heyden\Desktop\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth -- File not found
"C:\Dokumente und Einstellungen\Anke Heyden\temp\TeamViewer3\TeamViewer.exe" = C:\Dokumente und Einstellungen\Anke Heyden\temp\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer3\TeamViewer.exe" = C:\Programme\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- File not found
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Programme\SPSSInc\Statistics17\statistics.com" = C:\Programme\SPSSInc\Statistics17\statistics.com:*isabled:Statistics17:com -- File not found
"C:\Programme\SPSSInc\Statistics17\statistics.exe" = C:\Programme\SPSSInc\Statistics17\statistics.exe:*isabled:Statistics17:exe -- File not found
"C:\Programme\SPSSInc\Statistics17\SPSSWinWrapIDE.exe" = C:\Programme\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:*isabled:SPSS Basic Script Editor -- File not found
"C:\Programme\SPSSInc\PASWStatistics17\paswstat.exe" = C:\Programme\SPSSInc\PASWStatistics17\paswstat.exe:*isabled:Statistics17:exe -- File not found
"C:\Programme\SPSSInc\PASWStatistics17\paswstat.com" = C:\Programme\SPSSInc\PASWStatistics17\paswstat.com:*isabled:Statistics17:com -- File not found
"C:\Programme\SPSSInc\PASWStatistics17\SPSSWinWrapIDE.exe" = C:\Programme\SPSSInc\PASWStatistics17\SPSSWinWrapIDE.exe:*isabled:SPSS Basic Script Editor -- File not found
"C:\Programme\SPSSInc\PASWStatistics17\statistics.exe" = C:\Programme\SPSSInc\PASWStatistics17\statistics.exe:*isabled:Statistics17:deprecated exe -- File not found
"C:\Programme\SPSSInc\PASWStatistics17\statistics.com" = C:\Programme\SPSSInc\PASWStatistics17\statistics.com:*isabled:Statistics17:deprecated com -- File not found
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Anke Heyden\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- ()
"C:\Programme\Microsoft Office10\Office14\GROOVE.EXE" = C:\Programme\Microsoft Office10\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Programme\Microsoft Office10\Office14\ONENOTE.EXE" = C:\Programme\Microsoft Office10\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Programme\Microsoft Office10\Office14\OUTLOOK.EXE" = C:\Programme\Microsoft Office10\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 18
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{63D1A44F-E1FD-4460-BE0A-8745012F67EF}" = BlueSoleil
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90300407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{E54A8977-22E8-4A64-BF2C-E60FE122733A}" = Micrografx Designer 9.0
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F2D47858-B900-416A-BA43-96BD1929EB43}" = Crocodile Physics 1.7 DE
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"5PLUS_2007.r_is1" = 5PLUS 2007.r (Portable Version, unabhängig von der BDE)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Archimedes Geo3D_is1" = Archimedes Geo3D 1.2.1
"Canon MP640 series Benutzerregistrierung" = Canon MP640 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Cinderella 2.0" = Cinderella 2.0
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DynaGeo_is1" = DynaGeo 3.1
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Foxit Reader" = Foxit Reader
"FreePDF_XP" = FreePDF XP (Remove only)
"FunkyPlot_is1" = FunkyPlot V1.0.2
"GeoGebra" = GeoGebra
"GoldWave v5.58" = GoldWave v5.58
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Kreismedienzentrum Biberach September 2009_is1" = Kreismedienzentrum Biberach September 2009
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaManager" = MediaManager
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Müller Foto" = Müller Foto
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OSD" = OSD V1.0.3.3
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"S3" = UniChrome Pro IGP Display Driver and Utilities
"Shockwave" = Shockwave
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Sounds" = Sounds (remove only)
"SP6" = Logitech SetPoint 6.0
"SpeedCommander 13" = SpeedCommander 13
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"Trillian" = Trillian
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.2
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTChromo" = S3 S3Chromo
"VTConfig3D" = S3 S3Config3D
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"VTTrayPlus" = S3 S3TrayPlus
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Setup-Start von Microsoft Works 2004
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMind" = XMind

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3135623792-1572117677-2383357432-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 29.09.2010 10:38:36 | Computer Name = ANKE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 29.09.2010 10:39:06 | Computer Name = ANKE | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 04.10.2010 07:35:33 | Computer Name = ANKE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6201.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

Error - 04.10.2010 07:37:03 | Computer Name = ANKE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3909,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b.

Error - 13.10.2010 09:06:27 | Computer Name = ANKE | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 24.10.2010 11:10:54 | Computer Name = ANKE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17091, fehlgeschlagenes
Modul flash9b.ocx, Version 9.0.28.0, Fehleradresse 0x000e12a7.

[ OSession Events ]
Error - 02.06.2010 10:23:47 | Computer Name = ANKE | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 02.06.2010 11:24:47 | Computer Name = ANKE | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 02.06.2010 11:25:46 | Computer Name = ANKE | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 03.06.2010 06:26:41 | Computer Name = ANKE | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 04.06.2010 17:17:44 | Computer Name = ANKE | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 05.06.2010 10:57:42 | Computer Name = ANKE | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 05.06.2010 10:59:32 | Computer Name = ANKE | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 13.06.2010 12:28:26 | Computer Name = ANKE | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 13.06.2010 12:29:47 | Computer Name = ANKE | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 19.06.2010 14:57:01 | Computer Name = ANKE | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

[ System Events ]
Error - 19.10.2010 13:57:25 | Computer Name = ANKE | Source = BROWSER | ID = 8032
Description = Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport
"\Device\NetBT_Tcpip_{D0C291D9-35D0-4A9F-BE3C-6037EE54948F}" zu oft fehl. Der Sicherungssuchdienst
wird beendet.

Error - 20.10.2010 11:13:15 | Computer Name = ANKE | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
0060B3D4930A wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).

Error - 20.10.2010 11:27:47 | Computer Name = ANKE | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "PHILIPP-N",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{D0C291D9-35D0-4A9F-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error - 20.10.2010 14:04:37 | Computer Name = ANKE | Source = BROWSER | ID = 8032
Description = Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport
"\Device\NetBT_Tcpip_{D0C291D9-35D0-4A9F-BE3C-6037EE54948F}" zu oft fehl. Der Sicherungssuchdienst
wird beendet.

Error - 23.10.2010 06:04:01 | Computer Name = ANKE | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection.

Error - 23.10.2010 09:41:15 | Computer Name = ANKE | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0060B3D4930A zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

Error - 23.10.2010 09:41:23 | Computer Name = ANKE | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0060B3D4930A zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

Error - 23.10.2010 09:41:30 | Computer Name = ANKE | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0060B3D4930A zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

Error - 24.10.2010 12:35:03 | Computer Name = ANKE | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "PHILIPP-N",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{D0C291D9-35D0-4A9F-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error - 24.10.2010 15:24:21 | Computer Name = ANKE | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.


< End of report >

#6 Hoffe Sie können mit den geposteten Informationen etwas anfangen.
Einige Infizierungen konnten gelöscht werden.

Sind nun weitere Schritte notwendig?
Stichwort: weitere Scans mit anderen Programmen etc
Stichwort: Passwort Änderungen

freundliche Grüße

master_p001

#7 1. Starte bitte OTL, kopiere unten in das Script-Feld rein:

Zitat

:OTL
MOD - [2010.10.24 19:32:51 | 000,050,688 | -H-- | M] () -- C:\WINDOWS\system32\hostgsvc.dll
O2 - BHO: (no name) - {04AA1A9F-C015-44AE-9ED6-8616C5DD3446} - No CLSID value found.
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O32 - AutoRun File - [2005.04.06 17:24:02 | 000,000,302 | RH-- | M] () - E:\AUTOEXEC.org -- [ FAT32 ]
O32 - AutoRun File - [2005.04.07 13:29:04 | 000,000,880 | -H-- | M] () - E:\AUTOEXECold.bat -- [ FAT32 ]
O32 - AutoRun File - [2005.04.12 02:14:18 | 000,000,437 | RH-- | M] () - E:\AUTOEXEC.bat -- [ FAT32 ]
O33 - MountPoints2\{285bf2b4-0b2d-11dd-a5ab-0060b3d4930a}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{285bf2b4-0b2d-11dd-a5ab-0060b3d4930a}\Shell\explore\Command - "" = F:\RECYCLER\INFO.exe -- File not found
O33 - MountPoints2\{285bf2b4-0b2d-11dd-a5ab-0060b3d4930a}\Shell\open\Command - "" = F:\RECYCLER\INFO.exe -- File not found
O36 - AppCertDlls: mounexec - (C:\WINDOWS\system32\hostgsvc.dll) - C:\WINDOWS\system32\hostgsvc.dll ()
NetSvcs: SSHNAS - File not found

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

und klicke auf Fix. Unter Umständen ist ein Neustart notwendig. Poste bitte das Fix Log.

2. Hol Dir bitte TDSSKiller von Kaspersky
Extrahiere die Zip-Datei auf den Desktop (die tdsskiller.exe soll direkt auf dem Desktop liegen, nicht in einem Ordner).
Starte tdsskiller.exe
Falls das Programm irgendetwas findet, klicke auf Continue und dann, wenn nach Neustart gefragt wird, auf Reboot Now. Nach dem Neustart wird das Log unter C:\TDSSKiller....._log.txt zu finden sein, bitte posten.
Falls das Programm nichts findet oder nicht nach einem Neustart fragt, klicke auf Report, und poste bitte ebenfalls das Log.

3. RootRepeal
http://sites.google.com/site/rootrepeal/
Starte RootRepeal.
Beende alle anderen Programme.
Gehe unten auf den Reiter Report.
Klicke auf Scan.
Setze alle Häkchen.
Bestätige mit OK.
Falls gefragt, wähle Laufwerk C:
Bestätige mit OK.
Am Ende des Scans wird ein Log eingeblendet, poste es bitte.

#8 hier das fix log

Zitat

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04AA1A9F-C015-44AE-9ED6-8616C5DD3446}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04AA1A9F-C015-44AE-9ED6-8616C5DD3446}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
E:\AUTOEXEC.org moved successfully.
E:\AUTOEXECold.bat moved successfully.
E:\AUTOEXEC.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{285bf2b4-0b2d-11dd-a5ab-0060b3d4930a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{285bf2b4-0b2d-11dd-a5ab-0060b3d4930a}\ not found.
File F:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{285bf2b4-0b2d-11dd-a5ab-0060b3d4930a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{285bf2b4-0b2d-11dd-a5ab-0060b3d4930a}\ not found.
File F:\RECYCLER\INFO.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{285bf2b4-0b2d-11dd-a5ab-0060b3d4930a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{285bf2b4-0b2d-11dd-a5ab-0060b3d4930a}\ not found.
File F:\RECYCLER\INFO.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\mounexec:C:\WINDOWS\system32\hostgsvc.dll deleted successfully.
C:\WINDOWS\system32\hostgsvc.dll moved successfully.
SSHNAS removed from NetSvcs value successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anke Heyden
->Temp folder emptied: 39917213 bytes
->Temporary Internet Files folder emptied: 49266 bytes
->Java cache emptied: 14675459 bytes
->FireFox cache emptied: 3773049 bytes
->Flash cache emptied: 18302 bytes

User: Besitzer

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 245894 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 300 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 409664 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Philipp Nussbächer
->Temp folder emptied: 22576 bytes
->Temporary Internet Files folder emptied: 378952 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2863735 bytes
->Flash cache emptied: 300 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11139219 bytes
RecycleBin emptied: 1482258055 bytes

Total Files Cleaned = 1.484,00 mb


[EMPTYFLASH]

User: All Users

User: Anke Heyden
->Flash cache emptied: 0 bytes

User: Besitzer

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Philipp Nussbächer
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.1 log created on 10242010_220511

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#9 hier das log des tdss killer

einen threat hat er gefunden. ich wusste nicht, ob ich skippen oder deleten soll?

Zitat

2010/10/24 22:12:33.0046 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/24 22:12:33.0046 ================================================================================
2010/10/24 22:12:33.0046 SystemInfo:
2010/10/24 22:12:33.0046
2010/10/24 22:12:33.0046 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/24 22:12:33.0046 Product type: Workstation
2010/10/24 22:12:33.0046 ComputerName: ANKE
2010/10/24 22:12:33.0046 UserName: Anke Heyden
2010/10/24 22:12:33.0046 Windows directory: C:\WINDOWS
2010/10/24 22:12:33.0046 System windows directory: C:\WINDOWS
2010/10/24 22:12:33.0046 Processor architecture: Intel x86
2010/10/24 22:12:33.0046 Number of processors: 1
2010/10/24 22:12:33.0046 Page size: 0x1000
2010/10/24 22:12:33.0046 Boot type: Normal boot
2010/10/24 22:12:33.0046 ================================================================================
2010/10/24 22:12:37.0421 Initialize success
2010/10/24 22:13:33.0203 ================================================================================
2010/10/24 22:13:33.0203 Scan started
2010/10/24 22:13:33.0203 Mode: Manual;
2010/10/24 22:13:33.0203 ================================================================================
2010/10/24 22:13:33.0781 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/24 22:13:33.0875 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/10/24 22:13:34.0031 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/24 22:13:34.0140 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/24 22:13:34.0281 AgereSoftModem (c62f5fd87cbc94d6d345c30e8931324c) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/10/24 22:13:34.0671 ALCXWDM (9a8aa4df3999bd7c60b90a4e799b1cd0) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/10/24 22:13:35.0187 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/24 22:13:35.0250 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/24 22:13:35.0390 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/24 22:13:35.0515 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/24 22:13:35.0609 AWISp50 (1fb582b783650ad538560e0c279c3078) C:\WINDOWS\system32\Drivers\AWISp50.sys
2010/10/24 22:13:35.0718 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/24 22:13:35.0812 BlueletAudio (534b95fbd867d0512dcb43e6cc1aa91e) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
2010/10/24 22:13:35.0875 BlueletSCOAudio (01d1832f2b13dfaf7384884f7c3e0124) C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
2010/10/24 22:13:35.0968 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/10/24 22:13:36.0015 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/10/24 22:13:36.0109 BT (d1813668a0117ae05bc0b81c874f91d4) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
2010/10/24 22:13:36.0171 Btcsrusb (f7ff961f1b8bd229f94f648889a87b94) C:\WINDOWS\system32\Drivers\btcusb.sys
2010/10/24 22:13:36.0312 BTHidEnum (e69d9e7854095a9c81acee40d766fe2d) C:\WINDOWS\system32\DRIVERS\vbtenum.sys
2010/10/24 22:13:36.0421 BTHidMgr (a9164c2a39bd917b9f42ae087560ac3d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
2010/10/24 22:13:36.0531 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/24 22:13:36.0578 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/24 22:13:36.0687 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/24 22:13:36.0765 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/24 22:13:36.0843 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/24 22:13:37.0000 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/24 22:13:37.0109 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/24 22:13:37.0281 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
2010/10/24 22:13:37.0406 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2010/10/24 22:13:37.0625 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/24 22:13:37.0781 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/24 22:13:37.0937 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/24 22:13:38.0031 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/24 22:13:38.0156 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/24 22:13:38.0437 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/24 22:13:38.0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/24 22:13:38.0890 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/24 22:13:38.0968 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2010/10/24 22:13:39.0046 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2010/10/24 22:13:39.0093 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/24 22:13:39.0250 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/24 22:13:39.0312 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/24 22:13:39.0375 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/24 22:13:39.0578 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/24 22:13:39.0640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/24 22:13:39.0687 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/24 22:13:39.0843 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/10/24 22:13:39.0953 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/10/24 22:13:40.0140 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/10/24 22:13:40.0640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/24 22:13:41.0546 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/24 22:13:41.0750 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/24 22:13:43.0078 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/24 22:13:43.0156 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/24 22:13:43.0234 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/24 22:13:43.0281 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/24 22:13:43.0312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/24 22:13:43.0359 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/24 22:13:43.0406 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/24 22:13:43.0468 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/24 22:13:43.0531 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/24 22:13:43.0625 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/24 22:13:43.0703 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/24 22:13:43.0828 LHidFilt (f5e165b4e3df145f6e8bf3c0573f94d8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2010/10/24 22:13:43.0906 LMouFilt (b46e39b8ae439d7ce75a923e7f950040) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2010/10/24 22:13:43.0984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/24 22:13:44.0031 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/24 22:13:44.0078 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/24 22:13:44.0140 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/24 22:13:44.0187 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/24 22:13:44.0281 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/10/24 22:13:44.0390 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/24 22:13:44.0468 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/24 22:13:44.0625 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/24 22:13:44.0703 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/24 22:13:44.0750 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/24 22:13:44.0796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/24 22:13:44.0843 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/24 22:13:44.0875 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/24 22:13:44.0921 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/24 22:13:44.0984 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/24 22:13:45.0046 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/24 22:13:45.0078 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/24 22:13:45.0140 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/24 22:13:45.0187 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/24 22:13:45.0218 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/24 22:13:45.0265 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/24 22:13:45.0312 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/24 22:13:45.0359 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/24 22:13:45.0437 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/24 22:13:45.0546 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/24 22:13:45.0656 NTPrime (53df21bd99c9fe4c2d33588039a09032) C:\WINDOWS\system32\drivers\NTPrime.sys
2010/10/24 22:13:45.0750 NTSIM (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\system32\ntsim.sys
2010/10/24 22:13:45.0828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/24 22:13:45.0906 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/24 22:13:45.0937 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/24 22:13:46.0046 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2010/10/24 22:13:46.0078 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/24 22:13:46.0125 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/24 22:13:46.0171 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/24 22:13:46.0296 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/24 22:13:46.0609 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/24 22:13:46.0656 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/24 22:13:46.0703 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/24 22:13:46.0765 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/24 22:13:46.0984 QV2KUX (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
2010/10/24 22:13:47.0046 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/24 22:13:47.0109 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/24 22:13:47.0140 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/24 22:13:47.0171 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/24 22:13:47.0218 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/24 22:13:47.0281 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/24 22:13:47.0359 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/24 22:13:47.0421 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/24 22:13:47.0468 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/10/24 22:13:47.0609 se45bus (531ebc57db331c8500c042d9f8a6aef2) C:\WINDOWS\system32\DRIVERS\se45bus.sys
2010/10/24 22:13:47.0640 se45mdfl (148e7e813681d3a0a05f09826080cc2b) C:\WINDOWS\system32\DRIVERS\se45mdfl.sys
2010/10/24 22:13:47.0703 se45mdm (b4ce022564d0d3fd7b0e5459aa12aa72) C:\WINDOWS\system32\DRIVERS\se45mdm.sys
2010/10/24 22:13:47.0734 se45mgmt (6d04ea9c049ebd78d64ade447de3f7eb) C:\WINDOWS\system32\DRIVERS\se45mgmt.sys
2010/10/24 22:13:47.0781 se45nd5 (fdc74beaa13a801fac574bc7af1450c4) C:\WINDOWS\system32\DRIVERS\se45nd5.sys
2010/10/24 22:13:47.0828 se45obex (5e003693822460d37516d9a262de9e11) C:\WINDOWS\system32\DRIVERS\se45obex.sys
2010/10/24 22:13:47.0859 se45unic (fc7021adb632200da591a55a35a78acc) C:\WINDOWS\system32\DRIVERS\se45unic.sys
2010/10/24 22:13:47.0906 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/24 22:13:47.0984 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/24 22:13:48.0031 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2010/10/24 22:13:48.0062 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/10/24 22:13:48.0156 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/24 22:13:48.0265 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/24 22:13:48.0390 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2010/10/24 22:13:48.0390 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/10/24 22:13:48.0406 sptd - detected Locked file (1)
2010/10/24 22:13:48.0437 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/24 22:13:48.0578 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/24 22:13:48.0703 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/24 22:13:48.0750 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/24 22:13:48.0843 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/24 22:13:49.0078 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/10/24 22:13:49.0140 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/24 22:13:49.0265 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/24 22:13:49.0343 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/24 22:13:49.0421 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/24 22:13:49.0484 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/24 22:13:49.0640 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2010/10/24 22:13:49.0718 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/24 22:13:49.0859 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/24 22:13:49.0968 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/24 22:13:50.0046 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/24 22:13:50.0109 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/24 22:13:50.0187 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/24 22:13:50.0250 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/24 22:13:50.0296 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/24 22:13:50.0343 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/24 22:13:50.0421 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/24 22:13:50.0546 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys
2010/10/24 22:13:50.0656 VcommMgr (630bbdbf5490f8f57abe650da63661a0) C:\WINDOWS\system32\Drivers\VcommMgr.sys
2010/10/24 22:13:50.0734 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/24 22:13:50.0843 viagfx (b83673bc21cc68455603e68110a63029) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2010/10/24 22:13:50.0921 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/24 22:13:50.0968 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/24 22:13:51.0109 W33ND (b79ca5b48ed09ac2ee8592ca30f3d6d8) C:\WINDOWS\system32\DRIVERS\W33ND.SYS
2010/10/24 22:13:51.0187 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/24 22:13:51.0328 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/10/24 22:13:51.0453 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/24 22:13:51.0687 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/24 22:13:51.0781 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/24 22:13:51.0875 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/24 22:13:52.0187 ================================================================================
2010/10/24 22:13:52.0187 Scan finished
2010/10/24 22:13:52.0187 ================================================================================
2010/10/24 22:13:52.0234 Detected object count: 1
2010/10/24 22:13:55.0000 Locked file(sptd) - User select action: Skip
2010/10/24 22:14:10.0453 ================================================================================
2010/10/24 22:14:10.0453 Scan started
2010/10/24 22:14:10.0453 Mode: Manual;
2010/10/24 22:14:10.0453 ================================================================================
2010/10/24 22:14:11.0031 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/24 22:14:11.0125 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/10/24 22:14:11.0234 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/24 22:14:11.0328 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/24 22:14:11.0468 AgereSoftModem (c62f5fd87cbc94d6d345c30e8931324c) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/10/24 22:14:11.0843 ALCXWDM (9a8aa4df3999bd7c60b90a4e799b1cd0) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/10/24 22:14:12.0203 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/24 22:14:12.0250 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/24 22:14:12.0375 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/24 22:14:12.0468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/24 22:14:12.0562 AWISp50 (1fb582b783650ad538560e0c279c3078) C:\WINDOWS\system32\Drivers\AWISp50.sys
2010/10/24 22:14:12.0656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/24 22:14:12.0750 BlueletAudio (534b95fbd867d0512dcb43e6cc1aa91e) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
2010/10/24 22:14:12.0781 BlueletSCOAudio (01d1832f2b13dfaf7384884f7c3e0124) C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
2010/10/24 22:14:12.0843 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/10/24 22:14:12.0890 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/10/24 22:14:12.0984 BT (d1813668a0117ae05bc0b81c874f91d4) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
2010/10/24 22:14:13.0031 Btcsrusb (f7ff961f1b8bd229f94f648889a87b94) C:\WINDOWS\system32\Drivers\btcusb.sys
2010/10/24 22:14:13.0109 BTHidEnum (e69d9e7854095a9c81acee40d766fe2d) C:\WINDOWS\system32\DRIVERS\vbtenum.sys
2010/10/24 22:14:13.0203 BTHidMgr (a9164c2a39bd917b9f42ae087560ac3d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
2010/10/24 22:14:13.0265 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/24 22:14:13.0312 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/24 22:14:13.0421 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/24 22:14:13.0500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/24 22:14:13.0656 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/24 22:14:13.0734 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/24 22:14:13.0843 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/24 22:14:14.0000 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
2010/10/24 22:14:14.0093 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2010/10/24 22:14:14.0265 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/24 22:14:14.0375 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/24 22:14:14.0437 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/24 22:14:14.0515 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/24 22:14:14.0593 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/24 22:14:14.0734 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/24 22:14:14.0859 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/24 22:14:14.0937 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/24 22:14:15.0046 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2010/10/24 22:14:15.0125 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2010/10/24 22:14:15.0187 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/24 22:14:15.0250 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/24 22:14:15.0312 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/24 22:14:15.0390 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/24 22:14:15.0468 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/24 22:14:15.0546 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/24 22:14:15.0640 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/24 22:14:15.0781 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/10/24 22:14:15.0828 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/10/24 22:14:15.0890 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/10/24 22:14:15.0968 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/24 22:14:16.0125 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/24 22:14:16.0187 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/24 22:14:16.0375 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/24 22:14:16.0437 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/24 22:14:16.0500 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/24 22:14:16.0531 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/24 22:14:16.0578 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/24 22:14:16.0625 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/24 22:14:16.0687 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/24 22:14:16.0781 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/24 22:14:16.0828 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/24 22:14:16.0921 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/24 22:14:17.0000 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/24 22:14:17.0156 LHidFilt (f5e165b4e3df145f6e8bf3c0573f94d8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2010/10/24 22:14:17.0250 LMouFilt (b46e39b8ae439d7ce75a923e7f950040) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2010/10/24 22:14:17.0359 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/24 22:14:17.0437 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/24 22:14:17.0515 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/24 22:14:17.0562 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/24 22:14:17.0609 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/24 22:14:17.0703 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/10/24 22:14:17.0796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/24 22:14:17.0890 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/24 22:14:17.0968 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/24 22:14:18.0046 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/24 22:14:18.0125 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/24 22:14:18.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/24 22:14:18.0234 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/24 22:14:18.0281 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/24 22:14:18.0359 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/24 22:14:18.0421 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/24 22:14:18.0500 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/24 22:14:18.0562 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/24 22:14:18.0609 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/24 22:14:18.0671 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/24 22:14:18.0703 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/24 22:14:18.0750 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/24 22:14:18.0781 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/24 22:14:18.0843 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/24 22:14:18.0937 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/24 22:14:19.0015 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/24 22:14:19.0140 NTPrime (53df21bd99c9fe4c2d33588039a09032) C:\WINDOWS\system32\drivers\NTPrime.sys
2010/10/24 22:14:19.0218 NTSIM (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\system32\ntsim.sys
2010/10/24 22:14:19.0312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/24 22:14:19.0375 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/24 22:14:19.0437 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/24 22:14:19.0546 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2010/10/24 22:14:19.0593 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/24 22:14:19.0640 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/24 22:14:19.0703 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/24 22:14:19.0890 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/24 22:14:20.0312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/24 22:14:20.0375 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/24 22:14:20.0453 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/24 22:14:20.0515 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/24 22:14:20.0812 QV2KUX (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
2010/10/24 22:14:20.0875 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/24 22:14:20.0953 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/24 22:14:21.0000 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/24 22:14:21.0046 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/24 22:14:21.0093 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/24 22:14:21.0171 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/24 22:14:21.0265 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/24 22:14:21.0343 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/24 22:14:21.0406 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/10/24 22:14:21.0562 se45bus (531ebc57db331c8500c042d9f8a6aef2) C:\WINDOWS\system32\DRIVERS\se45bus.sys
2010/10/24 22:14:21.0593 se45mdfl (148e7e813681d3a0a05f09826080cc2b) C:\WINDOWS\system32\DRIVERS\se45mdfl.sys
2010/10/24 22:14:21.0640 se45mdm (b4ce022564d0d3fd7b0e5459aa12aa72) C:\WINDOWS\system32\DRIVERS\se45mdm.sys
2010/10/24 22:14:21.0687 se45mgmt (6d04ea9c049ebd78d64ade447de3f7eb) C:\WINDOWS\system32\DRIVERS\se45mgmt.sys
2010/10/24 22:14:21.0734 se45nd5 (fdc74beaa13a801fac574bc7af1450c4) C:\WINDOWS\system32\DRIVERS\se45nd5.sys
2010/10/24 22:14:21.0781 se45obex (5e003693822460d37516d9a262de9e11) C:\WINDOWS\system32\DRIVERS\se45obex.sys
2010/10/24 22:14:21.0828 se45unic (fc7021adb632200da591a55a35a78acc) C:\WINDOWS\system32\DRIVERS\se45unic.sys
2010/10/24 22:14:21.0890 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/24 22:14:21.0984 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/24 22:14:22.0062 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2010/10/24 22:14:22.0109 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/10/24 22:14:22.0234 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/24 22:14:22.0328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/24 22:14:22.0453 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2010/10/24 22:14:22.0453 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/10/24 22:14:22.0468 sptd - detected Locked file (1)
2010/10/24 22:14:22.0500 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/24 22:14:22.0609 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/24 22:14:22.0703 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/24 22:14:22.0750 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/24 22:14:22.0796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/24 22:14:23.0046 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/10/24 22:14:23.0125 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/24 22:14:23.0250 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/24 22:14:23.0312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/24 22:14:23.0375 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/24 22:14:23.0421 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/24 22:14:23.0609 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2010/10/24 22:14:23.0687 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/24 22:14:23.0812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/24 22:14:23.0906 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/24 22:14:23.0984 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/24 22:14:24.0062 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/24 22:14:24.0140 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/24 22:14:24.0203 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/24 22:14:24.0250 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/24 22:14:24.0281 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/24 22:14:24.0343 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/24 22:14:24.0421 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys
2010/10/24 22:14:24.0468 VcommMgr (630bbdbf5490f8f57abe650da63661a0) C:\WINDOWS\system32\Drivers\VcommMgr.sys
2010/10/24 22:14:24.0515 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/24 22:14:24.0609 viagfx (b83673bc21cc68455603e68110a63029) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2010/10/24 22:14:24.0671 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/24 22:14:24.0734 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/24 22:14:24.0859 W33ND (b79ca5b48ed09ac2ee8592ca30f3d6d8) C:\WINDOWS\system32\DRIVERS\W33ND.SYS
2010/10/24 22:14:24.0921 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/24 22:14:25.0078 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/10/24 22:14:25.0171 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/24 22:14:25.0421 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/24 22:14:25.0500 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/24 22:14:25.0546 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/24 22:14:25.0890 ================================================================================
2010/10/24 22:14:25.0890 Scan finished
2010/10/24 22:14:25.0890 ================================================================================
2010/10/24 22:14:25.0921 Detected object count: 1
2010/10/24 22:14:56.0625 Locked file(sptd) - User select action: Skip

#10 Das ist ok so - das ist von Daemon Tools. Nun noch RootRepeal.

#11 hier das Log von rootrepeal

Zitat

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/10/24 22:20
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3A0A000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BEE000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP8034
Image Path: \Driver\PCI_PNP8034
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEEE9A000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spkc.sys
Image Path: spkc.sys
Address: 0xF7549000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "spkc.sys" at address 0xf754a0e0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spkc.sys" at address 0xf7568ca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spkc.sys" at address 0xf7569030

#: 119 Function Name: NtOpenKey
Status: Hooked by "spkc.sys" at address 0xf754a0c0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spkc.sys" at address 0xf7569108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spkc.sys" at address 0xf7568f88

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spkc.sys" at address 0xf756919a

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x84f741f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x84973500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x84973500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x84973500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x84973500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x84973500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x84973500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x84973500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x84973500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84973500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x84973500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x84973500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x84973500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x84973500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84973500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84973500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x84973500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x84973500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x84973500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x84e351f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x84e351f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84e351f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84e351f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x84e351f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84e351f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x84e351f8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_CREATE]
Process: System Address: 0x84c6a3a8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_CLOSE]
Process: System Address: 0x84c6a3a8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84c6a3a8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84c6a3a8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_POWER]
Process: System Address: 0x84c6a3a8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84c6a3a8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_PNP]
Process: System Address: 0x84c6a3a8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x84c7c500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x84c7c500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x84c7c500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x84c7c500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84c7c500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84c7c500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84c7c500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84c7c500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x84c7c500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84c7c500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x84c7c500 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x84f771f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x84f771f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x84f771f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84f771f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84f771f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84f771f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84f771f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x84f771f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x84f771f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84f771f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x84f771f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x84a4a500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x84a4a500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84a4a500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84a4a500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x84a4a500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x84a4a500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x84e341f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x84e341f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84e341f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84e341f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x84e341f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84e341f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x84e341f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x849fa500 Size: 121

Object: Hidden Code [Driver: CdfsЅఄ䵃
�뽒, IRP_MJ_CREATE]
Process: System Address: 0x8498f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఄ䵃
�뽒, IRP_MJ_CLOSE]
Process: System Address: 0x8498f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఄ䵃
�뽒, IRP_MJ_READ]
Process: System Address: 0x8498f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఄ䵃
�뽒, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8498f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఄ䵃
�뽒, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8498f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఄ䵃
�뽒, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8498f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఄ䵃
�뽒, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8498f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఄ䵃
�뽒, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8498f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఄ䵃
�뽒, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8498f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఄ䵃
�뽒, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8498f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఄ䵃
�뽒, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8498f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఄ䵃
�뽒, IRP_MJ_CLEANUP]
Process: System Address: 0x8498f1f8 Size: 121

Object: Hidden Code [Driver: CdfsЅఄ䵃
�뽒, IRP_MJ_PNP]
Process: System Address: 0x8498f1f8 Size: 121

==EOF==

#12 Ok,

arbeite bitte diese Anleitung ab und poste das Log:
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird

#13 so, hier das Log von Combofix.

es zeigte an, dass sohl antivir als auch security essentials von Microsoft aktiv sind. Dies kann nicht sein, da ich Antivir bereits vor Jahren deinstalliert habe.
Außerdem sagte CF, dass der PC keine Wiederherstellungskonsole hat, was auch nicht stimmt.

Wahrscheinlich ist das aber gar nicht so wichtig.

Zitat

ComboFix 10-10-23.02 - Anke Heyden 24.10.2010 22:53:18.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.447.105 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Anke Heyden\Desktop\ComboFix.exe
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804E5358-FFA4-00DB-0D24-347CA8A3377C}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((( Dateien erstellt von 2010-09-24 bis 2010-10-24 ))))))))))))))))))))))))))))))
.

2010-10-24 20:05 . 2010-10-24 20:05 -------- d-----w- C:\_OTL
2010-10-24 18:58 . 2010-10-24 18:58 -------- d-----w- c:\dokumente und einstellungen\Anke Heyden\Anwendungsdaten\Malwarebytes
2010-10-24 18:58 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-24 18:58 . 2010-10-24 18:58 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-10-24 18:58 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-24 18:58 . 2010-10-24 18:58 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-10-24 13:05 . 2010-10-07 23:21 6146896 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{21C1D35E-8BEE-4ABD-A176-888FD759AE57}\mpengine.dll
2010-10-23 16:30 . 2010-10-23 16:30 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GoldWave
2010-10-23 16:25 . 2010-10-23 16:25 -------- d-----w- c:\programme\GoldWave
2010-10-14 20:21 . 2010-09-18 06:52 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 20:21 . 2010-08-23 16:11 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-06 16:24 . 2010-10-19 06:38 -------- d-----w- c:\programme\XMind

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2010-09-21 14:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2010-09-22 06:11 6146896 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-18 10:22 . 2005-07-04 23:01 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:52 . 2005-07-04 23:01 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:52 . 2005-07-04 23:01 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:52 . 2005-07-04 23:01 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:32 . 2005-07-04 23:02 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:32 . 2005-07-04 23:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:32 . 2005-07-04 23:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:32 . 2005-07-04 23:01 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2005-07-04 23:01 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:50 . 2005-07-04 23:01 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2005-07-04 23:02 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:01 . 2005-07-04 23:02 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2005-07-04 23:02 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2005-07-04 23:02 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:11 . 2005-07-04 23:01 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-07-04 23:02 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2005-07-04 23:02 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\dokumente und einstellungen\Anke Heyden\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\dokumente und einstellungen\Anke Heyden\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\dokumente und einstellungen\Anke Heyden\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 77824]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"IJNetworkScanUtility"="c:\programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"EvtMgr6"="c:\programme\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"OSD"="c:\programme\OSD\OSD.EXE" [2005-01-24 180224]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2005-05-27 310272]
"MSSE"="c:\programme\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

c:\dokumente und einstellungen\Anke Heyden\Startmen�\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\Anke Heyden\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Anke Heyden^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\dokumente und einstellungen\Anke Heyden\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:22 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\programme\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22 1695232 ----a-w- c:\programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2006-11-23 23:06 487424 ----a-r- c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Dokumente und Einstellungen\\Anke Heyden\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Programme\\Trillian\\trillian.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Dokumente und Einstellungen\\Anke Heyden\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\Microsoft Office10\\Office14\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office10\\Office14\\ONENOTE.EXE"=
"c:\\Programme\\Microsoft Office10\\Office14\\OUTLOOK.EXE"=

R2 AWISp50;AWISp50 NDIS Protocol Driver;c:\windows\system32\drivers\AWISp50.sys [11.11.2008 20:26 17664]
R2 NTPrime;NTPrime;c:\windows\system32\drivers\NTPrime.sys [14.10.2005 21:05 4608]
R3 W33ND;W89C33 mPCI 802.11 Wireless LAN Adapter Driver;c:\windows\system32\drivers\W33ND.SYS [21.01.2004 07:56 124160]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programme\Microsoft Office10\Office14\GROOVE.EXE [25.03.2010 10:25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 21:37 4640000]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.03.2010 14:11 717296]
.
Inhalt des "geplante Tasks" Ordners

2010-10-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 19:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: An OneNote s&enden - c:\progra~1\MI8FAC~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MI8FAC~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\dokumente und einstellungen\Anke Heyden\Anwendungsdaten\Mozilla\Firefox\Profiles\x77j6xjw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - component: c:\dokumente und einstellungen\Anke Heyden\Anwendungsdaten\Mozilla\Firefox\Profiles\x77j6xjw.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\progra~1\MI8FAC~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MI8FAC~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-QuickTime Task - c:\programme\QuickTime\qttask.exe
MSConfigStartUp-updateMgr - c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-MediaManager - c:\dokumente und einstellungen\Anke Heyden\Eigene Dateien\Anke\Referendariat\Dollinger Realschule\MediaManager-LMZ\MediaManager deinstallieren.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-24 23:04
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'explorer.exe'(2536)
c:\dokumente und einstellungen\Anke Heyden\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
c:\progra~1\GEMEIN~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MI8FAC~1\Office14\1031\GrooveIntlResource.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Microsoft Security Essentials\MsMpEng.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\windows\SOUNDMAN.EXE
c:\programme\Gemeinsame Dateien\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\system32\logon.scr
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-24 23:10:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-10-24 21:10

Vor Suchlauf: 7 Verzeichnis(se), 17.533.415.424 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 17.408.380.928 Bytes frei

- - End Of File - - CBE6B7725F1EDDA2F4989FE44F2C06D6

#14 Jo, kann schon mal vorkommen. Kommen wir zum Abschluß

1. Panda ActiveScan2.0
http://www.pandasecurity.com/homeusers/solutions/activescan/

Klicke auf Scan your PC now
Wähle Schneller Scan, klicke auf Jetzt scannen und folge den Anweisungen.
Am Ende des Scans wird eine Ergebnisseite angezeigt, oben rechts kann man die Ergebnisse in eine Textdatei speichern (Export In: ). Den Inhalt der Datei bitte posten.

2. Mache bitte einen Vollscan mit Deinem AV-Programm. Wird dann wohl Microsoft Security Essentials sein.

3. Kontrollscan mit OTL: Starte bitte OTL, klicke auf Quick Scan und poste die OTL.txt (Extras.txt wird diesmal nicht benötigt).

4. Wie geht es dem Rechner?

#15 bei Panda konnte ich oben rechts nichts speichern.

Die einzigen Ergebnisse, die ich fand warend diese:

Zitat

Zusammenfassung Ihres letzten Scans:
25.10.2010 23:19:41
Ergebnisse: Keine Viren/keine Spyware erkannt.
Verdächtige Elemente: Keine verdächtigen Dateien erkannt.
Schwachstellen: Keine Schwachstellen erkannt.