Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TDDS installiert sich nach deinstallation und reboot wieder neu

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.05.2010, 18:46   #1
SonRevan
 
TDDS installiert sich nach deinstallation und reboot wieder neu - Standard

TDDS installiert sich nach deinstallation und reboot wieder neu



Hallo zusammen,

ich habe das Problem das mein Norton ständig die svchost und meine firefox.exe anmeckert
"Https Tidserv Request" oder auch "Https Tidserv Request 2"
Diese Aktionen werden allesamt geblockt.

Folgendes habe ich schon ausprobiert:
- Den CCleaner benutzt wie hier im Forum beschrieben.
- Malwarebytes-Anti-Malware im Quick und Ausführlichen Modus benutzt und alles was gefunden wurde gelöscht
Hier mein Log hierzu (Full Scan):
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4074

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

07.05.2010 15:12:07
mbam-log-2010-05-07 (15-12-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 266903
Laufzeit: 1 Stunde(n), 7 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
- den TDSSKiller.exe ausgeführt, der zwar etwas findet, aber nach dem Neustart das Problem leider bestehen bleibt.
Hier das Logfile:
Code:
ATTFilter
15:41:22:609 2992	TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
15:41:22:609 2992	================================================================================
15:41:22:609 2992	SystemInfo:

15:41:22:609 2992	OS Version: 5.1.2600 ServicePack: 3.0
15:41:22:609 2992	Product type: Workstation
15:41:22:609 2992	ComputerName: ***
15:41:22:609 2992	UserName: ***
15:41:22:609 2992	Windows directory: C:\WINDOWS
15:41:22:609 2992	Processor architecture: Intel x86
15:41:22:609 2992	Number of processors: 2
15:41:22:609 2992	Page size: 0x1000
15:41:22:609 2992	Boot type: Normal boot
15:41:22:609 2992	================================================================================
15:41:22:609 2992	UnloadDriverW: NtUnloadDriver error 2
15:41:22:609 2992	ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
15:41:23:343 2992	wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
15:41:23:343 2992	wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:41:23:343 2992	wfopen_ex: Trying to KLMD file open
15:41:23:343 2992	wfopen_ex: File opened ok (Flags 2)
15:41:23:343 2992	wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
15:41:23:343 2992	wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:41:23:343 2992	wfopen_ex: Trying to KLMD file open
15:41:23:343 2992	wfopen_ex: File opened ok (Flags 2)
15:41:23:343 2992	Initialize success
15:41:23:343 2992	
15:41:23:343 2992	Scanning	Services ...
15:41:24:171 2992	Raw services enum returned 397 services
15:41:24:187 2992	
15:41:24:187 2992	Scanning	Kernel memory ...
15:41:24:187 2992	Devices to scan: 10
15:41:24:187 2992	
15:41:24:187 2992	Driver Name: Disk
15:41:24:187 2992	IRP_MJ_CREATE                      : B810EBB0
15:41:24:187 2992	IRP_MJ_CREATE_NAMED_PIPE           : 804F4562
15:41:24:187 2992	IRP_MJ_CLOSE                       : B810EBB0
15:41:24:187 2992	IRP_MJ_READ                        : B8108D1F
15:41:24:187 2992	IRP_MJ_WRITE                       : B8108D1F
15:41:24:187 2992	IRP_MJ_QUERY_INFORMATION           : 804F4562
15:41:24:187 2992	IRP_MJ_SET_INFORMATION             : 804F4562
15:41:24:187 2992	IRP_MJ_QUERY_EA                    : 804F4562
15:41:24:187 2992	IRP_MJ_SET_EA                      : 804F4562
15:41:24:187 2992	IRP_MJ_FLUSH_BUFFERS               : B81092E2
15:41:24:187 2992	IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
15:41:24:187 2992	IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
15:41:24:187 2992	IRP_MJ_DIRECTORY_CONTROL           : 804F4562
15:41:24:187 2992	IRP_MJ_FILE_SYSTEM_CONTROL         : 804F4562
15:41:24:187 2992	IRP_MJ_DEVICE_CONTROL              : B81093BB
15:41:24:187 2992	IRP_MJ_INTERNAL_DEVICE_CONTROL     : B810CF28
15:41:24:187 2992	IRP_MJ_SHUTDOWN                    : B81092E2
15:41:24:187 2992	IRP_MJ_LOCK_CONTROL                : 804F4562
15:41:24:187 2992	IRP_MJ_CLEANUP                     : 804F4562
15:41:24:187 2992	IRP_MJ_CREATE_MAILSLOT             : 804F4562
15:41:24:187 2992	IRP_MJ_QUERY_SECURITY              : 804F4562
15:41:24:187 2992	IRP_MJ_SET_SECURITY                : 804F4562
15:41:24:187 2992	IRP_MJ_POWER                       : B810AC82
15:41:24:187 2992	IRP_MJ_SYSTEM_CONTROL              : B810F99E
15:41:24:187 2992	IRP_MJ_DEVICE_CHANGE               : 804F4562
15:41:24:187 2992	IRP_MJ_QUERY_QUOTA                 : 804F4562
15:41:24:187 2992	IRP_MJ_SET_QUOTA                   : 804F4562
15:41:24:203 2992	C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:203 2992	
15:41:24:203 2992	Driver Name: Disk
15:41:24:203 2992	IRP_MJ_CREATE                      : B810EBB0
15:41:24:203 2992	IRP_MJ_CREATE_NAMED_PIPE           : 804F4562
15:41:24:203 2992	IRP_MJ_CLOSE                       : B810EBB0
15:41:24:203 2992	IRP_MJ_READ                        : B8108D1F
15:41:24:203 2992	IRP_MJ_WRITE                       : B8108D1F
15:41:24:203 2992	IRP_MJ_QUERY_INFORMATION           : 804F4562
15:41:24:203 2992	IRP_MJ_SET_INFORMATION             : 804F4562
15:41:24:203 2992	IRP_MJ_QUERY_EA                    : 804F4562
15:41:24:203 2992	IRP_MJ_SET_EA                      : 804F4562
15:41:24:203 2992	IRP_MJ_FLUSH_BUFFERS               : B81092E2
15:41:24:203 2992	IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
15:41:24:203 2992	IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
15:41:24:203 2992	IRP_MJ_DIRECTORY_CONTROL           : 804F4562
15:41:24:203 2992	IRP_MJ_FILE_SYSTEM_CONTROL         : 804F4562
15:41:24:203 2992	IRP_MJ_DEVICE_CONTROL              : B81093BB
15:41:24:203 2992	IRP_MJ_INTERNAL_DEVICE_CONTROL     : B810CF28
15:41:24:203 2992	IRP_MJ_SHUTDOWN                    : B81092E2
15:41:24:203 2992	IRP_MJ_LOCK_CONTROL                : 804F4562
15:41:24:203 2992	IRP_MJ_CLEANUP                     : 804F4562
15:41:24:203 2992	IRP_MJ_CREATE_MAILSLOT             : 804F4562
15:41:24:203 2992	IRP_MJ_QUERY_SECURITY              : 804F4562
15:41:24:203 2992	IRP_MJ_SET_SECURITY                : 804F4562
15:41:24:203 2992	IRP_MJ_POWER                       : B810AC82
15:41:24:203 2992	IRP_MJ_SYSTEM_CONTROL              : B810F99E
15:41:24:203 2992	IRP_MJ_DEVICE_CHANGE               : 804F4562
15:41:24:203 2992	IRP_MJ_QUERY_QUOTA                 : 804F4562
15:41:24:203 2992	IRP_MJ_SET_QUOTA                   : 804F4562
15:41:24:218 2992	C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:218 2992	
15:41:24:218 2992	Driver Name: Disk
15:41:24:218 2992	IRP_MJ_CREATE                      : B810EBB0
15:41:24:218 2992	IRP_MJ_CREATE_NAMED_PIPE           : 804F4562
15:41:24:218 2992	IRP_MJ_CLOSE                       : B810EBB0
15:41:24:218 2992	IRP_MJ_READ                        : B8108D1F
15:41:24:218 2992	IRP_MJ_WRITE                       : B8108D1F
15:41:24:218 2992	IRP_MJ_QUERY_INFORMATION           : 804F4562
15:41:24:218 2992	IRP_MJ_SET_INFORMATION             : 804F4562
15:41:24:218 2992	IRP_MJ_QUERY_EA                    : 804F4562
15:41:24:218 2992	IRP_MJ_SET_EA                      : 804F4562
15:41:24:218 2992	IRP_MJ_FLUSH_BUFFERS               : B81092E2
15:41:24:218 2992	IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
15:41:24:218 2992	IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
15:41:24:218 2992	IRP_MJ_DIRECTORY_CONTROL           : 804F4562
15:41:24:218 2992	IRP_MJ_FILE_SYSTEM_CONTROL         : 804F4562
15:41:24:218 2992	IRP_MJ_DEVICE_CONTROL              : B81093BB
15:41:24:218 2992	IRP_MJ_INTERNAL_DEVICE_CONTROL     : B810CF28
15:41:24:218 2992	IRP_MJ_SHUTDOWN                    : B81092E2
15:41:24:218 2992	IRP_MJ_LOCK_CONTROL                : 804F4562
15:41:24:218 2992	IRP_MJ_CLEANUP                     : 804F4562
15:41:24:218 2992	IRP_MJ_CREATE_MAILSLOT             : 804F4562
15:41:24:218 2992	IRP_MJ_QUERY_SECURITY              : 804F4562
15:41:24:218 2992	IRP_MJ_SET_SECURITY                : 804F4562
15:41:24:218 2992	IRP_MJ_POWER                       : B810AC82
15:41:24:218 2992	IRP_MJ_SYSTEM_CONTROL              : B810F99E
15:41:24:218 2992	IRP_MJ_DEVICE_CHANGE               : 804F4562
15:41:24:218 2992	IRP_MJ_QUERY_QUOTA                 : 804F4562
15:41:24:218 2992	IRP_MJ_SET_QUOTA                   : 804F4562
15:41:24:218 2992	C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:218 2992	
15:41:24:218 2992	Driver Name: Disk
15:41:24:218 2992	IRP_MJ_CREATE                      : B810EBB0
15:41:24:218 2992	IRP_MJ_CREATE_NAMED_PIPE           : 804F4562
15:41:24:218 2992	IRP_MJ_CLOSE                       : B810EBB0
15:41:24:218 2992	IRP_MJ_READ                        : B8108D1F
15:41:24:218 2992	IRP_MJ_WRITE                       : B8108D1F
15:41:24:218 2992	IRP_MJ_QUERY_INFORMATION           : 804F4562
15:41:24:218 2992	IRP_MJ_SET_INFORMATION             : 804F4562
15:41:24:218 2992	IRP_MJ_QUERY_EA                    : 804F4562
15:41:24:218 2992	IRP_MJ_SET_EA                      : 804F4562
15:41:24:218 2992	IRP_MJ_FLUSH_BUFFERS               : B81092E2
15:41:24:218 2992	IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
15:41:24:218 2992	IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
15:41:24:218 2992	IRP_MJ_DIRECTORY_CONTROL           : 804F4562
15:41:24:218 2992	IRP_MJ_FILE_SYSTEM_CONTROL         : 804F4562
15:41:24:218 2992	IRP_MJ_DEVICE_CONTROL              : B81093BB
15:41:24:218 2992	IRP_MJ_INTERNAL_DEVICE_CONTROL     : B810CF28
15:41:24:218 2992	IRP_MJ_SHUTDOWN                    : B81092E2
15:41:24:218 2992	IRP_MJ_LOCK_CONTROL                : 804F4562
15:41:24:218 2992	IRP_MJ_CLEANUP                     : 804F4562
15:41:24:218 2992	IRP_MJ_CREATE_MAILSLOT             : 804F4562
15:41:24:218 2992	IRP_MJ_QUERY_SECURITY              : 804F4562
15:41:24:218 2992	IRP_MJ_SET_SECURITY                : 804F4562
15:41:24:218 2992	IRP_MJ_POWER                       : B810AC82
15:41:24:218 2992	IRP_MJ_SYSTEM_CONTROL              : B810F99E
15:41:24:218 2992	IRP_MJ_DEVICE_CHANGE               : 804F4562
15:41:24:218 2992	IRP_MJ_QUERY_QUOTA                 : 804F4562
15:41:24:218 2992	IRP_MJ_SET_QUOTA                   : 804F4562
15:41:24:218 2992	C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:218 2992	
15:41:24:218 2992	Driver Name: Disk
15:41:24:218 2992	IRP_MJ_CREATE                      : B810EBB0
15:41:24:218 2992	IRP_MJ_CREATE_NAMED_PIPE           : 804F4562
15:41:24:218 2992	IRP_MJ_CLOSE                       : B810EBB0
15:41:24:218 2992	IRP_MJ_READ                        : B8108D1F
15:41:24:218 2992	IRP_MJ_WRITE                       : B8108D1F
15:41:24:218 2992	IRP_MJ_QUERY_INFORMATION           : 804F4562
15:41:24:218 2992	IRP_MJ_SET_INFORMATION             : 804F4562
15:41:24:218 2992	IRP_MJ_QUERY_EA                    : 804F4562
15:41:24:218 2992	IRP_MJ_SET_EA                      : 804F4562
15:41:24:218 2992	IRP_MJ_FLUSH_BUFFERS               : B81092E2
15:41:24:218 2992	IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
15:41:24:218 2992	IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
15:41:24:218 2992	IRP_MJ_DIRECTORY_CONTROL           : 804F4562
15:41:24:218 2992	IRP_MJ_FILE_SYSTEM_CONTROL         : 804F4562
15:41:24:218 2992	IRP_MJ_DEVICE_CONTROL              : B81093BB
15:41:24:218 2992	IRP_MJ_INTERNAL_DEVICE_CONTROL     : B810CF28
15:41:24:218 2992	IRP_MJ_SHUTDOWN                    : B81092E2
15:41:24:218 2992	IRP_MJ_LOCK_CONTROL                : 804F4562
15:41:24:218 2992	IRP_MJ_CLEANUP                     : 804F4562
15:41:24:218 2992	IRP_MJ_CREATE_MAILSLOT             : 804F4562
15:41:24:218 2992	IRP_MJ_QUERY_SECURITY              : 804F4562
15:41:24:218 2992	IRP_MJ_SET_SECURITY                : 804F4562
15:41:24:218 2992	IRP_MJ_POWER                       : B810AC82
15:41:24:218 2992	IRP_MJ_SYSTEM_CONTROL              : B810F99E
15:41:24:218 2992	IRP_MJ_DEVICE_CHANGE               : 804F4562
15:41:24:218 2992	IRP_MJ_QUERY_QUOTA                 : 804F4562
15:41:24:218 2992	IRP_MJ_SET_QUOTA                   : 804F4562
15:41:24:234 2992	C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:234 2992	
15:41:24:234 2992	Driver Name: Disk
15:41:24:234 2992	IRP_MJ_CREATE                      : B810EBB0
15:41:24:234 2992	IRP_MJ_CREATE_NAMED_PIPE           : 804F4562
15:41:24:234 2992	IRP_MJ_CLOSE                       : B810EBB0
15:41:24:234 2992	IRP_MJ_READ                        : B8108D1F
15:41:24:234 2992	IRP_MJ_WRITE                       : B8108D1F
15:41:24:234 2992	IRP_MJ_QUERY_INFORMATION           : 804F4562
15:41:24:234 2992	IRP_MJ_SET_INFORMATION             : 804F4562
15:41:24:234 2992	IRP_MJ_QUERY_EA                    : 804F4562
15:41:24:234 2992	IRP_MJ_SET_EA                      : 804F4562
15:41:24:234 2992	IRP_MJ_FLUSH_BUFFERS               : B81092E2
15:41:24:234 2992	IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
15:41:24:234 2992	IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
15:41:24:234 2992	IRP_MJ_DIRECTORY_CONTROL           : 804F4562
15:41:24:234 2992	IRP_MJ_FILE_SYSTEM_CONTROL         : 804F4562
15:41:24:234 2992	IRP_MJ_DEVICE_CONTROL              : B81093BB
15:41:24:234 2992	IRP_MJ_INTERNAL_DEVICE_CONTROL     : B810CF28
15:41:24:234 2992	IRP_MJ_SHUTDOWN                    : B81092E2
15:41:24:234 2992	IRP_MJ_LOCK_CONTROL                : 804F4562
15:41:24:234 2992	IRP_MJ_CLEANUP                     : 804F4562
15:41:24:234 2992	IRP_MJ_CREATE_MAILSLOT             : 804F4562
15:41:24:234 2992	IRP_MJ_QUERY_SECURITY              : 804F4562
15:41:24:234 2992	IRP_MJ_SET_SECURITY                : 804F4562
15:41:24:234 2992	IRP_MJ_POWER                       : B810AC82
15:41:24:234 2992	IRP_MJ_SYSTEM_CONTROL              : B810F99E
15:41:24:234 2992	IRP_MJ_DEVICE_CHANGE               : 804F4562
15:41:24:234 2992	IRP_MJ_QUERY_QUOTA                 : 804F4562
15:41:24:234 2992	IRP_MJ_SET_QUOTA                   : 804F4562
15:41:24:234 2992	C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:234 2992	
15:41:24:234 2992	Driver Name: Disk
15:41:24:234 2992	IRP_MJ_CREATE                      : B810EBB0
15:41:24:234 2992	IRP_MJ_CREATE_NAMED_PIPE           : 804F4562
15:41:24:234 2992	IRP_MJ_CLOSE                       : B810EBB0
15:41:24:234 2992	IRP_MJ_READ                        : B8108D1F
15:41:24:234 2992	IRP_MJ_WRITE                       : B8108D1F
15:41:24:234 2992	IRP_MJ_QUERY_INFORMATION           : 804F4562
15:41:24:234 2992	IRP_MJ_SET_INFORMATION             : 804F4562
15:41:24:234 2992	IRP_MJ_QUERY_EA                    : 804F4562
15:41:24:234 2992	IRP_MJ_SET_EA                      : 804F4562
15:41:24:234 2992	IRP_MJ_FLUSH_BUFFERS               : B81092E2
15:41:24:234 2992	IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
15:41:24:234 2992	IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
15:41:24:234 2992	IRP_MJ_DIRECTORY_CONTROL           : 804F4562
15:41:24:234 2992	IRP_MJ_FILE_SYSTEM_CONTROL         : 804F4562
15:41:24:234 2992	IRP_MJ_DEVICE_CONTROL              : B81093BB
15:41:24:234 2992	IRP_MJ_INTERNAL_DEVICE_CONTROL     : B810CF28
15:41:24:234 2992	IRP_MJ_SHUTDOWN                    : B81092E2
15:41:24:234 2992	IRP_MJ_LOCK_CONTROL                : 804F4562
15:41:24:234 2992	IRP_MJ_CLEANUP                     : 804F4562
15:41:24:234 2992	IRP_MJ_CREATE_MAILSLOT             : 804F4562
15:41:24:234 2992	IRP_MJ_QUERY_SECURITY              : 804F4562
15:41:24:234 2992	IRP_MJ_SET_SECURITY                : 804F4562
15:41:24:234 2992	IRP_MJ_POWER                       : B810AC82
15:41:24:234 2992	IRP_MJ_SYSTEM_CONTROL              : B810F99E
15:41:24:234 2992	IRP_MJ_DEVICE_CHANGE               : 804F4562
15:41:24:234 2992	IRP_MJ_QUERY_QUOTA                 : 804F4562
15:41:24:234 2992	IRP_MJ_SET_QUOTA                   : 804F4562
15:41:24:250 2992	C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:250 2992	
15:41:24:250 2992	Driver Name: Disk
15:41:24:250 2992	IRP_MJ_CREATE                      : B810EBB0
15:41:24:250 2992	IRP_MJ_CREATE_NAMED_PIPE           : 804F4562
15:41:24:250 2992	IRP_MJ_CLOSE                       : B810EBB0
15:41:24:250 2992	IRP_MJ_READ                        : B8108D1F
15:41:24:250 2992	IRP_MJ_WRITE                       : B8108D1F
15:41:24:250 2992	IRP_MJ_QUERY_INFORMATION           : 804F4562
15:41:24:250 2992	IRP_MJ_SET_INFORMATION             : 804F4562
15:41:24:250 2992	IRP_MJ_QUERY_EA                    : 804F4562
15:41:24:250 2992	IRP_MJ_SET_EA                      : 804F4562
15:41:24:250 2992	IRP_MJ_FLUSH_BUFFERS               : B81092E2
15:41:24:250 2992	IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
15:41:24:250 2992	IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
15:41:24:250 2992	IRP_MJ_DIRECTORY_CONTROL           : 804F4562
15:41:24:250 2992	IRP_MJ_FILE_SYSTEM_CONTROL         : 804F4562
15:41:24:250 2992	IRP_MJ_DEVICE_CONTROL              : B81093BB
15:41:24:250 2992	IRP_MJ_INTERNAL_DEVICE_CONTROL     : B810CF28
15:41:24:250 2992	IRP_MJ_SHUTDOWN                    : B81092E2
15:41:24:250 2992	IRP_MJ_LOCK_CONTROL                : 804F4562
15:41:24:250 2992	IRP_MJ_CLEANUP                     : 804F4562
15:41:24:250 2992	IRP_MJ_CREATE_MAILSLOT             : 804F4562
15:41:24:250 2992	IRP_MJ_QUERY_SECURITY              : 804F4562
15:41:24:250 2992	IRP_MJ_SET_SECURITY                : 804F4562
15:41:24:250 2992	IRP_MJ_POWER                       : B810AC82
15:41:24:250 2992	IRP_MJ_SYSTEM_CONTROL              : B810F99E
15:41:24:250 2992	IRP_MJ_DEVICE_CHANGE               : 804F4562
15:41:24:250 2992	IRP_MJ_QUERY_QUOTA                 : 804F4562
15:41:24:250 2992	IRP_MJ_SET_QUOTA                   : 804F4562
15:41:24:250 2992	C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
15:41:24:250 2992	
15:41:24:250 2992	Driver Name: atapi
15:41:24:250 2992	IRP_MJ_CREATE                      : B7F146F2
15:41:24:250 2992	IRP_MJ_CREATE_NAMED_PIPE           : 804F4562
15:41:24:250 2992	IRP_MJ_CLOSE                       : B7F146F2
15:41:24:250 2992	IRP_MJ_READ                        : 804F4562
15:41:24:250 2992	IRP_MJ_WRITE                       : 804F4562
15:41:24:250 2992	IRP_MJ_QUERY_INFORMATION           : 804F4562
15:41:24:250 2992	IRP_MJ_SET_INFORMATION             : 804F4562
15:41:24:250 2992	IRP_MJ_QUERY_EA                    : 804F4562
15:41:24:250 2992	IRP_MJ_SET_EA                      : 804F4562
15:41:24:250 2992	IRP_MJ_FLUSH_BUFFERS               : 804F4562
15:41:24:250 2992	IRP_MJ_QUERY_VOLUME_INFORMATION    : 804F4562
15:41:24:250 2992	IRP_MJ_SET_VOLUME_INFORMATION      : 804F4562
15:41:24:250 2992	IRP_MJ_DIRECTORY_CONTROL           : 804F4562
15:41:24:250 2992	IRP_MJ_FILE_SYSTEM_CONTROL         : 804F4562
15:41:24:250 2992	IRP_MJ_DEVICE_CONTROL              : B7F14712
15:41:24:250 2992	IRP_MJ_INTERNAL_DEVICE_CONTROL     : B7F10852
15:41:24:250 2992	IRP_MJ_SHUTDOWN                    : 804F4562
15:41:24:250 2992	IRP_MJ_LOCK_CONTROL                : 804F4562
15:41:24:250 2992	IRP_MJ_CLEANUP                     : 804F4562
15:41:24:250 2992	IRP_MJ_CREATE_MAILSLOT             : 804F4562
15:41:24:250 2992	IRP_MJ_QUERY_SECURITY              : 804F4562
15:41:24:250 2992	IRP_MJ_SET_SECURITY                : 804F4562
15:41:24:250 2992	IRP_MJ_POWER                       : B7F1473C
15:41:24:250 2992	IRP_MJ_SYSTEM_CONTROL              : B7F1B336
15:41:24:250 2992	IRP_MJ_DEVICE_CHANGE               : 804F4562
15:41:24:250 2992	IRP_MJ_QUERY_QUOTA                 : 804F4562
15:41:24:250 2992	IRP_MJ_SET_QUOTA                   : 804F4562
15:41:24:265 2992	C:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1
15:41:24:265 2992	
15:41:24:265 2992	Driver Name: atapi
15:41:24:265 2992	IRP_MJ_CREATE                      : 8A331EE4
15:41:24:265 2992	IRP_MJ_CREATE_NAMED_PIPE           : 8A331EE4
15:41:24:265 2992	IRP_MJ_CLOSE                       : 8A331EE4
15:41:24:265 2992	IRP_MJ_READ                        : 8A331EE4
15:41:24:265 2992	IRP_MJ_WRITE                       : 8A331EE4
15:41:24:265 2992	IRP_MJ_QUERY_INFORMATION           : 8A331EE4
15:41:24:265 2992	IRP_MJ_SET_INFORMATION             : 8A331EE4
15:41:24:265 2992	IRP_MJ_QUERY_EA                    : 8A331EE4
15:41:24:265 2992	IRP_MJ_SET_EA                      : 8A331EE4
15:41:24:265 2992	IRP_MJ_FLUSH_BUFFERS               : 8A331EE4
15:41:24:265 2992	IRP_MJ_QUERY_VOLUME_INFORMATION    : 8A331EE4
15:41:24:265 2992	IRP_MJ_SET_VOLUME_INFORMATION      : 8A331EE4
15:41:24:265 2992	IRP_MJ_DIRECTORY_CONTROL           : 8A331EE4
15:41:24:265 2992	IRP_MJ_FILE_SYSTEM_CONTROL         : 8A331EE4
15:41:24:265 2992	IRP_MJ_DEVICE_CONTROL              : 8A331EE4
15:41:24:265 2992	IRP_MJ_INTERNAL_DEVICE_CONTROL     : 8A331EE4
15:41:24:265 2992	IRP_MJ_SHUTDOWN                    : 8A331EE4
15:41:24:265 2992	IRP_MJ_LOCK_CONTROL                : 8A331EE4
15:41:24:265 2992	IRP_MJ_CLEANUP                     : 8A331EE4
15:41:24:265 2992	IRP_MJ_CREATE_MAILSLOT             : 8A331EE4
15:41:24:265 2992	IRP_MJ_QUERY_SECURITY              : 8A331EE4
15:41:24:265 2992	IRP_MJ_SET_SECURITY                : 8A331EE4
15:41:24:265 2992	IRP_MJ_POWER                       : 8A331EE4
15:41:24:265 2992	IRP_MJ_SYSTEM_CONTROL              : 8A331EE4
15:41:24:265 2992	IRP_MJ_DEVICE_CHANGE               : 8A331EE4
15:41:24:265 2992	IRP_MJ_QUERY_QUOTA                 : 8A331EE4
15:41:24:265 2992	IRP_MJ_SET_QUOTA                   : 8A331EE4
15:41:24:265 2992	Driver "atapi" infected by TDSS rootkit!
15:41:24:281 2992	C:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1
15:41:24:281 2992	File "C:\WINDOWS\system32\drivers\atapi.sys" infected by TDSS rootkit ... 15:41:24:281 2992	Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
15:41:24:281 2992	ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
15:41:24:375 2992	vfvi6
15:41:24:453 2992	!dsvbh1
15:41:25:687 2992	dsvbh2
15:41:25:687 2992	fdfb2
15:41:25:687 2992	Backup copy found, using it..
15:41:25:781 2992	will be cured on next reboot
15:41:25:781 2992	Reboot required for cure complete..
15:41:25:812 2992	Cure on reboot scheduled successfully
15:41:25:812 2992	
15:41:25:812 2992	Completed
15:41:25:812 2992	
15:41:25:812 2992	Results:
15:41:25:812 2992	Memory objects infected / cured / cured on reboot:	1 / 0 / 0
15:41:25:812 2992	Registry objects infected / cured / cured on reboot:	0 / 0 / 0
15:41:25:812 2992	File objects infected / cured / cured on reboot:	1 / 0 / 1
15:41:25:812 2992	
15:41:25:812 2992	fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
15:41:25:812 2992	fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
15:41:25:812 2992	UnloadDriverW: NtUnloadDriver error 1
15:41:25:812 2992	KLMD(ARK) unloaded successfully
         
- Norman TDSS Cleaner ausgeführt, der anscheinend nichts findet und das System immer wieder neu starten will bis ich abbreche.
Hier das Logfile:
Code:
ATTFilter
Norman TDSS Cleaner
Version 1.9.2
Copyright © 1990 - 2010, Norman ASA. Built 2010/04/27 16:10:07

Norman Scanner Engine Version: 6.04.08
Nvcbin.def Version: 6.04.00, Date: 2010/04/27 16:10:07, Variants: 55720

Scan started: 07/05/2010 15:49:53

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: PC-Name\Benutzer


Running anti-TDSS module:

TDSS/TDL3 Rootkit Detected
Infected driver successfully cured
Reboot required to complete rootkit disinfection


Running post-scan cleanup routine:

Number of files found: 0
Number of archives unpacked: 0
Number of files scanned: 0
Number of files not scanned: 0
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 1m 39s
         
- Norton komplett Systemscan, zeigt keine Ergebnisse
- Spybot SD ausgeführt -> keine Spyware gefunden
- RSIT ausgeführt
Log.txt
Code:
ATTFilter
Logfile of random's system information tool 1.07 (written by random/random)
Run by Benutzer at 2010-05-07 18:25:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 31 GB (61%) free of 51 GB
Total RAM: 2030 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:25:33, on 07.05.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\idt\intelxpv_v103\wdm\STacSV.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Logitech\Easy Synchronization\servicestub.exe
C:\Programme\MagicTune Premium\MagicTuneEngine.exe
C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
C:\Programme\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
d:\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programme\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
D:\iTunes\iTunesHelper.exe
C:\Programme\IDT\WDM\sttray.exe
C:\Programme\Citrix\ICA Client\concentr.exe
D:\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Programme\Citrix\ICA Client\wfcrun32.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\MagicTune Premium\GammaTray.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\MagicTune Premium\MagicTune.exe
C:\Dokumente und Einstellungen\Markus\Desktop\RSIT.exe
C:\Programme\trend micro\Markus.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.heise.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Programme\Gemeinsame Dateien\justDo\Jd2002.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Easy Synchronization] C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Programme\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "d:\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.50\is\PhysX_9.09.0203_SystemSoftware.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.50\is\PhysX_9.09.0203_SystemSoftware.exe" (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Programme\Gemeinsame Dateien\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Programme\Gemeinsame Dateien\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Programme\Gemeinsame Dateien\justDo\IECatcher.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262193160640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262197682203
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ECF2FB7-7C81-4A11-BAE4-FAF9D9E207EA}: NameServer = 212.114.152.1,212.114.153.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programme\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Programme\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Programme\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - d:\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\programme\idt\intelxpv_v103\wdm\STacSV.exe

--
End of file - 10429 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Programme\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL [2009-08-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E}]
SnapFlash Class - C:\Programme\Gemeinsame Dateien\justDo\Jd2002.dll [2002-12-03 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-17 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Share-to-Web Namespace Daemon"=C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2001-07-03 57344]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"Bluetooth Connection Assistant"=LBTWIZ.EXE -silent []
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Easy Synchronization"=C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe [2005-10-05 53248]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=D:\iTunes\iTunesHelper.exe [2009-07-13 292128]
"SysTrayApp"=C:\Programme\IDT\WDM\sttray.exe [2009-03-12 483422]
"ConnectionCenter"=C:\Programme\Citrix\ICA Client\concentr.exe [2009-09-12 103768]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Easy Synchronization"=C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe [2005-10-05 53248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"=d:\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
GammaTray.lnk - C:\Programme\MagicTune Premium\GammaTray.exe
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"=C:\Programme\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 69632]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"=C:\PROGRA~1\Greatis\REGRUN~1\RRShell.dll [2009-04-06 335943]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\DNA\btdna.exe"="C:\Programme\DNA\btdna.exe:*:Enabled:DNA"
"D:\ICQ6.5\ICQ.exe"="D:\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Curse\CurseClient.exe"="D:\Curse\CurseClient.exe:*:Enabled:Curse Client"
"E:\Celetania\Celetania.exe"="E:\Celetania\Celetania.exe:*:Enabled:Celetania"
"D:\Sony Ericsson Media Manager\MediaManager.exe"="D:\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\iTunes\iTunes.exe"="D:\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\appleJuice\gui\AJCoreGUI.exe"="D:\appleJuice\gui\AJCoreGUI.exe:*:Enabled:appleJuice Client (GUI)"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df6cc934-1e2a-11df-bbb6-0019d1463bec}]
shell\AutoRun\command - M:\DPFMate.exe


======List of files/folders created in the last 1 months======

2010-05-07 15:45:51 ----A---- C:\TDSSKiller.2.2.8.1_07.05.2010_15.45.51_log.txt
2010-05-07 15:41:22 ----A---- C:\TDSSKiller.2.2.8.1_07.05.2010_15.41.22_log.txt
2010-05-06 22:14:56 ----A---- C:\TDSSKiller.2.2.8.1_06.05.2010_22.14.56_log.txt
2010-05-06 21:44:08 ----D---- C:\rsit
2010-05-06 21:44:08 ----D---- C:\Programme\trend micro
2010-05-06 20:30:28 ----A---- C:\TDSSKiller.2.2.8.1_06.05.2010_20.30.28_log.txt
2010-05-06 00:17:28 ----D---- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Malwarebytes
2010-05-06 00:17:20 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-05-06 00:17:20 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-05-06 00:09:06 ----D---- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Uniblue
2010-05-06 00:09:00 ----D---- C:\Programme\Uniblue
2010-05-05 23:57:06 ----A---- C:\TDSSKiller.2.2.8.1_05.05.2010_23.57.06_log.txt
2010-05-05 23:46:05 ----A---- C:\TDSSKiller.2.2.8.1_05.05.2010_23.46.05_log.txt
2010-05-05 20:55:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
2010-05-05 20:39:57 ----RASHOT---- C:\WINDOWS\winstart.bat
2010-05-05 20:31:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-05-05 20:31:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-05-05 20:31:13 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-05-05 20:28:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-05-05 20:28:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-05-05 20:28:29 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-05-05 20:28:24 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-05-05 20:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-05-05 20:28:06 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-05-05 20:27:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-05-05 20:27:49 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-05-05 20:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-05-05 20:27:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-05-05 20:27:31 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-05-05 20:27:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-05-05 20:27:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-05-05 20:27:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-05-05 20:26:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-05-05 20:26:49 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-05-05 20:26:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-05-05 20:26:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-05-05 20:26:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-05-05 20:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-05-05 20:25:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-05-05 20:25:46 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-05-05 20:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-05-05 20:25:31 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-05-05 20:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-05-05 20:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-05-05 20:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-05-05 20:25:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-05-05 20:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-05-05 20:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-05-05 20:23:04 ----SHD---- C:\Config.Msi
2010-05-05 20:21:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-05-05 20:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-05-05 20:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-05-05 20:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-05-05 20:21:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-05-05 20:21:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-05-05 20:21:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-05-05 20:21:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-05-05 20:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-05-05 20:20:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-05-05 20:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-05-05 20:20:25 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-05-05 20:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-05-05 20:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-05-05 20:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-05-05 20:19:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-05-05 20:19:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-05-05 20:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-05-05 20:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-05-05 20:19:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-05-05 20:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-05-05 20:18:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-05-05 20:18:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-05-05 20:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-05-05 20:18:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-05-05 20:18:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-05-05 20:18:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-05-05 20:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-05-05 20:18:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-05-05 20:18:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-05-05 20:17:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-05-05 20:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-05-05 20:17:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-05-05 20:17:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-05-05 20:16:57 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-05-05 17:38:09 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-05-05 17:38:09 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-04-26 20:02:46 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Citrix

======List of files/folders modified in the last 1 months======

2010-05-07 17:24:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-05-07 16:44:39 ----D---- C:\WINDOWS\Temp
2010-05-07 15:54:02 ----D---- C:\WINDOWS\Prefetch
2010-05-07 15:51:57 ----D---- C:\WINDOWS\system32
2010-05-07 15:51:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-07 15:50:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-07 15:50:03 ----D---- C:\WINDOWS\system32\drivers
2010-05-07 15:49:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-07 15:47:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-07 15:44:15 ----D---- C:\WINDOWS
2010-05-07 13:54:06 ----D---- C:\WINDOWS\Debug
2010-05-07 13:53:29 ----D---- C:\Programme\CCleaner
2010-05-06 22:42:32 ----D---- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Skype
2010-05-06 21:44:08 ----RD---- C:\Programme
2010-05-06 21:36:09 ----D---- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\skypePM
2010-05-06 20:48:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-06 17:47:55 ----D---- C:\WINDOWS\Microsoft.NET
2010-05-06 17:47:41 ----RSD---- C:\WINDOWS\assembly
2010-05-06 17:23:40 ----D---- C:\WINDOWS\system32\Restore
2010-05-06 17:23:00 ----D---- C:\Programme\Spybot - Search & Destroy
2010-05-06 00:29:34 ----SHD---- C:\System Volume Information
2010-05-06 00:25:46 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2010-05-06 00:03:22 ----HD---- C:\WINDOWS\inf
2010-05-05 20:56:20 ----SHD---- C:\WINDOWS\Installer
2010-05-05 20:55:53 ----D---- C:\WINDOWS\Help
2010-05-05 20:55:53 ----D---- C:\Programme\NVIDIA Corporation
2010-05-05 20:54:54 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-05-05 20:51:33 ----D---- C:\WINDOWS\system32\NtmsData
2010-05-05 20:47:24 ----D---- C:\Programme\XP-Clean Speed
2010-05-05 20:33:37 ----D---- C:\WINDOWS\system32\wbem
2010-05-05 20:33:37 ----D---- C:\WINDOWS\AppPatch
2010-05-05 20:28:41 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-05 20:27:57 ----D---- C:\Programme\Movie Maker
2010-05-05 20:26:46 ----D---- C:\WINDOWS\WinSxS
2010-05-05 20:21:13 ----D---- C:\Programme\Outlook Express
2010-05-05 20:19:19 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-05 20:18:10 ----D---- C:\Programme\Messenger
2010-05-05 17:26:09 ----SD---- C:\WINDOWS\Tasks
2010-04-26 20:02:17 ----D---- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\ICAClient
2010-04-26 20:02:03 ----D---- C:\Programme\Citrix
2010-04-26 19:47:12 ----RD---- C:\Programme\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\BHDrvx86.sys [2009-08-22 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NAV\1008000.029\ccHPx86.sys [2010-02-04 482432]
R1 ctxusbm;Citrix USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100429.001\IDSxpx86.sys []
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SRTSP.SYS [2009-08-22 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NAV\1008000.029\SRTSPX.SYS [2009-08-22 43696]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMTDI.SYS [2009-08-22 217136]
R2 acedrv10;acedrv10; \??\C:\WINDOWS\system32\drivers\acedrv10.sys []
R2 acehlp10;acehlp10; \??\C:\WINDOWS\system32\drivers\acehlp10.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
R3 BENDER;Pinnacle AV/DV2 Capture; C:\WINDOWS\system32\drivers\bender.sys [2003-07-09 180480]
R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2004-10-28 17024]
R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2004-10-28 30299]
R3 BthEnum;Bluetooth-Auflistungsdienst; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2004-10-28 44003]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-12-04 241296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2006-07-29 43392]
R3 HidBth;Microsoft Bluetooth-HID-Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25856]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2008-01-17 13184]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2004-06-21 78976]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12288]
R3 NAVENG;NAVENG; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100506.025\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100506.025\NAVEX15.SYS []
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-03 10232128]
R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-12 1550613]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMFW.SYS [2009-08-22 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMIDS.SYS [2009-08-22 33072]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-22 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMNDIS.SYS [2009-08-22 36400]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2005-10-05 18167]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-10-28 54488]
S3 catchme;catchme; \??\C:\cf\catchme.sys []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\WINDOWS\System32\Drivers\frmupgr.sys [2007-01-03 27536]
S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scannerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-09-21 63120]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-09-21 78992]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2008-06-04 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2008-06-04 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2008-06-04 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2008-06-04 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2008-06-04 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2008-06-04 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2008-06-04 117544]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
S3 skfilt;skfilt; C:\WINDOWS\system32\drivers\skfilt.sys [2008-02-12 1670016]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-22 36400]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2005-10-05 47104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2004-10-28 163840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-01-17 153376]
R2 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
R2 Logitech Easy Synchronization;Logitech Easy Synchronization; C:\Programme\Logitech\Easy Synchronization\servicestub.exe [2005-10-05 65536]
R2 MagicTuneEngine;MagicTuneEngine; C:\Programme\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 Norton AntiVirus;Norton AntiVirus; C:\Programme\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
R2 OMSI download service;Sony Ericsson OMSI download service; d:\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 STacSV;Audio Service; c:\programme\idt\intelxpv_v103\wdm\STacSV.exe [2009-03-12 254036]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2009-08-20 73728]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Programme\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
         

Alt 07.05.2010, 18:48   #2
SonRevan
 
TDDS installiert sich nach deinstallation und reboot wieder neu - Standard

TDDS installiert sich nach deinstallation und reboot wieder neu



Hier habe ich noch die info.txt

Code:
ATTFilter
info.txt logfile of random's system information tool 1.06 2010-05-07 18:25:35

======Uninstall list======

-->"C:\Programme\Creative\USB Headsets\Program\SETUP.EXE" /S /U /W /L:GER
-->C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALLa
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALLa
-->D:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /X{8548A86C-3FCE-4019-88EE-A52820207988}
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x7 
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AddOn Studio for World of Warcraft-->MsiExec.exe /I{DE0F56E1-F6E1-44D6-B568-A592C800404D}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
appleJuice Client-->"d:\appleJuice\unins000.exe"
Astroburn Lite-->D:\Programme\Astroburn Lite\uninst.exe
Avanquest update-->"C:\Programme\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0007 -removeonly
BLASC 2.0-->D:\buffed\UnInstaller.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Brother P-touch Address Book 1.0-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{98E9B724-0E62-4812-B6CC-C6A228BBC562} 
Brother P-touch Editor 4.2-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{003447F5-0058-4B77-9C1E-50488F77C4A7} 
Brother QL-Series User's Guide-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{7CCC6E23-0E35-480B-8F0C-8D06F882D5D3} 
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CDex extraction audio-->"D:\CDex_170b2\uninstall.exe"
Celetania-->E:\Celetania\uninst.exe
Citrix Online Plug-in - Web-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpress.exe /uninstall /cleanup
Citrix Online Plug-in (DV)-->MsiExec.exe /I{CF53CF7C-D996-43EB-9904-DBED57C25625}
Citrix Online Plug-in (HDX)-->MsiExec.exe /I{812424AC-A8B5-44E6-8D48-07E939D1AD9A}
Citrix Online Plug-in (USB)-->MsiExec.exe /I{55392E52-1AAD-44C4-BE49-258FFE72434F}
Citrix Online Plug-in (Web)-->MsiExec.exe /I{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x7  /remove
Creative Systeminformationen-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7  /remove
Creative USB Headsets-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5B3A354B-C059-4861-A85B-CA46F1089E15}\SETUP.EXE" -l0x7  /remove
Crimson Editor (remove only)-->D:\Crimson Editor\uninstall.exe
Curse Client-->D:\Curse\uninstall.exe
Dark Basic Professional Trial-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4D472BD7-7600-49E7-81AA-1930DC671E01}\Setup.exe" -l0x9 
DivX Codec-->D:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->D:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->D:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->D:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DolbyFiles-->MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
DVD Decrypter (Remove Only)-->"D:\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"D:\DVD Shrink\unins000.exe"
FlashCatcher-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{867AE74B-855F-4ABD-BCA1-7B4C0ECF2DD9}\setup.exe" 
Free FLV Converter V 6.7-->"D:\Free FLV Converter\unins000.exe"
GIMP 2.4.6-->"C:\Programme\GIMP-2.0\setup\unins000.exe"
Gitarrero Beginner 1.01 Demo-->D:\GitarreroDemo\unins000.exe
Hollywood FX 5.5 Additional Effects-->C:\WINDOWS\unvise32.exe D:\Pinnacle\Hollywood FX for Studio\5.5\unextralog
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HP Fotodruck-Programm-->C:\WINDOWS\IsUn0407.exe -f"C:\Programme\Hewlett-Packard\Photo Printing\Uninstall.isu" -c"C:\Programme\Hewlett-Packard\Photo Printing\hpiunPC.dll
hp psc 900 series-->C:\WINDOWS\system32\hpocon09.exe /u 1206278301 /d "hp psc 900 series"
HP Share-to-Web-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe"  --MAIN -l7
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
IDT Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
Intel(R) Management Engine Interface-->C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel(R) Network Connections 14.0.40.0-->MsiExec.exe /i{888019C0-54D4-40C2-9274-27B9DAB17017} ARPREMOVE=1
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
jv16 PowerTools 2009-->"C:\Programme\jv16 PowerTools 2009\unins000.exe"
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LightScribe System Software-->MsiExec.exe /X{CC8E94A2-55C7-4460-953C-2A790180578C}
Logitech SetPoint-->C:\Programme\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0007 -removeonly
MagicTune Premium-->C:\Programme\InstallShield Installation Information\{D6044256-A309-43B5-9833-D3FAFE2AD24D}\setup.exe -runfromtemp -l0x0007 -removeonly
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Menu Templates - Starter Kit-->MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}
MetaFrame Presentation Server Webclient für Win32-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110407-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{09298F26-A95C-31E2-9D95-2C60F586F075}
Microsoft Visual Studio Shell 2008 - ENU-->MsiExec.exe /I{97E3C3BF-76AC-4DEA-BF8A-434F1EA5F272}
Mobile Phone Suite Easy Synchronization-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AC134D03-97F1-45B9-B32A-52E885AFA895}\setup.exe" -l0x7 
Movie Templates - Starter Kit-->MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0}
Mozilla Firefox (3.6.3)-->D:\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Nero 9 Trial-->C:\Programme\Gemeinsame Dateien\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="8M01-2085-KK25-2LEE-0UHL-8MPA-6H4U-EHAL"
Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero CoverDesigner-->MsiExec.exe /X{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}
Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}
Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero PhotoSnap-->MsiExec.exe /X{9E82B934-9A25-445B-B8DF-8012808074AC}
Nero Recode-->MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}
Nero Rescue Agent-->MsiExec.exe /X{368BA326-73AD-4351-84ED-3C0A7A52CC53}
Nero ShowTime-->MsiExec.exe /X{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
Nero Vision-->MsiExec.exe /X{43E39830-1826-415D-8BAE-86845787B54B}
Nero WaveEditor-->MsiExec.exe /X{A209525B-3377-43F4-B886-32F6B6E7356F}
NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}
NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus-->C:\Programme\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\16.8.0.41\InstStub.exe /X
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Programme\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
NVIDIA Texture Tools 2-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D8D06241-617C-42AB-B9C7-D9BA5A377D10}\setup.exe" -l0x9 
Pacific Poker-->D:\PROGRA~1\PACIFI~1\UNWISE.EXE D:\PROGRA~1\PACIFI~1\INSTALL.LOG
Pinnacle device drivers-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3F866D37-22D0-435D-94F1-31A64D566D0E}\Setup.exe" -l0x7 
Pinnacle Hollywood FX for Studio-->C:\WINDOWS\unvise32.exe D:\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
proDAD Heroglyph 1.0-->"C:\Programme\proDAD\Heroglyph-1.0\uninstall.exe" uninstall spcp
ProtectDisc Helper Driver 10-->C:\Programme\ProtectDisc Driver Installer\uninstall_v10.exe
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Runes of Magic-->"E:\Runes of Magic\unins000.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} 
Sony Ericsson Media Manager 1.2-->MsiExec.exe /X{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}
Sony Ericsson PC Suite 6.009.00-->"C:\Programme\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0007 -removeonly
SoundTrax-->MsiExec.exe /X{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Studio 9 Content CD/DVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B67624DE-75CE-4FAD-9F29-5C115773CE61}\Setup.exe" -l0x7  UNINSTALL
Studio 9-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x7  UNINSTALL
System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->D:\Teamspeak2_RC2\unins000.exe
TMPGEnc 4.0 XPress-->MsiExec.exe /I{EC62A668-2E2D-46F9-A999-0812F1699245}
Uniblue RegistryBooster-->"C:\Programme\Uniblue\RegistryBooster\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update für Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6f-->d:\VideoLAN\VLC\uninstall.exe
Warhammer Online - Age of Reckoning-->"E:\Warhammer Online - Age of Reckoning\unins000.exe"
WIDCOMM Bluetooth Software-->MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->D:\WinRAR\uninstall.exe
World of Warcraft-->C:\Programme\Gemeinsame Dateien\Blizzard Entertainment\Wrath of the Lich King\Uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XnView 1.96-->"C:\Programme\XnView\unins000.exe"
XP-Clean Speed-->MsiExec.exe /I{E5ADAEB8-000D-428B-A2A7-C43A789D4705}

======Hosts File======

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com

======Security center information======

AV: Norton AntiVirus

======System event log======

Computer Name: PC-Name
Event Code: 7036
Message: Dienst "NLA (Network Location Awareness)" befindet sich jetzt im Status "Ausgeführt".

Record Number: 49099
Source Name: Service Control Manager
Time Written: 20100412072350.000000+120
Event Type: Informationen
User: 

Computer Name: PC-Name
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Ausgeführt".

Record Number: 49098
Source Name: Service Control Manager
Time Written: 20100412072350.000000+120
Event Type: Informationen
User: 

Computer Name: PC-Name
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "NLA (Network Location Awareness)" gesendet.

Record Number: 49097
Source Name: Service Control Manager
Time Written: 20100412072350.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: PC-Name
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IMAPI-CD-Brenn-COM-Dienste" gesendet.

Record Number: 49096
Source Name: Service Control Manager
Time Written: 20100412072350.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: PC-Name
Event Code: 7036
Message: Dienst "Kompatibilität für schnelle Benutzerumschaltung" befindet sich jetzt im Status "Ausgeführt".

Record Number: 49095
Source Name: Service Control Manager
Time Written: 20100412072345.000000+120
Event Type: Informationen
User: 

=====Application event log=====

Computer Name:PC-Name
Event Code: 0
Message: 
Record Number: 26256
Source Name: iPod Service
Time Written: 20091016180812.000000+120
Event Type: Informationen
User: 

Computer Name: PC-Name
Event Code: 35
Message: Der Dienst 'Norton AntiVirus' wurde gestartet.

Record Number: 26255
Source Name: Norton AntiVirus
Time Written: 20091016180811.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: PC-Name
Event Code: 34
Message: Der Dienst 'Norton AntiVirus' startet.

Record Number: 26254
Source Name: Norton AntiVirus
Time Written: 20091016180810.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: PC-Name
Event Code: 0
Message: 
Record Number: 26253
Source Name: btwdins
Time Written: 20091016180807.000000+120
Event Type: Informationen
User: 

Computer Name:PC-Name
Event Code: 1
Message: 
Record Number: 26252
Source Name: Bonjour Service
Time Written: 20091016180806.000000+120
Event Type: Informationen
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Programme\Intel\DMIX;C:\Programme\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TEXTURE_TOOLS_DIR"=C:\Programme\NVIDIA Corporation\NVIDIA Texture Tools 2\bin
"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.6.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------
         
Während der ganzen "Scannerei" habe ich meinen PC einmal Sicherheitshalber von Netz getrennt.
Leider hat das alle nichts geholfen, denn die oben genannen Warnungen/Meldungen erscheinen noch immer :-(

Danach ins Internet gegangen, es gab keine Fehlermeldungen mehr. Rechner neu gestartet und zack..... das gleiche Problem wieder.
Ich habe jetzt schon via Google und Forumsuche etliche Beiträge gefunden, nur komme ich nun alleine nicht mehr weiter.

Danke schon einmal im voraus für Eure Hilfe
__________________


Alt 13.05.2010, 20:04   #3
SonRevan
 
TDDS installiert sich nach deinstallation und reboot wieder neu - Standard

TDDS installiert sich nach deinstallation und reboot wieder neu



Hallo zusammen,

ich habe heute einmal allen Mut zusammengenommen und ComboFix ausprobiert.
Und was soll ich sagen?
Es hat geklappt! Der Tdds ist verschwunden.
Anschliessend noch fix Malwarebytes' Anti-Malware ausgeführt => nichts gefunden.
Auch mein Norton meckert nicht.

Gibt es eine (mehr oder weniger) zuverlässige Methode zu sagen das er nun vollständig weg ist?
__________________

Alt 13.05.2010, 20:42   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TDDS installiert sich nach deinstallation und reboot wieder neu - Standard

TDDS installiert sich nach deinstallation und reboot wieder neu



Zitat:
Gibt es eine (mehr oder weniger) zuverlässige Methode zu sagen das er nun vollständig weg ist?
Du zuverlässigste Methode, die auch überall anerkannt ist: format c: und Neuinstallation des Betriebssystems vom Originaldatenträger.

Poste aber bitte mal das Combofix Logfile.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.05.2010, 22:58   #5
SonRevan
 
TDDS installiert sich nach deinstallation und reboot wieder neu - Standard

TDDS installiert sich nach deinstallation und reboot wieder neu



Zitat:
Zitat von cosinus Beitrag anzeigen
Du zuverlässigste Methode, die auch überall anerkannt ist: format c: und Neuinstallation des Betriebssystems vom Originaldatenträger.
Ja, da stimme ich dir zu. Das ist momentan nur leider etwas ungünstig, wird demnächst aber erfolgen.
Hier das Log von Combofix und danke schon mal fürs durchsehen des selbigen ;-)

Code:
ATTFilter
ComboFix 10-05-12.04 - Markus 13.05.2010  15:54:19.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2030.1612 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Markus\Desktop\Combo-Fix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\eSellerateEngine.dll
c:\windows\system32\st322000.dll

Infizierte Kopie von c:\windows\system32\drivers\cdrom.sys wurde gefunden und desinfiziert 
Kopie von - Kitty had a snack :p wurde wiederhergestellt 
.
(((((((((((((((((((((((   Dateien erstellt von 2010-04-13 bis 2010-05-13  ))))))))))))))))))))))))))))))
.

2010-05-13 13:44 . 2010-05-13 13:48	--------	d-----w-	C:\Combo-Fix
2010-05-07 16:41 . 2010-05-07 16:41	--------	d-----w-	c:\dokumente und einstellungen\NetworkService\Eigene Dateien
2010-05-07 16:41 . 2010-05-07 16:41	--------	d-----w-	c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
2010-05-07 13:49 . 2009-03-12 10:53	1550613	----a-w-	c:\windows\system32\drivers\sthda.sys
2010-05-07 13:47 . 2008-04-13 18:53	264832	-c--a-w-	c:\windows\system32\dllcache\http.sys
2010-05-07 13:47 . 2008-04-13 18:53	264832	----a-w-	c:\windows\system32\drivers\http.sys
2010-05-07 13:47 . 2008-01-17 14:45	13184	----a-w-	c:\windows\system32\drivers\mtictwl.sys
2010-05-06 19:44 . 2010-05-07 16:25	--------	d-----w-	c:\programme\trend micro
2010-05-06 19:44 . 2010-05-06 19:44	--------	d-----w-	C:\rsit
2010-05-06 18:40 . 2010-05-07 13:48	96512	----a-w-	c:\windows\system32\drivers\atapi.sys
2010-05-06 18:40 . 2010-05-05 21:58	96512	-c--a-w-	c:\windows\system32\dllcache\atapi.sys
2010-05-06 15:28 . 2008-04-13 18:57	14336	-c--a-w-	c:\windows\system32\dllcache\asyncmac.sys
2010-05-06 15:28 . 2008-04-13 18:57	14336	----a-w-	c:\windows\system32\drivers\asyncmac.sys
2010-05-06 15:28 . 2008-04-14 02:02	73472	-c--a-w-	c:\windows\system32\dllcache\sr.sys
2010-05-06 15:28 . 2008-04-14 02:02	73472	----a-w-	c:\windows\system32\drivers\sr.sys
2010-05-05 22:17 . 2010-05-05 22:17	--------	d-----w-	c:\dokumente und einstellungen\Markus\Anwendungsdaten\Malwarebytes
2010-05-05 22:17 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 22:17 . 2010-05-05 22:17	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2010-05-05 22:17 . 2010-05-05 22:17	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-05-05 22:17 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-05-05 22:09 . 2010-05-05 22:09	--------	d-----w-	c:\dokumente und einstellungen\Markus\Anwendungsdaten\Uniblue
2010-05-05 22:09 . 2010-05-05 22:09	--------	d-----w-	c:\programme\Uniblue
2010-05-05 18:55 . 2010-05-05 18:55	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
2010-05-05 18:39 . 2010-05-05 18:39	2	--shatr-	c:\windows\winstart.bat
2010-05-05 18:16 . 2010-02-12 10:03	293376	------w-	c:\windows\system32\browserchoice.exe
2010-05-05 18:16 . 2009-10-23 15:28	3558912	-c----w-	c:\windows\system32\dllcache\moviemk.exe
2010-05-05 18:15 . 2009-10-15 16:28	81920	-c----w-	c:\windows\system32\dllcache\fontsub.dll
2010-05-05 18:15 . 2009-10-15 16:28	119808	-c----w-	c:\windows\system32\dllcache\t2embed.dll
2010-05-05 18:15 . 2009-11-21 15:54	471552	-c----w-	c:\windows\system32\dllcache\aclayers.dll
2010-05-05 15:38 . 2009-08-06 17:23	274288	----a-w-	c:\windows\system32\mucltui.dll
2010-05-05 15:15 . 2010-05-05 15:15	--------	d-s---w-	c:\dokumente und einstellungen\NetworkService\UserData
2010-04-26 18:02 . 2009-09-12 20:34	66928	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpressUI_zh-TW.dll
2010-04-26 18:02 . 2009-09-12 20:33	66928	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpressUI_zh-CN.dll
2010-04-26 18:02 . 2009-09-12 20:33	75120	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpressUI_ru.dll
2010-04-26 18:02 . 2010-04-26 18:02	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix
2010-04-26 18:02 . 2009-09-12 21:11	75120	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpressUI_en.dll
2010-04-26 18:02 . 2009-09-12 21:09	1049952	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpress.exe
2010-04-26 18:02 . 2009-09-12 20:35	71024	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpressUI_ko.dll
2010-04-26 18:02 . 2009-09-12 20:32	71024	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpressUI_ja.dll
2010-04-26 18:02 . 2009-09-12 20:31	75120	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpressUI_fr.dll
2010-04-26 18:02 . 2009-09-12 20:30	75120	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpressUI_es.dll
2010-04-26 18:02 . 2009-09-12 20:29	75120	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Citrix\Citrix Online Plug-in - Web\TrolleyExpressUI_de.dll
2010-04-26 18:02 . 2010-04-26 18:02	--------	d-----w-	c:\dokumente und einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\Citrix

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-13 13:33 . 2008-03-23 13:39	--------	d-----w-	c:\dokumente und einstellungen\Markus\Anwendungsdaten\Skype
2010-05-13 12:14 . 2008-03-23 13:41	--------	d-----w-	c:\dokumente und einstellungen\Markus\Anwendungsdaten\skypePM
2010-05-10 21:11 . 2010-01-24 01:00	535488	----a-w-	c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2010-05-07 15:24 . 2009-12-30 13:30	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-05-07 13:51 . 2006-02-28 12:00	81126	----a-w-	c:\windows\system32\perfc007.dat
2010-05-07 13:51 . 2006-02-28 12:00	452300	----a-w-	c:\windows\system32\perfh007.dat
2010-05-07 11:53 . 2009-05-05 20:01	--------	d-----w-	c:\programme\CCleaner
2010-05-06 19:00 . 2009-05-05 19:43	41	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Windows NT\msqlite.dll
2010-05-06 15:23 . 2009-12-30 13:30	--------	d-----w-	c:\programme\Spybot - Search & Destroy
2010-05-05 18:55 . 2009-02-07 15:25	--------	d-----w-	c:\programme\NVIDIA Corporation
2010-05-05 18:47 . 2009-05-05 19:43	--------	d-----w-	c:\programme\XP-Clean Speed
2010-05-05 18:39 . 2009-12-30 16:35	228	----a-w-	c:\windows\system32\edacded0.dat
2010-04-26 18:02 . 2008-03-31 23:29	--------	d-----w-	c:\dokumente und einstellungen\Markus\Anwendungsdaten\ICAClient
2010-04-26 18:02 . 2008-03-31 23:28	--------	d-----w-	c:\programme\Citrix
2010-04-26 17:47 . 2008-03-23 13:38	--------	d-----r-	c:\programme\Skype
2010-04-05 19:49 . 2009-04-17 19:05	--------	d-----w-	c:\dokumente und einstellungen\Markus\Anwendungsdaten\XnView
2010-04-03 17:23 . 2010-04-03 17:23	278120	----a-w-	c:\windows\system32\nvmccs.dll
2010-04-03 17:23 . 2010-04-03 17:23	154216	----a-w-	c:\windows\system32\nvsvc32.exe
2010-04-03 17:23 . 2010-04-03 17:23	13670504	----a-w-	c:\windows\system32\nvcpl.dll
2010-04-03 17:23 . 2010-04-03 17:23	110696	----a-w-	c:\windows\system32\nvmctray.dll
2010-04-03 17:22 . 2010-04-03 17:22	81920	----a-w-	c:\windows\system32\nvwddi.dll
2010-03-29 18:28 . 2010-03-29 18:28	--------	d-----w-	c:\programme\Gemeinsame Dateien\Skype
2010-03-09 11:09 . 2006-02-28 12:00	430080	----a-w-	c:\windows\system32\vbscript.dll
2010-02-26 05:41 . 2006-02-28 12:00	672768	----a-w-	c:\windows\system32\wininet.dll
2010-02-26 05:41 . 2006-02-28 12:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2010-05-07 13:50	455680	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:04 . 2006-02-28 12:00	2148864	------w-	c:\windows\system32\ntoskrnl.exe
2010-02-16 19:04 . 2004-08-04 00:50	2027008	------w-	c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="d:\sony ericsson pc suite\SEPCSuite.exe" [2009-09-24 434176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Share-to-Web Namespace Daemon"="c:\programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Easy Synchronization"="c:\programme\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2009-07-13 292128]
"SysTrayApp"="c:\programme\IDT\WDM\sttray.exe" [2009-03-12 483422]
"ConnectionCenter"="c:\programme\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2004-10-28 565309]
GammaTray.lnk - c:\programme\MagicTune Premium\GammaTray.exe [2008-12-29 36864]
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2008-7-26 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "c:\programme\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 69632]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= "c:\progra~1\Greatis\REGRUN~1\RRShell.dll" [2009-04-06 335943]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42	72208	----a-w-	c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\DNA\\btdna.exe"=
"d:\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Curse\\CurseClient.exe"=
"e:\\Celetania\\Celetania.exe"=
"d:\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\appleJuice\\gui\\AJCoreGUI.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [07.05.2010 15:50 65584]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [07.05.2010 15:50 328824]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [07.05.2010 15:49 201848]
R2 Norton AntiVirus;Norton AntiVirus;c:\programme\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [04.02.2010 22:03 117640]
R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [07.05.2010 15:49 180480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [28.08.2009 01:26 102448]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [07.05.2010 15:49 27632]
R3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.sys [09.04.2009 12:31 1670016]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS --> c:\windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS [?]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NAV\1008000.029\BHDrvx86.sys --> c:\windows\system32\Drivers\NAV\1008000.029\BHDrvx86.sys [?]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NAV\1008000.029\ccHPx86.sys --> c:\windows\system32\Drivers\NAV\1008000.029\ccHPx86.sys [?]
S1 IDSxpx86;IDSxpx86;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100505.001\IDSXpx86.sys [08.05.2010 09:48 329592]
S2 OMSI download service;Sony Ericsson OMSI download service;d:\sony ericsson pc suite\SupServ.exe [28.11.2009 09:23 90112]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [23.05.2009 09:11 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [23.05.2009 09:11 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [23.05.2009 09:11 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [23.05.2009 09:11 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [23.05.2009 09:11 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [23.05.2009 09:11 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [23.05.2009 09:11 117544]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24	451872	----a-w-	c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.heise.de/
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft &Excel exportieren - d:\micros~1\OFFICE11\EXCEL.EXE/3000
IE: Save Flash with Flash Catcher - c:\programme\Gemeinsame Dateien\justDo\IECatcher.DLL/FlashCatcher.htm
IE: Senden an &Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {9ECF2FB7-7C81-4A11-BAE4-FAF9D9E207EA} = 212.114.152.1,212.114.153.1
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
FF - ProfilePath - c:\dokumente und einstellungen\Markus\Anwendungsdaten\Mozilla\Firefox\Profiles\b91ug6q7.default\
FF - prefs.js: browser.search.selectedEngine - World of Warcraft-Arsenal
FF - prefs.js: browser.startup.homepage - hxxp://www.heise.de
FF - component: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: d:\itunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\mozilla firefox\plugins\npicaN.dll
FF - plugin: d:\programme\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\programme\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\videolan\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
d:\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
d:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-nwiz - nwiz.exe
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-13 15:59
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\programme\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\programme\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1072)
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll
.
Zeit der Fertigstellung: 2010-05-13  16:00:37
ComboFix-quarantined-files.txt  2010-05-13 14:00
ComboFix2.txt  2009-12-30 18:53

Vor Suchlauf: 10 Verzeichnis(se), 32.664.125.440 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 32.670.773.248 Bytes frei

- - End Of File - - 8C84AB5F4A6D536E4B6406B0C92F052B
         


Alt 14.05.2010, 10:19   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TDDS installiert sich nach deinstallation und reboot wieder neu - Standard

TDDS installiert sich nach deinstallation und reboot wieder neu



Das sieht gut aus. Merkst Du auch ne Verbesserung am System jetzt? CF hat da eine manipulierte Systemdatei erkannt und ein Original zurückkopiert.

Mach bitte mal zur Kontrolle Logfiles mit GMER und OSAM.
__________________
--> TDDS installiert sich nach deinstallation und reboot wieder neu

Alt 14.05.2010, 17:31   #7
SonRevan
 
TDDS installiert sich nach deinstallation und reboot wieder neu - Standard

TDDS installiert sich nach deinstallation und reboot wieder neu



Also subjektiv merke ich ein schnelleres öffnen des firefox und ein schnelleres umschalten aus dem Vollbildmodus hin zum desktop.
Wobei das wahrscheinlich auch an dem fehlenden "meckern" des norton liegt ;-)

Hier meine beiden Logfiles:
GMER:
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-14 17:19:00
Windows 5.1.2600 Service Pack 3
Running: nepslpt5.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kfwiypoc.sys


---- System - GMER 1.0.15 ----

SSDT            88AB19C8                                                                                                            ZwAlertResumeThread
SSDT            8A10B7F8                                                                                                            ZwAlertThread
SSDT            88A334C0                                                                                                            ZwAllocateVirtualMemory
SSDT            88B0ECA0                                                                                                            ZwAssignProcessToJobObject
SSDT            8A3A84A0                                                                                                            ZwConnectPort
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                          ZwCreateKey [0xB41B7210]
SSDT            88A26AC0                                                                                                            ZwCreateMutant
SSDT            88A20070                                                                                                            ZwCreateSymbolicLinkObject
SSDT            88A345B0                                                                                                            ZwCreateThread
SSDT            88AAF5E0                                                                                                            ZwDebugActiveProcess
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                          ZwDeleteKey [0xB41B7490]
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                          ZwDeleteValueKey [0xB41B79F0]
SSDT            8A45A818                                                                                                            ZwDuplicateObject
SSDT            88A32BB0                                                                                                            ZwFreeVirtualMemory
SSDT            88B0F1F0                                                                                                            ZwImpersonateAnonymousToken
SSDT            88B0FBF8                                                                                                            ZwImpersonateThread
SSDT            8A04C898                                                                                                            ZwLoadDriver
SSDT            88A32A10                                                                                                            ZwMapViewOfSection
SSDT            88B0F5F0                                                                                                            ZwOpenEvent
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                          ZwOpenKey [0xB41B77A0]
SSDT            8A46C118                                                                                                            ZwOpenProcess
SSDT            88AAD050                                                                                                            ZwOpenProcessToken
SSDT            89772720                                                                                                            ZwOpenSection
SSDT            8A465200                                                                                                            ZwOpenThread
SSDT            88A20B80                                                                                                            ZwProtectVirtualMemory
SSDT            8976C050                                                                                                            ZwResumeThread
SSDT            88AAC050                                                                                                            ZwSetContextThread
SSDT            88A32738                                                                                                            ZwSetInformationProcess
SSDT            88AAFA48                                                                                                            ZwSetSystemInformation
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                          ZwSetValueKey [0xB41B7C40]
SSDT            89772CA0                                                                                                            ZwSuspendProcess
SSDT            88AAA050                                                                                                            ZwSuspendThread
SSDT            88B0D050                                                                                                            ZwTerminateProcess
SSDT            88B07050                                                                                                            ZwTerminateThread
SSDT            8976F050                                                                                                            ZwUnmapViewOfSection
SSDT            88A32F80                                                                                                            ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

?               SYMDS.SYS                                                                                                           Das System kann die angegebene Datei nicht finden. !
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xB6A17380, 0x566445, 0xE8000020]
.reloc          C:\WINDOWS\system32\drivers\acehlp10.sys                                                                            section is executable [0xB6950700, 0x2919C, 0xE0000060]
init            C:\WINDOWS\system32\drivers\skfilt.sys                                                                              entry point in "init" section [0xB3F83430]
.reloc          C:\WINDOWS\system32\drivers\acedrv10.sys                                                                            section is executable [0xB3438000, 0x4549F, 0xE0000060]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                            SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                           SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                           SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                         SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\BTHUSB \Device\000000ab                                                                                     bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\000000ad                                                                                     bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00076191be28                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00076191be28@000761887fbf                            0xB1 0x6F 0xDF 0xB8 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00076191be28@000761869e07                            0x0E 0xBB 0xEC 0x0A ...
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start                                                                 1
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type                                                                  1
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath                                                             \systemroot\system32\drivers\H8SRTmylyarmyqv.sys
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group                                                                 file system
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet)                                       
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd                                                        
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc                                                        
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr                                                     
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf                                                     
Reg             HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtbbr                                                      
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00076191be28 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00076191be28@000761887fbf                                0xB1 0x6F 0xDF 0xB8 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00076191be28@000761869e07                                0x0E 0xBB 0xEC 0x0A ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xC8 0x28 0x51 0xAF ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x71 0x3B 0x04 0x66 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0x7A 0x45 0x05 0xFD ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x86 0x8C 0x21 0x01 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xF5 0x1D 0x4D 0x73 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xB0 0x18 0xED 0xA7 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0xFB 0xA7 0x78 0xE6 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x83 0x6C 0x56 0x8B ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xF6 0x0F 0x4E 0x58 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x3D 0xCE 0xEA 0x26 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0x2A 0xB7 0xCC 0xB5 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----
         
und osam:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:46:06 on 14.05.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"btcpl.cpl" - "Broadcom Corporation" - C:\WINDOWS\system32\btcpl.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv10" (acedrv10) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv10.sys
"acehlp10" (acehlp10) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acehlp10.sys
"ASAPIW2K" (ASAPIW2k) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\drivers\ASAPIW2k.sys
"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\System32\drivers\aspi32.sys
"BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20100429.001\BHDrvx86.sys
"Bluetooth Protocol Stack" (BTKRNL) - "Broadcom Corporation" - C:\WINDOWS\System32\drivers\btkrnl.sys
"Bluetooth-Audiogerät" (btaudio) - "Broadcom Corporation" - C:\WINDOWS\System32\drivers\btaudio.sys
"btwhid" (btwhid) - "Broadcom Corporation" - C:\WINDOWS\System32\DRIVERS\btwhid.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Markus\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"ELTIMA Virtual Serial Ports Driver" (vserial) - "ELTIMA Software" - C:\WINDOWS\System32\DRIVERS\vserial.sys
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"IDSxpx86" (IDSxpx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20100505.001\IDSxpx86.sys
"InCD Reader" (InCDRm) - ? - C:\WINDOWS\System32\drivers\InCDRm.sys  (File not found)
"InCDPass" (InCDPass) - ? - C:\WINDOWS\System32\drivers\InCDPass.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MagicTune" (MagicTune) - "Samsung Electronics, Inc. " - C:\WINDOWS\System32\drivers\MTiCtwl.sys
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100513.041\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100513.041\NAVEX15.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\WINDOWS\system32\drivers\pclepci.sys
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\NAV\1106000.020\SYMDS.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\NAV\1106000.020\SYMEFA.SYS
"Symantec Hash Provider" (ccHP) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NAV\1106000.020\ccHPx86.sys
"Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NAV\1106000.020\Ironx86.SYS
"Symantec Network Dispatch Driver" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMTDI.SYS
"Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NAV\1106000.020\SRTSP.SYS
"Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NAV\1106000.020\SRTSPX.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
"Virtual Serial Bus Enumerator" (vsbus) - "ELTIMA Software" - C:\WINDOWS\System32\DRIVERS\vsb.sys
"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation" - C:\WINDOWS\System32\DRIVERS\btport.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation" - C:\WINDOWS\System32\Drivers\btwusb.sys
"WpdUsb" (WpdUsb) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wpdusb.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "linkscanner" - ? -   (File not found | COM-object registry key not found)
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
{EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} "WidImg Class" - "Broadcom Corporation" - C:\WINDOWS\system32\btxppanel.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{FE24CD78-7C63-465D-8787-4EDF7FC79895} "ShellExecuteHook class" - ? - C:\Programme\Logitech\Easy Synchronization\shellexecutehook.dll  (File found, but it contains no detailed information)
{F552DDE6-2090-4bf4-B924-6141E87789A5} "ShellObj Class" - "Greatis Software, LLC" - C:\PROGRA~1\Greatis\REGRUN~1\RRShell.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation" - C:\WINDOWS\system32\btneighborhood.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - D:\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\kbcplext.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - D:\MICROS~1\OFFICE11\MLSHEXT.DLL
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
{1CA6BBC9-E9FA-4021-822B-075DF1837B63} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{4FBFFA8D-F390-471a-AE46-FEB93623AD63} "NeroDigitalInfoHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{846083A4-BFC6-4447-985C-6578B466A7D7} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
{EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} "NeroDigitalThumbnailHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\SMC\NeroDigitalExt.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A4DF5659-0801-4A60-9607-1C48695EFDA9} "Ordner HP Share-to-Web" - "Hewlett-Packard" - C:\Programme\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - D:\MICROS~1\OFFICE11\OLKFSTUB.DLL
{35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll
{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll
{640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\Audiodev.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL
{44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\WinRAR\rarext.dll  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" - "Microsoft Corporation" - C:\WINDOWS\system32\WPDShServiceObj.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{F6ACF75C-C32C-447B-9BEF-46B766368D29} "Creative Software AutoUpdate Support Package" - "Creative Technology Ltd" - C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\CTPID.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15107/CTPID.cab
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{E5ABEB00-B357-4884-9949-77B2C71A7EE3} "{E5ABEB00-B357-4884-9949-77B2C71A7EE3}" - ? -   (File not found | COM-object registry key not found) / hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
"Flash Catcher" - ? - res://C:\Programme\Gemeinsame Dateien\justDo\IECatcher.DLL/FlashCatcher.htm  (File not found)
"ICQ6" - "ICQ, Inc." - D:\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} "SnapFlash Class" - "justDo Software" - C:\Programme\Gemeinsame Dateien\justDo\Jd2002.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - "Symantec Corporation" - C:\Programme\Norton AntiVirus\Engine\17.6.0.32\IPSBHO.DLL
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"GammaTray.lnk" - ? - C:\Programme\MagicTune Premium\GammaTray.exe  (Shortcut exists | File exists)
"Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation" - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"CurseClientStartup.ccip" - ? - C:\Dokumente und Einstellungen\Markus\Startmenü\Programme\Autostart\CurseClientStartup.ccip
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Markus\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "d:\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Bluetooth Connection Assistant" - ? - LBTWIZ.EXE -silent  (File not found)
"ConnectionCenter" - "Citrix Systems, Inc." - "C:\Programme\Citrix\ICA Client\concentr.exe" /startup
"Easy Synchronization" - ? - C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe  (File found, but it contains no detailed information)
"iTunesHelper" - "Apple Inc." - "D:\iTunes\iTunesHelper.exe"
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"PinnacleDriverCheck" - ? - C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"Share-to-Web Namespace Daemon" - "Hewlett-Packard" - C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----
"Easy Synchronization" - ? - C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe --ports  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bluetooth-Druckeranschluss" - "Broadcom Corporation" - C:\WINDOWS\system32\bthcrp.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation" - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
"Logitech Easy Synchronization" (Logitech Easy Synchronization) - ? - C:\Programme\Logitech\Easy Synchronization\servicestub.exe  (File found, but it contains no detailed information)
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"MagicTuneEngine" (MagicTuneEngine) - ? - C:\Programme\MagicTune Premium\MagicTuneEngine.exe  (File found, but it contains no detailed information)
"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
"Norton AntiVirus" (NAV) - "Symantec Corporation" - C:\Programme\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe
"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Sony Ericsson OMSI download service" (OMSI download service) - ? - d:\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Alt 14.05.2010, 17:56   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TDDS installiert sich nach deinstallation und reboot wieder neu - Standard

TDDS installiert sich nach deinstallation und reboot wieder neu



Sieht ok aus. Mach auch bitte zurweiteren Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.05.2010, 14:06   #9
SonRevan
 
TDDS installiert sich nach deinstallation und reboot wieder neu - Standard

TDDS installiert sich nach deinstallation und reboot wieder neu



soderle, beide programme ausgeführt, hier das log
mbam:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4103

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15.05.2010 11:51:28
mbam-log-2010-05-15 (11-51-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 259210
Laufzeit: 1 Stunde(n), 13 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
und
SUPERAntiSpyware
nachdem er mit dem scannen fertig war, bin ich auf "Weiter". anschliessend wurde der rechner neu gestartet.
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/15/2010 at 01:41 PM

Application Version : 4.37.1000

Core Rules Database Version : 4939
Trace Rules Database Version: 2751

Scan type       : Complete Scan
Total Scan Time : 01:05:13

Memory items scanned      : 718
Memory threats detected   : 0
Registry items scanned    : 6679
Registry threats detected : 2
File items scanned        : 133601
File threats detected     : 11

Adware.Tracking Cookie
	C:\Dokumente und Einstellungen\Markus\Cookies\markus@rotator.adjuggler[1].txt
	C:\Dokumente und Einstellungen\Markus\Cookies\markus@ad.zanox[2].txt
	C:\Dokumente und Einstellungen\Markus\Cookies\markus@ad.adc-serv[2].txt
	C:\Dokumente und Einstellungen\Markus\Cookies\markus@interclick[1].txt
	C:\Dokumente und Einstellungen\Markus\Cookies\markus@zanox[2].txt
	C:\Dokumente und Einstellungen\Markus\Cookies\markus@adserver.adtechus[1].txt
	C:\Dokumente und Einstellungen\Markus\Cookies\markus@ad.yieldmanager[2].txt
	C:\Dokumente und Einstellungen\Markus\Cookies\markus@webmasterplan[2].txt
	C:\Dokumente und Einstellungen\Markus\Cookies\markus@im.banner.t-online[1].txt
	C:\Dokumente und Einstellungen\Markus\Cookies\markus@adfarm1.adition[1].txt
	C:\Dokumente und Einstellungen\Markus\Cookies\markus@adsrv.admediate[1].txt

Trojan.Agent/Gen-Alureon
	HKU\S-1-5-19\Software\h8srt
	HKU\S-1-5-20\Software\h8srt
         
danke und gruß

Alt 16.05.2010, 19:33   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TDDS installiert sich nach deinstallation und reboot wieder neu - Standard

TDDS installiert sich nach deinstallation und reboot wieder neu



Sieht an sich ok aus, aber ein paar inkative Rest vom Rootkit sind da noch. Bitte mal den Avenger anwenden:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:



3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:
Code:
ATTFilter
files to delete:
c:\system32\drivers\H8SRTmylyarmyqv.sys

registry keys to delete:
HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys

drivers to delete:
H8SRTd.sys
H8SRTd
         
4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei File-Upload.net hochladen und hier verlinken
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.05.2010, 10:56   #11
SonRevan
 
TDDS installiert sich nach deinstallation und reboot wieder neu - Standard

TDDS installiert sich nach deinstallation und reboot wieder neu



hello!
Hier habe ich zum einen das erstellte Logfile.
Scheint so als ob es nicht funktioniert hat oder?

müsste die folgende Zeile in deinem Script statt
Code:
ATTFilter
c:\system32\drivers\H8SRTmylyarmyqv.sys
         
so heissen:?
Code:
ATTFilter
c:\WINDOWS\system32\drivers\H8SRTmylyarmyqv.sys
         
Ich habe das System einmal durchsucht (inkl. versteckter Elemente) aber nichts gefunden.

Code:
ATTFilter
Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  could not open file "c:\system32\drivers\H8SRTmylyarmyqv.sys"
Deletion of file "c:\system32\drivers\H8SRTmylyarmyqv.sys" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist

Registry key "HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys" deleted successfully.

Error:  registry key "\Registry\Machine\System\CurrentControlSet\Services\H8SRTd.sys" not found!
Deletion of driver "H8SRTd.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "\Registry\Machine\System\CurrentControlSet\Services\H8SRTd" not found!
Deletion of driver "H8SRTd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.
         
und hier die backup-datei:
hxxp://www.file-upload.net/download-2523202/backup.zip.html

danke und gruß

Alt 17.05.2010, 14:25   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TDDS installiert sich nach deinstallation und reboot wieder neu - Standard

TDDS installiert sich nach deinstallation und reboot wieder neu



Ups, ja im Pfad fehlte ein WINDOWS
Aber anscheinend war die Datei eh schon weg.
Mach mal bitte zur Kontrolle ein frisches GMER Log.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.05.2010, 20:30   #13
SonRevan
 
TDDS installiert sich nach deinstallation und reboot wieder neu - Standard

TDDS installiert sich nach deinstallation und reboot wieder neu



Hallo Cosinus!
Ich habe den Avenger nochmals mit dem richtigen Pfad ausprobiert, aber er hat wieder nicht gefunden *freu*

Ich bin heute leider heute erst dazu gekommen das neue Gmer-Log zu produzieren und hier ist es schon:

Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-18 20:17:49
Windows 5.1.2600 Service Pack 3
Running: 40e9rbcd.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kfwiypoc.sys


---- System - GMER 1.0.15 ----

SSDT            8A0843B0                                                                                                            ZwAlertResumeThread
SSDT            8A1F2258                                                                                                            ZwAlertThread
SSDT            896E3F40                                                                                                            ZwAllocateVirtualMemory
SSDT            8A003378                                                                                                            ZwAssignProcessToJobObject
SSDT            8A234EA8                                                                                                            ZwConnectPort
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                          ZwCreateKey [0xB4160210]
SSDT            897F86E0                                                                                                            ZwCreateMutant
SSDT            8A0CDD58                                                                                                            ZwCreateSymbolicLinkObject
SSDT            8A5C4008                                                                                                            ZwCreateThread
SSDT            8A0495B0                                                                                                            ZwDebugActiveProcess
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                          ZwDeleteKey [0xB4160490]
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                          ZwDeleteValueKey [0xB41609F0]
SSDT            896E4410                                                                                                            ZwDuplicateObject
SSDT            89781BB8                                                                                                            ZwFreeVirtualMemory
SSDT            89FEFAD0                                                                                                            ZwImpersonateAnonymousToken
SSDT            8A04EAD0                                                                                                            ZwImpersonateThread
SSDT            8A15DAF0                                                                                                            ZwLoadDriver
SSDT            89781A18                                                                                                            ZwMapViewOfSection
SSDT            8A168360                                                                                                            ZwOpenEvent
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                          ZwOpenKey [0xB41607A0]
SSDT            89720E38                                                                                                            ZwOpenProcess
SSDT            8A1CC1D8                                                                                                            ZwOpenProcessToken
SSDT            8A171058                                                                                                            ZwOpenSection
SSDT            89720CE8                                                                                                            ZwOpenThread
SSDT            897C6378                                                                                                            ZwProtectVirtualMemory
SSDT            8A1E6A30                                                                                                            ZwResumeThread
SSDT            89FFD200                                                                                                            ZwSetContextThread
SSDT            89781620                                                                                                            ZwSetInformationProcess
SSDT            8A1606B8                                                                                                            ZwSetSystemInformation
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                          ZwSetValueKey [0xB4160C40]
SSDT            8A168A20                                                                                                            ZwSuspendProcess
SSDT            8A2194D8                                                                                                            ZwSuspendThread
SSDT            8A113878                                                                                                            ZwTerminateProcess
SSDT            8A234008                                                                                                            ZwTerminateThread
SSDT            89FF9228                                                                                                            ZwUnmapViewOfSection
SSDT            896E3930                                                                                                            ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2D3C                                                                                805045D8 4 Bytes  JMP 190A8A04 
.text           ntkrnlpa.exe!ZwCallbackReturn + 2DD0                                                                                8050466C 4 Bytes  CALL A4D9B87D 
?               SYMDS.SYS                                                                                                           Das System kann die angegebene Datei nicht finden. !
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xB69C0380, 0x566445, 0xE8000020]
.reloc          C:\WINDOWS\system32\drivers\acehlp10.sys                                                                            section is executable [0xB68F9700, 0x2919C, 0xE0000060]
init            C:\WINDOWS\system32\drivers\skfilt.sys                                                                              entry point in "init" section [0xB3F0A430]
.reloc          C:\WINDOWS\system32\drivers\acedrv10.sys                                                                            section is executable [0xB3207000, 0x4549F, 0xE0000060]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                            SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                           SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\BTHUSB \Device\000000b0                                                                                     bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                           SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                         SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\BTHUSB \Device\000000ae                                                                                     bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00076191be28                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00076191be28@000761887fbf                            0xB1 0x6F 0xDF 0xB8 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00076191be28@000761869e07                            0x0E 0xBB 0xEC 0x0A ...
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00076191be28 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00076191be28@000761887fbf                                0xB1 0x6F 0xDF 0xB8 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00076191be28@000761869e07                                0x0E 0xBB 0xEC 0x0A ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xC8 0x28 0x51 0xAF ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x71 0x3B 0x04 0x66 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0x7A 0x45 0x05 0xFD ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x86 0x8C 0x21 0x01 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xF5 0x1D 0x4D 0x73 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xB0 0x18 0xED 0xA7 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0xFB 0xA7 0x78 0xE6 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x83 0x6C 0x56 0x8B ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xF6 0x0F 0x4E 0x58 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x3D 0xCE 0xEA 0x26 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0x2A 0xB7 0xCC 0xB5 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----
         
Danke und Gruß

Alt 18.05.2010, 21:31   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TDDS installiert sich nach deinstallation und reboot wieder neu - Standard

TDDS installiert sich nach deinstallation und reboot wieder neu



Sieht ok aus, noch Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.05.2010, 22:59   #15
SonRevan
 
TDDS installiert sich nach deinstallation und reboot wieder neu - Standard

TDDS installiert sich nach deinstallation und reboot wieder neu



Nein, es sieht alles wieder blendet aus.

Ein ganz ganz großes von mir für deine Hilfe.

Grüße

Antwort

Themen zu TDDS installiert sich nach deinstallation und reboot wieder neu
antivirus, bho, bonjour, browser, browseui preloader, curse, desktop, device driver, down, einstellungen, eraser, error, excel, firefox.exe, focus, fontcache, heuristics, hijack, hijackthis, hkus\s-1-5-18, installation, intrusion prevention, logfile, malwarebytes' anti-malware, mein log, msiexec, neu starten, norman, problem, required, rootkit, routine, rundll, scan, security, senden, skype.exe, spyware, starten, studio, svchost, symantec, visual studio, windows xp, write



Ähnliche Themen: TDDS installiert sich nach deinstallation und reboot wieder neu


  1. WIN7: PUA/Installmonetizer installiert sich nach dem Löschen immer wieder selbst
    Log-Analyse und Auswertung - 25.07.2015 (12)
  2. in HKEY_USERS\.DEFAULT\...\Internet Settings sind gelöschte ProxyServer Daten nach reboot wieder da
    Log-Analyse und Auswertung - 17.04.2015 (11)
  3. Win8.1 Problem mit Software die sich immer wieder installiert
    Log-Analyse und Auswertung - 30.01.2015 (6)
  4. Websteroids 2.6.53 installiert sich immer wieder automatisch
    Plagegeister aller Art und deren Bekämpfung - 07.09.2014 (3)
  5. Download Protect installiert sich immer wieder
    Plagegeister aller Art und deren Bekämpfung - 23.04.2014 (19)
  6. XP - Feven 1.5 installiert sich von alleine immer wieder
    Plagegeister aller Art und deren Bekämpfung - 07.10.2013 (19)
  7. Spyhunter installiert, wie bei Deinstallation vorgehen?
    Log-Analyse und Auswertung - 05.09.2013 (13)
  8. Virus der sich immer wieder installiert!
    Antiviren-, Firewall- und andere Schutzprogramme - 28.05.2010 (10)
  9. Desktop Security 2010 installiert sich immer wieder neu
    Plagegeister aller Art und deren Bekämpfung - 09.05.2010 (4)
  10. PC stürzt ab und lässt sich nach reboot nicht mehr herunterfahren
    Log-Analyse und Auswertung - 13.11.2009 (5)
  11. Alles beseitigt??CPU OK?? win32.TDDS.rtk/win32.TDDS.reg
    Log-Analyse und Auswertung - 31.08.2009 (1)
  12. Norton Security Scan installiert sich immer wieder
    Log-Analyse und Auswertung - 28.12.2008 (0)
  13. Trojaner kommen nach reboot wieder
    Log-Analyse und Auswertung - 16.09.2008 (32)
  14. Plagegeist installiert sich immer wieder neu - was tun?
    Plagegeister aller Art und deren Bekämpfung - 21.06.2008 (1)
  15. Registry Trace installiert sich bei Systemstart immer wieder neu
    Plagegeister aller Art und deren Bekämpfung - 07.05.2006 (8)
  16. Nach jedem 2 Reboot kommen alle Viren wieder!
    Plagegeister aller Art und deren Bekämpfung - 15.05.2005 (4)
  17. Trojaner installiert sich immer wieder selbst
    Archiv - 27.01.2003 (14)

Zum Thema TDDS installiert sich nach deinstallation und reboot wieder neu - Hallo zusammen, ich habe das Problem das mein Norton ständig die svchost und meine firefox.exe anmeckert "Https Tidserv Request" oder auch "Https Tidserv Request 2" Diese Aktionen werden allesamt geblockt. - TDDS installiert sich nach deinstallation und reboot wieder neu...
Archiv
Du betrachtest: TDDS installiert sich nach deinstallation und reboot wieder neu auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.