Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bitte um Fileauswertung McAfee Rootkite Detective (https://www.trojaner-board.de/96486-bitte-um-fileauswertung-mcafee-rootkite-detective.html)

Pjong 13.03.2011 00:42
Bitte um Fileauswertung McAfee Rootkite Detective
 
Hi,
habe mit McAfee Rootkite Detective System gescannt und Hidden-Einträge gefunden.

Kann mir einer sagen, ob sich dahinter was "böses" versteckt?

Hier der Bericht:


McAfee(R) Rootkit Detective 1.1 scan report
On 09-03-2011 at 21:47:31
OS-Version 5.1.2600
Service Pack 3.0
====================================

Object-Type: SSDT-hook
Object-Name: ZwCreateKey
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwCreateThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwDeleteKey
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwDeleteValueKey
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwEnumerateKey
Object-Path: \SystemRoot\System32\drivers\sprt.sys

Object-Type: SSDT-hook
Object-Name: ZwEnumerateValueKey
Object-Path: \SystemRoot\System32\drivers\sprt.sys

Object-Type: SSDT-hook
Object-Name: ZwLoadKey2
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwOpenKey
Object-Path: \SystemRoot\System32\drivers\sprt.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenProcess
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwOpenThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwQueryKey
Object-Path: \SystemRoot\System32\drivers\sprt.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryValueKey
Object-Path: \SystemRoot\System32\drivers\sprt.sys

Object-Type: SSDT-hook
Object-Name: ZwReplaceKey
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwRestoreKey
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetValueKey
Object-Path: (NULL)

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_SYSTEM_CONTROL
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_POWER
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_CLEANUP
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_SHUTDOWN
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_INTERNAL_DEVICE_CONTROL
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_DEVICE_CONTROL
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_FLUSH_BUFFERS
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_WRITE
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_READ
Object-Path:

Object-Type: IRP-hook
Object-Name: \Driver\Ftdisk->IRP_MJ_CREATE
Object-Path:

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0D79C293C1ED61418462E24595C90D04td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 00000001ontrolSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: jdgg40\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: ujdew
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Status: Hidden

Object-Type: Registry-value
Object-Name: a0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: ujdew
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: p0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Status: Hidden

Object-Type: Registry-value
Object-Name: ujdew
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Status: Hidden

Object-Type: Registry-value
Object-Name: s1
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: s2
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: g0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-key
Object-Name: 0D79C293C1ED61418462E24595C90D04td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000001ontrolSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Status: Hidden

Object-Type: Registry-key
Object-Name: jdgg40\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 0D79C293C1ED61418462E24595C90D04td\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: 00000001ontrolSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Status: Unable to access registry key

Object-Type: Registry-key
Object-Name: jdgg40\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Status: Hidden

Object-Type: Registry-value
Object-Name: (Default)
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Status: Unable to access registry key

Object-Type: Registry-value
Object-Name: ujdew
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Status: Hidden

Object-Type: Registry-value
Object-Name: a0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: ujdew
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Status: Hidden

Object-Type: Registry-value
Object-Name: p0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Status: Hidden

Object-Type: Registry-value
Object-Name: ujdew
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Status: Hidden

Object-Type: Registry-value
Object-Name: s1
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: s2
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: g0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-value
Object-Name: h0
Object-Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg
Status: Hidden

Object-Type: Registry-key
Object-Name: DataEM\ControlSet001\Services\sptd\Cfg
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data
Status: Hidden

Object-Type: Registry-key
Object-Name: a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 System Provider\*Local Machine*\Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000000-0000-0000-0000-000000000000 System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden

Object-Type: Registry-key
Object-Name: {6340E680-FF06-435f-8767-B79D88AEBD4D}ystem Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden

Object-Type: Registry-value
Object-Name: Item Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden

Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden

Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden

Object-Type: Registry-key
Object-Name: Data 2RE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Status: Hidden

Object-Type: Registry-key
Object-Name: WindowsE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden

Object-Type: Registry-value
Object-Name: Value
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden

Object-Type: IAT/EAT-hook
PID: 1792
Details: Export : Function : ADVAPI32.dll!RegSetValueExW =>
Object-Path:
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1792
Details: Export : Function : ADVAPI32.dll!RegSetValueExA =>
Object-Path:
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1792
Details: Export : Function : ADVAPI32.dll!RegOpenKeyW =>
Object-Path:
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1792
Details: Export : Function : ADVAPI32.dll!RegOpenKeyExW =>
Object-Path:
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1792
Details: Export : Function : ADVAPI32.dll!RegOpenKeyExA =>
Object-Path:
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1792
Details: Export : Function : ADVAPI32.dll!RegOpenKeyA =>
Object-Path:
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1792
Details: Export : Function : ADVAPI32.dll!RegCreateKeyW =>
Object-Path:
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1792
Details: Export : Function : ADVAPI32.dll!RegCreateKeyA =>
Object-Path:
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1792
Details: Export : Function : WININET.dll!InternetReadFileExW => 01EC0000 + 0xfb90
Object-Path: 01EC0000 + 0xfb90
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1792
Details: Export : Function : WININET.dll!InternetReadFileExA => 01EC0000 + 0xfb28
Object-Path: 01EC0000 + 0xfb28
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1792
Details: Export : Function : WININET.dll!InternetReadFile => 01EC0000 + 0xf9a4
Object-Path: 01EC0000 + 0xf9a4
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1792
Details: Export : Function : WININET.dll!InternetQueryDataAvailable => 01EC0000 + 0xf674
Object-Path: 01EC0000 + 0xf674
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1792
Details: Export : Function : WININET.dll!InternetConnectA => 01EC0000 + 0xd390
Object-Path: 01EC0000 + 0xd390
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1792
Details: Export : Function : WININET.dll!HttpSendRequestW => 01EC0000 + 0xec68
Object-Path: 01EC0000 + 0xec68
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1792
Details: Export : Function : WININET.dll!HttpSendRequestA => 01EC0000 + 0xe5a8
Object-Path: 01EC0000 + 0xe5a8
Status: Hooked

Object-Type: IAT/EAT-hook
PID: 1792
Details: Export : Function : WININET.dll!HttpOpenRequestA => 01EC0000 + 0xd684
Object-Path: 01EC0000 + 0xd684
Status: Hooked

Object-Type: Process
Object-Name: NMBgMonitor.exe
Pid: 1456
Object-Path: C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
Status: Visible

Object-Type: Process
Object-Name: wmiapsrv.exe
Pid: 2076
Object-Path: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Status: Visible

Object-Type: Process
Object-Name: lsass.exe
Pid: 836
Object-Path: C:\WINDOWS\system32\lsass.exe
Status: Visible

Object-Type: Process
Object-Name: System Idle Process
Pid: 0
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: IGDCTRL.EXE
Pid: 1892
Object-Path: C:\Programme\FRITZ!DSL\IGDCTRL.EXE
Status: Visible

Object-Type: Process
Object-Name: IAAnotif.exe
Pid: 1148
Object-Path: C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
Status: Visible

Object-Type: Process
Object-Name: avgnt.exe
Pid: 1396
Object-Path: C:\Programme\Avira\AntiVir Desktop\avgnt.exe
Status: Visible

Object-Type: Process
Object-Name: igfxsrvc.exe
Pid: 1644
Object-Path: C:\WINDOWS\system32\igfxsrvc.exe
Status: Visible

Object-Type: Process
Object-Name: RTHDCPL.EXE
Pid: 1212
Object-Path: C:\WINDOWS\RTHDCPL.EXE
Status: Visible

Object-Type: Process
Object-Name: smss.exe
Pid: 468
Object-Path: C:\WINDOWS\System32\smss.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 996
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: AntiSpyWare2Gua
Pid: 1308
Object-Path: C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1092
Object-Path: C:\WINDOWS\System32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1712
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: services.exe
Pid: 816
Object-Path: C:\WINDOWS\system32\services.exe
Status: Visible

Object-Type: Process
Object-Name: StCenter.exe
Pid: 1220
Object-Path: C:\Programme\FRITZ!DSL\StCenter.exe
Status: Visible

Object-Type: Process
Object-Name: avguard.exe
Pid: 1872
Object-Path: C:\Programme\Avira\AntiVir Desktop\avguard.exe
Status: Visible

Object-Type: Process
Object-Name: IAANTmon.exe
Pid: 1936
Object-Path: C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe
Status: Visible

Object-Type: Process
Object-Name: ctfmon.exe
Pid: 1440
Object-Path: C:\WINDOWS\system32\ctfmon.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1316
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: RtkBtMnt.exe
Pid: 3952
Object-Path: C:\DOKUME~1\ME\LOKALE~1\Temp\RtkBtMnt.exe
Status: Visible

Object-Type: Process
Object-Name: E_FATIFBE.EXE
Pid: 1504
Object-Path: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1132
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: alg.exe
Pid: 3644
Object-Path: C:\WINDOWS\System32\alg.exe
Status: Visible

Object-Type: Process
Object-Name: AntiSpyWareServ
Pid: 1816
Object-Path: C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
Status: Visible

Object-Type: Process
Object-Name: NMIndexStoreSvr
Pid: 2188
Object-Path: C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1196
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: spoolsv.exe
Pid: 1568
Object-Path: C:\WINDOWS\system32\spoolsv.exe
Status: Visible

Object-Type: Process
Object-Name: avshadow.exe
Pid: 484
Object-Path: C:\Programme\Avira\AntiVir Desktop\avshadow.exe
Status: Visible

Object-Type: Process
Object-Name: EEventManager.e
Pid: 1352
Object-Path: C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
Status: Visible

Object-Type: Process
Object-Name: msmsgs.exe
Pid: 1476
Object-Path: C:\Programme\Messenger\msmsgs.exe
Status: Visible

Object-Type: Process
Object-Name: StarWindService
Pid: 268
Object-Path: C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 2128
Object-Path: C:\WINDOWS\System32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: winlogon.exe
Pid: 548
Object-Path: C:\WINDOWS\system32\winlogon.exe
Status: Visible

Object-Type: Process
Object-Name: jqs.exe
Pid: 1976
Object-Path: C:\Programme\Java\jre6\bin\jqs.exe
Status: Visible

Object-Type: Process
Object-Name: FwebProt.exe
Pid: 1604
Object-Path: C:\Programme\FRITZ!DSL\FwebProt.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 396
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: hkcmd.exe
Pid: 1264
Object-Path: C:\WINDOWS\system32\hkcmd.exe
Status: Visible

Object-Type: Process
Object-Name: wscntfy.exe
Pid: 3496
Object-Path: C:\WINDOWS\system32\wscntfy.exe
Status: Visible

Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 1016
Object-Path: C:\Dokumente und Einstellungen\ME\Eigene Dateien\Downloads\Mc A\Rootkit_Detective.exe
Status: Visible

Object-Type: Process
Object-Name: explorer.exe
Pid: 1792
Object-Path: C:\WINDOWS\Explorer.EXE
Status: Visible

Object-Type: Process
Object-Name: sched.exe
Pid: 1668
Object-Path: C:\Programme\Avira\AntiVir Desktop\sched.exe
Status: Visible

Object-Type: Process
Object-Name: igfxtray.exe
Pid: 1236
Object-Path: C:\WINDOWS\system32\igfxtray.exe
Status: Visible

Object-Type: Process
Object-Name: firefox.exe
Pid: 1484
Object-Path: C:\Programme\Mozilla Firefox\firefox.exe
Status: Visible

Object-Type: Process
Object-Name: csrss.exe
Pid: 524
Object-Path: C:\WINDOWS\system32\csrss.exe
Status: Visible

Object-Type: Process
Object-Name: igfxpers.exe
Pid: 1300
Object-Path: C:\WINDOWS\system32\igfxpers.exe
Status: Visible

Object-Type: Process
Object-Name: plugin-containe
Pid: 556
Object-Path: C:\Programme\Mozilla Firefox\plugin-container.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1052
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Scan complete. Hidden registry keys/values: 39

DANKE FÜR EURE HILFE!!!

cosinus 14.03.2011 10:54
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Pjong 15.03.2011 11:04
Wird erledigt!

Pjong 15.03.2011 17:06
Hi,

hier der Bericht aus Malware:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6062

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15.03.2011 16:57:31
mbam-log-2011-03-15 (16-57-31).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 137917
Laufzeit: 3 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userinit.exe (Spyware.Zbot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\WINDOWS\system32\setupr.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\ME\lokale einstellungen\Temp\0.099002723549523.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Pjong 15.03.2011 17:09
Hier OTL:OTL Logfile:
Code:
OTL logfile created on: 15.03.2011 17:02:55 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Dokumente und Einstellungen\ME\Desktop\Scan
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
953,00 Mb Total Physical Memory | 471,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1428 2856 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 0,56 Gb Free Space | 1,44% Space Free | Partition Type: NTFS
Drive D: | 109,98 Gb Total Space | 9,78 Gb Free Space | 8,90% Space Free | Partition Type: NTFS
 
Computer Name: DAMPFMASCHINE | User Name: ME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.15 11:01:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\ME\Desktop\Scan\OTL.exe
PRC - [2011.03.05 14:22:52 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.01.10 14:23:04 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.01.10 14:22:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.05.30 21:31:50 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Dokumente und Einstellungen\ME\Lokale Einstellungen\Temp\RtkBtMnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009.07.15 09:44:24 | 002,376,536 | ---- | M] (Ashampoo GmbH & Co. KG) -- C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
PRC - [2009.07.15 09:44:18 | 000,749,912 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
PRC - [2009.04.07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.09.27 01:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIFBE.EXE
PRC - [2008.05.07 16:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.05.07 16:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.11.16 18:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.11.16 17:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2005.11.21 10:34:24 | 000,081,920 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2005.11.15 02:07:28 | 000,917,504 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\FwebProt.exe
PRC - [2005.11.15 02:07:28 | 000,679,936 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.15 11:01:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Me\Desktop\Scan\OTL.exe
MOD - [2009.07.14 02:31:34 | 000,311,808 | ---- | M] (Ashampoo GmbH & Co. KG) -- C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll
MOD - [2008.04.14 06:50:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.01.10 14:23:04 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.10 14:22:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.19 14:35:23 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.07.15 09:44:18 | 000,749,912 | ---- | M] () [Auto | Running] -- C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe -- (AASW2_Service)
SRV - [2008.05.29 08:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.05.07 16:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2005.11.21 10:34:24 | 000,081,920 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
SRV - [2005.11.21 09:48:06 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.09 21:09:30 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\d99A.sys -- (d99A)
DRV - [2011.01.10 14:23:16 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.01.10 14:23:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 14:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010.05.30 22:42:42 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.06.30 22:37:04 | 001,574,112 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008.06.14 01:11:16 | 004,754,944 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.30 00:09:56 | 000,108,032 | R--- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.03.19 22:26:24 | 000,175,104 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4
FF - prefs.js..extensions.enabledItems: alarm@gutscheinsammler.de:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.05 14:22:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.05 14:22:56 | 000,000,000 | ---D | M]
 
[2010.05.30 21:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Mozilla\Extensions
[2011.03.15 10:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Mozilla\Firefox\Profiles\ldnv2msn.default\extensions
[2011.03.05 11:24:18 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Mozilla\Firefox\Profiles\ldnv2msn.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011.02.23 19:18:43 | 000,000,000 | ---D | M] (Gutscheinsammler.de) -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Mozilla\Firefox\Profiles\ldnv2msn.default\extensions\alarm@gutscheinsammler.de
[2011.03.15 10:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.11 16:35:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.09.28 00:05:33 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.28 00:05:33 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.28 00:05:33 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.28 00:05:33 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.28 00:05:33 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.30 22:47:16 | 000,000,972 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 CD and DVD Burning Software - Alcohol Soft copy and virtual drive software Alcohol 120 and 52% Free Edition
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: ['Ashampoo AntiSpyWare 2 Guard'] C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe (Ashampoo GmbH & Co. KG)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON SX110 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Dokumente und Einstellungen\ME\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O4 - Startup: C:\Dokumente und Einstellungen\ME\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\SARAH.DLL (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281174360453 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\ME\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\ME\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.30 18:07:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{644d6c9c-0522-11e0-a28d-0017c4a957b0}\Shell - "" = AutoRun
O33 - MountPoints2\{644d6c9c-0522-11e0-a28d-0017c4a957b0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{644d6c9c-0522-11e0-a28d-0017c4a957b0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{b4ece0bf-9692-11df-a0c4-0017c4a957b0}\Shell - "" = AutoRun
O33 - MountPoints2\{b4ece0bf-9692-11df-a0c4-0017c4a957b0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b4ece0bf-9692-11df-a0c4-0017c4a957b0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.15 10:44:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Malwarebytes
[2011.03.15 10:41:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.03.15 10:41:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.03.15 10:41:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.03.15 10:41:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.03.15 10:41:21 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.10 19:47:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ME\Desktop\movies
[2011.03.09 21:21:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011.03.09 21:14:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ME\Desktop\Scan
[2011.03.08 22:52:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Avira
[2011.03.08 22:50:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2011.03.01 21:49:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Avira
[2011.03.01 21:43:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2011.03.01 21:43:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.03.01 21:43:30 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.03.01 21:43:30 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.03.01 21:43:30 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011.03.01 21:43:30 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011.03.01 21:43:30 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.03.01 21:43:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2011.03.01 21:23:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.02.28 21:57:03 | 000,068,976 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011.02.28 21:47:21 | 000,051,400 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011.02.28 21:47:21 | 000,029,640 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2011.02.28 21:47:19 | 000,062,024 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011.02.28 21:47:19 | 000,033,480 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011.02.28 21:46:38 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\G Data
[2011.02.28 21:46:38 | 000,000,000 | ---D | C] -- C:\Programme\G Data
[2011.02.28 21:46:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2011.02.28 21:46:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011.02.28 21:44:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ME\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
[2010.06.12 22:55:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.15 17:00:01 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011.03.15 16:59:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.03.15 10:41:26 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.14 01:45:30 | 000,079,360 | ---- | M] () -- C:\Dokumente und Einstellungen\ME\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.14 01:45:30 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.03.12 12:39:51 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.03.09 21:39:27 | 000,000,196 | -HS- | M] () -- C:\WINDOWS\System32\drivers\afe17.DAT
[2011.03.09 21:39:27 | 000,000,196 | -HS- | M] () -- C:\WINDOWS\System32\drivers\4c416.DAT
[2011.03.09 21:39:27 | 000,000,196 | -HS- | M] () -- C:\WINDOWS\System32\drivers\02615.DAT
[2011.03.09 21:09:30 | 000,054,624 | ---- | M] () -- C:\WINDOWS\System32\d99A.sys
[2011.03.09 21:09:09 | 002,335,270 | ---- | M] () -- C:\WINDOWS\System32\9556.mht
[2011.03.09 12:19:06 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Epson Printer Software Downloader.job
[2011.03.05 09:20:00 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011.03.01 23:38:03 | 000,000,675 | ---- | M] () -- C:\Dokumente und Einstellungen\ME\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk
[2011.03.01 21:43:38 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.02.28 21:57:03 | 000,068,976 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011.02.28 21:47:21 | 000,051,400 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011.02.28 21:47:21 | 000,029,640 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2011.02.28 21:47:19 | 000,062,024 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011.02.28 21:47:19 | 000,033,480 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011.02.23 19:58:38 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011.02.19 15:32:47 | 002,913,532 | ---- | M] () -- C:\Dokumente und Einstellungen\ME\Desktop\IMG_3535.jpg
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.15 10:41:26 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.09 21:39:27 | 000,000,196 | -HS- | C] () -- C:\WINDOWS\System32\drivers\afe17.DAT
[2011.03.09 21:39:27 | 000,000,196 | -HS- | C] () -- C:\WINDOWS\System32\drivers\4c416.DAT
[2011.03.09 21:39:27 | 000,000,196 | -HS- | C] () -- C:\WINDOWS\System32\drivers\02615.DAT
[2011.03.09 21:09:30 | 000,054,624 | ---- | C] () -- C:\WINDOWS\System32\d99A.sys
[2011.03.09 21:09:09 | 002,335,270 | ---- | C] () -- C:\WINDOWS\System32\9556.mht
[2011.03.01 23:38:03 | 000,000,675 | ---- | C] () -- C:\Dokumente und Einstellungen\ME\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk
[2011.03.01 21:43:38 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.02.19 15:32:47 | 002,913,532 | ---- | C] () -- C:\Dokumente und Einstellungen\ME\Desktop\IMG_3535.jpg
[2011.01.23 17:52:27 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.07.31 14:14:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010.07.31 11:13:27 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010.07.31 11:13:27 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010.07.31 11:13:27 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010.07.31 11:13:27 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010.07.31 11:13:27 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010.07.31 11:13:27 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010.07.31 11:13:27 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010.07.31 11:13:27 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010.07.31 11:13:27 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010.07.31 11:13:27 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010.07.31 11:13:27 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010.07.31 11:13:27 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010.07.31 11:13:27 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010.07.31 11:13:27 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010.07.31 11:13:27 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010.07.31 11:13:27 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010.07.31 11:13:27 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010.07.31 11:13:27 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010.07.31 11:13:27 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010.06.12 22:55:25 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\inst.exe
[2010.06.12 22:55:25 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\pcouffin.cat
[2010.06.12 22:55:25 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\pcouffin.inf
[2010.06.08 19:55:47 | 000,079,360 | ---- | C] () -- C:\Dokumente und Einstellungen\ME\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.06 20:17:13 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010.05.31 20:49:16 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.05.31 01:12:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.05.31 01:11:18 | 000,130,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.05.30 22:51:51 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.05.30 21:58:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.05.30 21:30:20 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2010.05.30 21:30:16 | 001,991,464 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010.05.30 21:30:16 | 000,432,400 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010.05.30 18:09:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.05.30 18:05:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.02.28 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.02.28 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.02.28 13:00:00 | 000,316,838 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.02.28 13:00:00 | 000,311,802 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.02.28 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.02.28 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.02.28 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.02.28 13:00:00 | 000,048,354 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.02.28 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.02.28 13:00:00 | 000,040,190 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.02.28 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.02.28 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.02.28 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.02.28 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.02.28 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.02.28 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005.04.04 12:52:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005.04.04 12:35:24 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
 
========== LOP Check ==========
 
[2010.06.12 15:40:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiSpyInfo
[2010.08.09 19:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2011.03.01 21:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2010.05.30 22:59:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.07.31 11:19:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2010.12.26 13:31:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Epson
[2011.03.15 16:58:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\FRITZ!
[2010.10.19 16:17:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\TeamViewer
[2010.05.30 22:59:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\TuneUp Software
[2010.06.12 22:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Vso
[2011.03.15 17:00:01 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2011.03.09 12:19:06 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Epson Printer Software Downloader.job
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

Bericht Nr. 2:OTL Logfile:
Code:
OTL Extras logfile created on: 15.03.2011 17:02:55 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Dokumente und Einstellungen\ME\Desktop\Scan
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
953,00 Mb Total Physical Memory | 471,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1428 2856 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 0,56 Gb Free Space | 1,44% Space Free | Partition Type: NTFS
Drive D: | 109,98 Gb Total Space | 9,78 Gb Free Space | 8,90% Space Free | Partition Type: NTFS
 
Computer Name: DAMPFMASCHINE | User Name: ME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\fsetup.exe" = E:\fsetup.exe:*:Enabled:AVM FSetup Application
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Epson Software\Event Manager\EEventManager.exe" = C:\Programme\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{235BBFC6-D863-4066-A01A-3BD504C31031}" = Nero 7 Ultra Edition
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo AntiSpyWare 2_is1" = Ashampoo AntiSpyWare 2.10
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX110_TX110 Benutzerhandbuch" = Epson Stylus SX110_TX110 Handbuch
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"FRITZ!DSL" = AVM FRITZ!DSL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.02.2011 19:33:51 | Computer Name = DAMPFMASCHINE | Source = ESENT | ID = 490
Description = svchost (1044) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 27.02.2011 04:34:25 | Computer Name = DAMPFMASCHINE | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 27.02.2011 16:00:01 | Computer Name = DAMPFMASCHINE | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 28.02.2011 05:06:51 | Computer Name = DAMPFMASCHINE | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 28.02.2011 15:52:13 | Computer Name = DAMPFMASCHINE | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 28.02.2011 16:28:47 | Computer Name = DAMPFMASCHINE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung antispyware2guard.exe, Version 2.0.0.0,
fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 03.03.2011 15:32:52 | Computer Name = DAMPFMASCHINE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 09.03.2011 16:22:26 | Computer Name = DAMPFMASCHINE | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 10.03.2011 14:29:28 | Computer Name = DAMPFMASCHINE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
 Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d.
 
Error - 14.03.2011 17:14:30 | Computer Name = DAMPFMASCHINE | Source = ESENT | ID = 490
Description = svchost (1048) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
[ System Events ]
Error - 14.03.2011 16:53:33 | Computer Name = DAMPFMASCHINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "afe17" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 14.03.2011 17:14:08 | Computer Name = DAMPFMASCHINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "afe17" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 15.03.2011 04:17:05 | Computer Name = DAMPFMASCHINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "afe17" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 15.03.2011 05:21:25 | Computer Name = DAMPFMASCHINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "afe17" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 15.03.2011 06:07:00 | Computer Name = DAMPFMASCHINE | Source = Service Control Manager | ID = 7034
Description = Dienst "Ashampoo AntiSpyWare 2 Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
 
Error - 15.03.2011 06:07:51 | Computer Name = DAMPFMASCHINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "afe17" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 15.03.2011 11:39:42 | Computer Name = DAMPFMASCHINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "afe17" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 15.03.2011 11:58:56 | Computer Name = DAMPFMASCHINE | Source = Service Control Manager | ID = 7034
Description = Dienst "Ashampoo AntiSpyWare 2 Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
 
Error - 15.03.2011 11:59:47 | Computer Name = DAMPFMASCHINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "afe17" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 15.03.2011 11:59:53 | Computer Name = DAMPFMASCHINE | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
 
< End of report >
--- --- ---

Pjong 15.03.2011 17:09
Fehler--> gelöscht

cosinus 15.03.2011 21:09
Zitat:
Art des Suchlaufs: Quick-Scan
Ich wollte einen Vollscan sehen...

Pjong 16.03.2011 19:47
Sry, hier der Vollst.suchlauf:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6062

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16.03.2011 19:36:36
mbam-log-2011-03-16 (19-36-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Durchsuchte Objekte: 171783
Laufzeit: 16 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\WINDOWS\system32\config\systemprofile\lokale einstellungen\temporary internet files\Content.IE5\Q3Y31QCM\gts[1].exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\lokale einstellungen\temporary internet files\Content.IE5\Q3Y31QCM\jts[1].exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\lokale einstellungen\temporary internet files\Content.IE5\Q3Y31QCM\kts[1].exe (Spyware.Zbot) -> Quarantined and deleted successfully.

DANKE!

cosinus 16.03.2011 19:58
Mach bitte frische Logs mit OTL.exe und poste sie.

Pjong 16.03.2011 23:50
Hi,

hier die otl logs


Nr. 1OTL Logfile:
Code:
OTL logfile created on: 16.03.2011 23:42:41 - Run 3
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Dokumente und Einstellungen\ME\Desktop\Scan
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
953,00 Mb Total Physical Memory | 435,00 Mb Available Physical Memory | 46,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1428 2856 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 1,82 Gb Free Space | 4,67% Space Free | Partition Type: NTFS
Drive D: | 109,98 Gb Total Space | 9,79 Gb Free Space | 8,90% Space Free | Partition Type: NTFS
 
Computer Name: DAMPFMASCHINE | User Name: ME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.15 11:01:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\ME\Desktop\Scan\OTL.exe
PRC - [2011.03.05 14:22:52 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.01.10 14:23:04 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.01.10 14:22:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.05.30 21:31:50 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Dokumente und Einstellungen\ME\Lokale Einstellungen\Temp\RtkBtMnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009.07.15 09:44:24 | 002,376,536 | ---- | M] (Ashampoo GmbH & Co. KG) -- C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
PRC - [2009.07.15 09:44:18 | 000,749,912 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
PRC - [2009.04.07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.09.27 01:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIFBE.EXE
PRC - [2008.05.07 16:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.05.07 16:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.11.16 18:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.11.16 17:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2005.11.21 10:34:24 | 000,081,920 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2005.11.15 02:07:28 | 000,917,504 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\FwebProt.exe
PRC - [2005.11.15 02:07:28 | 000,679,936 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.15 11:01:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\ME\Desktop\Scan\OTL.exe
MOD - [2009.07.14 02:31:34 | 000,311,808 | ---- | M] (Ashampoo GmbH & Co. KG) -- C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll
MOD - [2008.04.14 06:50:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.01.10 14:23:04 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.10 14:22:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.19 14:35:23 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.07.15 09:44:18 | 000,749,912 | ---- | M] () [Auto | Running] -- C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe -- (AASW2_Service)
SRV - [2008.05.29 08:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.05.07 16:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2005.11.21 10:34:24 | 000,081,920 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
SRV - [2005.11.21 09:48:06 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.09 21:09:30 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\d99A.sys -- (d99A)
DRV - [2011.01.10 14:23:16 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.01.10 14:23:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 14:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010.05.30 22:42:42 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.06.30 22:37:04 | 001,574,112 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008.06.14 01:11:16 | 004,754,944 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.30 00:09:56 | 000,108,032 | R--- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.03.19 22:26:24 | 000,175,104 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4
FF - prefs.js..extensions.enabledItems: alarm@gutscheinsammler.de:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.05 14:22:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.05 14:22:56 | 000,000,000 | ---D | M]
 
[2010.05.30 21:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Mozilla\Extensions
[2011.03.15 10:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Mozilla\Firefox\Profiles\ldnv2msn.default\extensions
[2011.03.05 11:24:18 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Mozilla\Firefox\Profiles\ldnv2msn.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011.02.23 19:18:43 | 000,000,000 | ---D | M] (Gutscheinsammler.de) -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Mozilla\Firefox\Profiles\ldnv2msn.default\extensions\alarm@gutscheinsammler.de
[2011.03.15 10:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.11 16:35:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.09.28 00:05:33 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.28 00:05:33 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.28 00:05:33 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.28 00:05:33 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.28 00:05:33 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.30 22:47:16 | 000,000,972 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: ['Ashampoo AntiSpyWare 2 Guard'] C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe (Ashampoo GmbH & Co. KG)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON SX110 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Dokumente und Einstellungen\ME\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O4 - Startup: C:\Dokumente und Einstellungen\ME\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\SARAH.DLL (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281174360453 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\ME\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\ME\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.30 18:07:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{644d6c9c-0522-11e0-a28d-0017c4a957b0}\Shell - "" = AutoRun
O33 - MountPoints2\{644d6c9c-0522-11e0-a28d-0017c4a957b0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{644d6c9c-0522-11e0-a28d-0017c4a957b0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{b4ece0bf-9692-11df-a0c4-0017c4a957b0}\Shell - "" = AutoRun
O33 - MountPoints2\{b4ece0bf-9692-11df-a0c4-0017c4a957b0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b4ece0bf-9692-11df-a0c4-0017c4a957b0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.15 10:44:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Malwarebytes
[2011.03.15 10:41:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.03.15 10:41:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.03.15 10:41:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.03.15 10:41:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.03.15 10:41:21 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.10 19:47:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ME\Desktop\movies
[2011.03.09 21:21:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011.03.09 21:14:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ME\Desktop\Scan
[2011.03.08 22:52:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Avira
[2011.03.08 22:50:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2011.03.01 21:49:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Avira
[2011.03.01 21:43:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2011.03.01 21:43:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.03.01 21:43:30 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.03.01 21:43:30 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.03.01 21:43:30 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011.03.01 21:43:30 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011.03.01 21:43:30 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.03.01 21:43:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2011.03.01 21:23:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.02.28 21:57:03 | 000,068,976 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011.02.28 21:47:21 | 000,051,400 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011.02.28 21:47:21 | 000,029,640 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2011.02.28 21:47:19 | 000,062,024 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011.02.28 21:47:19 | 000,033,480 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011.02.28 21:46:38 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\G Data
[2011.02.28 21:46:38 | 000,000,000 | ---D | C] -- C:\Programme\G Data
[2011.02.28 21:46:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2011.02.28 21:46:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011.02.28 21:44:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ME\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
[2010.06.12 22:55:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.16 23:26:20 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011.03.16 23:26:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.03.15 10:41:26 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.14 01:45:30 | 000,079,360 | ---- | M] () -- C:\Dokumente und Einstellungen\ME\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.14 01:45:30 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.03.12 12:39:51 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.03.09 21:39:27 | 000,000,196 | -HS- | M] () -- C:\WINDOWS\System32\drivers\afe17.DAT
[2011.03.09 21:39:27 | 000,000,196 | -HS- | M] () -- C:\WINDOWS\System32\drivers\4c416.DAT
[2011.03.09 21:39:27 | 000,000,196 | -HS- | M] () -- C:\WINDOWS\System32\drivers\02615.DAT
[2011.03.09 21:09:30 | 000,054,624 | ---- | M] () -- C:\WINDOWS\System32\d99A.sys
[2011.03.09 21:09:09 | 002,335,270 | ---- | M] () -- C:\WINDOWS\System32\9556.mht
[2011.03.09 12:19:06 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Epson Printer Software Downloader.job
[2011.03.05 09:20:00 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011.03.01 23:38:03 | 000,000,675 | ---- | M] () -- C:\Dokumente und Einstellungen\ME\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk
[2011.03.01 21:43:38 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.02.28 21:57:03 | 000,068,976 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011.02.28 21:47:21 | 000,051,400 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011.02.28 21:47:21 | 000,029,640 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDNdisIc.sys
[2011.02.28 21:47:19 | 000,062,024 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011.02.28 21:47:19 | 000,033,480 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011.02.23 19:58:38 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011.02.19 15:32:47 | 002,913,532 | ---- | M] () -- C:\Dokumente und Einstellungen\ME\Desktop\IMG_3535.jpg
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.15 10:41:26 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.09 21:39:27 | 000,000,196 | -HS- | C] () -- C:\WINDOWS\System32\drivers\afe17.DAT
[2011.03.09 21:39:27 | 000,000,196 | -HS- | C] () -- C:\WINDOWS\System32\drivers\4c416.DAT
[2011.03.09 21:39:27 | 000,000,196 | -HS- | C] () -- C:\WINDOWS\System32\drivers\02615.DAT
[2011.03.09 21:09:30 | 000,054,624 | ---- | C] () -- C:\WINDOWS\System32\d99A.sys
[2011.03.09 21:09:09 | 002,335,270 | ---- | C] () -- C:\WINDOWS\System32\9556.mht
[2011.03.01 23:38:03 | 000,000,675 | ---- | C] () -- C:\Dokumente und Einstellungen\ME\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk
[2011.03.01 21:43:38 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.02.19 15:32:47 | 002,913,532 | ---- | C] () -- C:\Dokumente und Einstellungen\ME\Desktop\IMG_3535.jpg
[2011.01.23 17:52:27 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.07.31 14:14:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010.07.31 11:13:27 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010.07.31 11:13:27 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010.07.31 11:13:27 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010.07.31 11:13:27 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010.07.31 11:13:27 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010.07.31 11:13:27 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010.07.31 11:13:27 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010.07.31 11:13:27 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010.07.31 11:13:27 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010.07.31 11:13:27 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010.07.31 11:13:27 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010.07.31 11:13:27 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010.07.31 11:13:27 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010.07.31 11:13:27 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010.07.31 11:13:27 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010.07.31 11:13:27 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010.07.31 11:13:27 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010.07.31 11:13:27 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010.07.31 11:13:27 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010.06.12 22:55:25 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\inst.exe
[2010.06.12 22:55:25 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\pcouffin.cat
[2010.06.12 22:55:25 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\pcouffin.inf
[2010.06.08 19:55:47 | 000,079,360 | ---- | C] () -- C:\Dokumente und Einstellungen\ME\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.06 20:17:13 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010.05.31 20:49:16 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.05.31 01:12:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.05.31 01:11:18 | 000,130,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.05.30 22:51:51 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.05.30 21:58:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.05.30 21:30:20 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2010.05.30 21:30:16 | 001,991,464 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010.05.30 21:30:16 | 000,432,400 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010.05.30 18:09:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.05.30 18:05:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.02.28 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.02.28 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.02.28 13:00:00 | 000,316,838 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.02.28 13:00:00 | 000,311,802 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.02.28 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.02.28 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.02.28 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.02.28 13:00:00 | 000,048,354 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.02.28 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.02.28 13:00:00 | 000,040,190 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.02.28 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.02.28 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.02.28 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.02.28 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.02.28 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.02.28 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005.04.04 12:52:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005.04.04 12:35:24 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
 
========== LOP Check ==========
 
[2010.06.12 15:40:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiSpyInfo
[2010.08.09 19:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2011.03.01 21:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2010.05.30 22:59:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.07.31 11:19:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2010.12.26 13:31:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Epson
[2011.03.16 21:05:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\FRITZ!
[2010.10.19 16:17:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\TeamViewer
[2010.05.30 22:59:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\TuneUp Software
[2010.06.12 22:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Vso
[2011.03.16 23:26:20 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2011.03.09 12:19:06 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Epson Printer Software Downloader.job
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Nr. 2OTL Logfile:
Code:
OTL Extras logfile created on: 16.03.2011 23:42:41 - Run 3
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Dokumente und Einstellungen\ME\Desktop\Scan
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
953,00 Mb Total Physical Memory | 435,00 Mb Available Physical Memory | 46,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1428 2856 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 1,82 Gb Free Space | 4,67% Space Free | Partition Type: NTFS
Drive D: | 109,98 Gb Total Space | 9,79 Gb Free Space | 8,90% Space Free | Partition Type: NTFS
 
Computer Name: DAMPFMASCHINE | User Name: ME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\fsetup.exe" = E:\fsetup.exe:*:Enabled:AVM FSetup Application
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Epson Software\Event Manager\EEventManager.exe" = C:\Programme\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{235BBFC6-D863-4066-A01A-3BD504C31031}" = Nero 7 Ultra Edition
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo AntiSpyWare 2_is1" = Ashampoo AntiSpyWare 2.10
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX110_TX110 Benutzerhandbuch" = Epson Stylus SX110_TX110 Handbuch
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"FRITZ!DSL" = AVM FRITZ!DSL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.02.2011 19:33:51 | Computer Name = DAMPFMASCHINE | Source = ESENT | ID = 490
Description = svchost (1044) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 27.02.2011 04:34:25 | Computer Name = DAMPFMASCHINE | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 27.02.2011 16:00:01 | Computer Name = DAMPFMASCHINE | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 28.02.2011 05:06:51 | Computer Name = DAMPFMASCHINE | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 28.02.2011 15:52:13 | Computer Name = DAMPFMASCHINE | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 28.02.2011 16:28:47 | Computer Name = DAMPFMASCHINE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung antispyware2guard.exe, Version 2.0.0.0,
fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
 
Error - 03.03.2011 15:32:52 | Computer Name = DAMPFMASCHINE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 09.03.2011 16:22:26 | Computer Name = DAMPFMASCHINE | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 10.03.2011 14:29:28 | Computer Name = DAMPFMASCHINE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
 Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d.
 
Error - 14.03.2011 17:14:30 | Computer Name = DAMPFMASCHINE | Source = ESENT | ID = 490
Description = svchost (1048) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
[ System Events ]
Error - 15.03.2011 11:58:56 | Computer Name = DAMPFMASCHINE | Source = Service Control Manager | ID = 7034
Description = Dienst "Ashampoo AntiSpyWare 2 Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
 
Error - 15.03.2011 11:59:47 | Computer Name = DAMPFMASCHINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "afe17" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 15.03.2011 11:59:53 | Computer Name = DAMPFMASCHINE | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 15.03.2011 18:04:38 | Computer Name = DAMPFMASCHINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "afe17" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 15.03.2011 18:47:54 | Computer Name = DAMPFMASCHINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "afe17" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 16.03.2011 14:16:19 | Computer Name = DAMPFMASCHINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "afe17" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 16.03.2011 14:39:24 | Computer Name = DAMPFMASCHINE | Source = Service Control Manager | ID = 7034
Description = Dienst "Ashampoo AntiSpyWare 2 Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
 
Error - 16.03.2011 14:40:18 | Computer Name = DAMPFMASCHINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "afe17" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 16.03.2011 14:40:29 | Computer Name = DAMPFMASCHINE | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 16.03.2011 18:26:14 | Computer Name = DAMPFMASCHINE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "afe17" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
 
< End of report >
--- --- ---

N8

Bis dann...

cosinus 17.03.2011 09:29
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2011.03.09 21:39:27 | 000,000,196 | -HS- | C] () -- C:\WINDOWS\System32\drivers\afe17.DAT
[2011.03.09 21:39:27 | 000,000,196 | -HS- | C] () -- C:\WINDOWS\System32\drivers\4c416.DAT
[2011.03.09 21:39:27 | 000,000,196 | -HS- | C] () -- C:\WINDOWS\System32\drivers\02615.DAT
[2011.03.09 21:09:30 | 000,054,624 | ---- | C] () -- C:\WINDOWS\System32\d99A.sys
[2011.03.09 21:09:09 | 002,335,270 | ---- | C] () -- C:\WINDOWS\System32\9556.mht
O33 - MountPoints2\{644d6c9c-0522-11e0-a28d-0017c4a957b0}\Shell - "" = AutoRun
O33 - MountPoints2\{644d6c9c-0522-11e0-a28d-0017c4a957b0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{644d6c9c-0522-11e0-a28d-0017c4a957b0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{b4ece0bf-9692-11df-a0c4-0017c4a957b0}\Shell - "" = AutoRun
O33 - MountPoints2\{b4ece0bf-9692-11df-a0c4-0017c4a957b0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b4ece0bf-9692-11df-a0c4-0017c4a957b0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Pjong 17.03.2011 23:43
Hi,

hier die File.

All processes killed
========== OTL ==========
C:\WINDOWS\system32\drivers\afe17.DAT moved successfully.
C:\WINDOWS\system32\drivers\4c416.DAT moved successfully.
C:\WINDOWS\system32\drivers\02615.DAT moved successfully.
C:\WINDOWS\system32\d99A.sys moved successfully.
C:\WINDOWS\system32\9556.mht moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{644d6c9c-0522-11e0-a28d-0017c4a957b0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644d6c9c-0522-11e0-a28d-0017c4a957b0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{644d6c9c-0522-11e0-a28d-0017c4a957b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644d6c9c-0522-11e0-a28d-0017c4a957b0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{644d6c9c-0522-11e0-a28d-0017c4a957b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644d6c9c-0522-11e0-a28d-0017c4a957b0}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4ece0bf-9692-11df-a0c4-0017c4a957b0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4ece0bf-9692-11df-a0c4-0017c4a957b0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4ece0bf-9692-11df-a0c4-0017c4a957b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4ece0bf-9692-11df-a0c4-0017c4a957b0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4ece0bf-9692-11df-a0c4-0017c4a957b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4ece0bf-9692-11df-a0c4-0017c4a957b0}\ not found.
File F:\LaunchU3.exe -a not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: ME
->Temp folder emptied: 39793671 bytes
->Temporary Internet Files folder emptied: 4885965 bytes
->Java cache emptied: 11170091 bytes
->FireFox cache emptied: 55407343 bytes
->Flash cache emptied: 2885184 bytes

User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2168434 bytes
%systemroot%\System32 .tmp files removed: 2840455 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1398745 bytes
RecycleBin emptied: 3968836823 bytes

Total Files Cleaned = 3.900,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03172011_233551

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

THX und N8

cosinus 18.03.2011 12:00
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Pjong 19.03.2011 17:21
Hi,
ich mal wieder

Hier die File:
Combofix Logfile:
Code:
ComboFix 11-03-18.05 - ME 19.03.2011  17:11:32.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.953.636 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\ME\Desktop\Scan\ComboFix.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\ME\Anwendungsdaten\inst.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-02-19 bis 2011-03-19  ))))))))))))))))))))))))))))))
.
.
2011-03-19 16:00 . 2011-03-19 16:00        --------        d-----w-        c:\programme\CCleaner
2011-03-17 22:35 . 2011-03-17 22:35        --------        d-----w-        C:\_OTL
2011-03-15 09:44 . 2011-03-15 09:44        --------        d-----w-        c:\dokumente und einstellungen\ME\Anwendungsdaten\Malwarebytes
2011-03-15 09:41 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-15 09:41 . 2011-03-15 09:41        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-03-15 09:41 . 2011-03-15 09:44        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2011-03-15 09:41 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-03-08 21:52 . 2011-03-08 21:52        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Avira
2011-03-08 21:50 . 2011-03-08 21:50        --------        d-sh--w-        c:\dokumente und einstellungen\LocalService\IETldCache
2011-03-08 21:49 . 2011-03-08 21:49        --------        d-----r-        c:\dokumente und einstellungen\LocalService\Favoriten
2011-03-01 20:49 . 2011-03-01 20:49        --------        d-----w-        c:\dokumente und einstellungen\ME\Anwendungsdaten\Avira
2011-03-01 20:43 . 2011-03-17 19:43        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-03-01 20:43 . 2011-03-01 20:43        --------        d-----w-        c:\programme\Avira
2011-03-01 20:43 . 2011-03-01 20:43        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2011-03-01 20:43 . 2011-01-10 13:23        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-03-01 20:43 . 2010-06-17 13:27        45416        ----a-w-        c:\windows\system32\drivers\avgntdd.sys
2011-03-01 20:43 . 2010-06-17 13:27        22360        ----a-w-        c:\windows\system32\drivers\avgntmgr.sys
2011-02-28 20:57 . 2011-02-28 20:57        68976        ----a-w-        c:\windows\system32\drivers\GRD.sys
2011-02-28 20:47 . 2011-02-28 20:47        51400        ----a-w-        c:\windows\system32\drivers\GDTdiIcpt.sys
2011-02-28 20:47 . 2011-02-28 20:47        29640        ----a-w-        c:\windows\system32\drivers\GDNdisIc.sys
2011-02-28 20:47 . 2011-02-28 20:47        62024        ----a-w-        c:\windows\system32\drivers\MiniIcpt.sys
2011-02-28 20:47 . 2011-02-28 20:47        33480        ----a-w-        c:\windows\system32\drivers\GDBehave.sys
2011-02-28 20:46 . 2011-03-01 20:37        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\G DATA
2011-02-28 20:46 . 2011-03-01 20:23        --------        d-----w-        c:\programme\Gemeinsame Dateien\G Data
2011-02-28 20:46 . 2011-03-01 20:23        --------        d-----w-        c:\programme\G Data
2011-02-28 20:44 . 2011-02-28 20:44        --------        d-----w-        c:\dokumente und einstellungen\ME\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
2011-02-27 22:56 . 2011-02-27 22:56        --------        d-sh--w-        c:\windows\system32\config\systemprofile\IETldCache
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 23:16 . 2011-02-09 23:16        29184        ----a-r-        c:\dokumente und einstellungen\ME\Anwendungsdaten\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"AlcoholAutomount"="c:\programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\programme\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"'Ashampoo AntiSpyWare 2 Guard'"="c:\programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2009-07-15 2376536]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\ME\Startmen\Programme\Autostart\
FRITZ!DSL Protect.lnk - c:\programme\FRITZ!DSL\FwebProt.exe [2010-6-7 917504]
FRITZ!DSL Startcenter.lnk - c:\programme\FRITZ!DSL\StCenter.exe [2010-6-7 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40        155648        ----a-w-        c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Programme\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.05.2010 22:24 691696]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [12.06.2010 23:04 749912]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [01.03.2011 21:43 135336]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [30.05.2010 21:23 108032]
S0 02615;02615;c:\windows\system32\drivers\02615.SYS --> c:\windows\system32\drivers\02615.SYS [?]
S1 4c416;4c416;\??\c:\windows\system32\drivers\4c416.SYS --> c:\windows\system32\drivers\4c416.SYS [?]
S2 afe17;afe17;\??\c:\windows\system32\drivers\afe17.SYS --> c:\windows\system32\drivers\afe17.SYS [?]
S3 d99A;d99A;\??\c:\windows\system32\d99A.sys --> c:\windows\system32\d99A.sys [?]
S3 DarkSpy;DarkSpy;\??\c:\windows\system32\DarkSpyKernel.sys --> c:\windows\system32\DarkSpyKernel.sys [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mchInjDrv
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-19 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2008\OneClickStarter.exe [2010-09-07 17:47]
.
2011-03-19 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\programme\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\programme\FRITZ!DSL\sarah.dll
FF - ProfilePath - c:\dokumente und einstellungen\ME\Anwendungsdaten\Mozilla\Firefox\Profiles\ldnv2msn.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Gutscheinsammler.de: alarm@gutscheinsammler.de - %profile%\extensions\alarm@gutscheinsammler.de
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-19 17:13
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(772)
c:\programme\FRITZ!DSL\sarah.dll
c:\programme\FRITZ!DSL\block.dll
c:\programme\FRITZ!DSL\avmcsock.dll
c:\programme\FRITZ!DSL\avmufc.dll
.
Zeit der Fertigstellung: 2011-03-19  17:14:39
ComboFix-quarantined-files.txt  2011-03-19 16:14
.
Vor Suchlauf: 5.917.106.176 Bytes frei
Nach Suchlauf: 5.875.068.928 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 860AF893F9CFE157A2E51A12347C2AA5
--- --- ---
VG

cosinus 19.03.2011 20:47
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Pjong 19.03.2011 23:29
Hi,

bitte:

2011/03/19 23:26:42.0140 3332 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/19 23:26:43.0562 3332 ================================================================================
2011/03/19 23:26:43.0562 3332 SystemInfo:
2011/03/19 23:26:43.0562 3332
2011/03/19 23:26:43.0562 3332 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/19 23:26:43.0562 3332 Product type: Workstation
2011/03/19 23:26:43.0562 3332 ComputerName: DAMPFMASCHINE
2011/03/19 23:26:43.0562 3332 UserName: ME
2011/03/19 23:26:43.0562 3332 Windows directory: C:\WINDOWS
2011/03/19 23:26:43.0562 3332 System windows directory: C:\WINDOWS
2011/03/19 23:26:43.0562 3332 Processor architecture: Intel x86
2011/03/19 23:26:43.0562 3332 Number of processors: 1
2011/03/19 23:26:43.0562 3332 Page size: 0x1000
2011/03/19 23:26:43.0562 3332 Boot type: Normal boot
2011/03/19 23:26:43.0562 3332 ================================================================================
2011/03/19 23:26:44.0390 3332 Initialize success
2011/03/19 23:26:48.0328 3292 ================================================================================
2011/03/19 23:26:48.0328 3292 Scan started
2011/03/19 23:26:48.0328 3292 Mode: Manual;
2011/03/19 23:26:48.0328 3292 ================================================================================
2011/03/19 23:26:48.0875 3292 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/19 23:26:48.0906 3292 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/19 23:26:49.0000 3292 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/19 23:26:49.0062 3292 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/19 23:26:49.0312 3292 AR5416 (41074707ba49d02e240c7b960217aabe) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/03/19 23:26:49.0421 3292 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/19 23:26:49.0468 3292 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
2011/03/19 23:26:49.0515 3292 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/19 23:26:49.0578 3292 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/19 23:26:49.0703 3292 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/03/19 23:26:49.0734 3292 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/03/19 23:26:49.0796 3292 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/03/19 23:26:49.0875 3292 b57w2k (559ddda2c88459478056174247706deb) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/03/19 23:26:49.0906 3292 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/19 23:26:50.0046 3292 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/19 23:26:50.0078 3292 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/19 23:26:50.0125 3292 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/19 23:26:50.0187 3292 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/19 23:26:50.0250 3292 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/19 23:26:50.0281 3292 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/19 23:26:50.0406 3292 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/19 23:26:50.0468 3292 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/19 23:26:50.0562 3292 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/19 23:26:50.0609 3292 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/19 23:26:50.0671 3292 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/19 23:26:50.0734 3292 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/19 23:26:50.0781 3292 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/19 23:26:50.0843 3292 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/19 23:26:50.0921 3292 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/19 23:26:50.0968 3292 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/19 23:26:51.0015 3292 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/19 23:26:51.0046 3292 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/19 23:26:51.0078 3292 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/19 23:26:51.0125 3292 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/19 23:26:51.0156 3292 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/19 23:26:51.0187 3292 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/19 23:26:51.0265 3292 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/19 23:26:51.0312 3292 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/19 23:26:51.0515 3292 ialm (b2768350bb50469aeb1afe694372b613) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/03/19 23:26:51.0718 3292 iaStor (80c633722da72e97f3f5b3b11325696d) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/03/19 23:26:51.0750 3292 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/19 23:26:51.0937 3292 IntcAzAudAddService (74b482f8b2a9ebe8473381a7a58f801d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/03/19 23:26:52.0046 3292 IntcHdmiAddService (331244286fa249f2456e6d78fda4a93e) C:\WINDOWS\system32\drivers\IntcHdmi.sys
2011/03/19 23:26:52.0109 3292 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/19 23:26:52.0156 3292 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/19 23:26:52.0203 3292 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/19 23:26:52.0250 3292 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/19 23:26:52.0281 3292 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/19 23:26:52.0312 3292 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/19 23:26:52.0359 3292 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/19 23:26:52.0390 3292 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/19 23:26:52.0437 3292 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/19 23:26:52.0484 3292 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/19 23:26:52.0531 3292 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/19 23:26:52.0609 3292 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/19 23:26:52.0671 3292 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/19 23:26:52.0703 3292 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/19 23:26:52.0765 3292 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/19 23:26:52.0812 3292 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/19 23:26:52.0859 3292 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/19 23:26:52.0921 3292 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/19 23:26:52.0968 3292 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/19 23:26:53.0015 3292 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/19 23:26:53.0046 3292 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/19 23:26:53.0078 3292 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/19 23:26:53.0125 3292 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/19 23:26:53.0171 3292 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/19 23:26:53.0250 3292 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/19 23:26:53.0296 3292 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/19 23:26:53.0328 3292 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/19 23:26:53.0359 3292 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/19 23:26:53.0375 3292 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/19 23:26:53.0421 3292 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/19 23:26:53.0453 3292 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/19 23:26:53.0515 3292 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/19 23:26:53.0562 3292 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/19 23:26:53.0640 3292 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/19 23:26:53.0687 3292 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/19 23:26:53.0703 3292 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/19 23:26:53.0765 3292 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/19 23:26:53.0796 3292 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/19 23:26:53.0828 3292 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/19 23:26:53.0843 3292 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/19 23:26:53.0906 3292 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/03/19 23:26:53.0937 3292 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/03/19 23:26:54.0078 3292 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/19 23:26:54.0109 3292 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/19 23:26:54.0140 3292 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/19 23:26:54.0234 3292 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/19 23:26:54.0265 3292 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/19 23:26:54.0281 3292 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/19 23:26:54.0312 3292 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/19 23:26:54.0343 3292 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/19 23:26:54.0390 3292 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/19 23:26:54.0437 3292 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/19 23:26:54.0500 3292 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/19 23:26:54.0562 3292 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/19 23:26:54.0609 3292 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/19 23:26:54.0656 3292 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/19 23:26:54.0734 3292 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/19 23:26:54.0796 3292 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/03/19 23:26:54.0796 3292 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/03/19 23:26:54.0796 3292 sptd - detected Locked file (1)
2011/03/19 23:26:54.0812 3292 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/19 23:26:54.0859 3292 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/19 23:26:54.0937 3292 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/03/19 23:26:54.0984 3292 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/19 23:26:55.0031 3292 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/19 23:26:55.0156 3292 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/19 23:26:55.0203 3292 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/19 23:26:55.0250 3292 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/19 23:26:55.0281 3292 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/19 23:26:55.0328 3292 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/19 23:26:55.0406 3292 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/19 23:26:55.0453 3292 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/19 23:26:55.0531 3292 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/19 23:26:55.0578 3292 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/19 23:26:55.0609 3292 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/19 23:26:55.0640 3292 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/19 23:26:55.0703 3292 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/19 23:26:55.0750 3292 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/19 23:26:55.0781 3292 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/19 23:26:55.0812 3292 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/19 23:26:55.0843 3292 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/19 23:26:55.0890 3292 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/19 23:26:55.0968 3292 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/19 23:26:56.0015 3292 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/03/19 23:26:56.0078 3292 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/03/19 23:26:56.0140 3292 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/19 23:26:56.0187 3292 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/19 23:26:56.0218 3292 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/19 23:26:56.0453 3292 ================================================================================
2011/03/19 23:26:56.0453 3292 Scan finished
2011/03/19 23:26:56.0453 3292 ================================================================================
2011/03/19 23:26:56.0453 3852 Detected object count: 1
2011/03/19 23:27:13.0156 3852 Locked file(sptd) - User select action: Skip

cosinus 20.03.2011 12:42
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Pjong 21.03.2011 19:18
Hi,

hier GMER:
GMER Logfile:
Code:
GMER 1.0.15.15565 - hxxp://www.gmer.net
Rootkit scan 2011-03-21 19:14:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.11.0
Running: heeelikb.exe; Driver: C:\DOKUME~1\ME\LOKALE~1\Temp\pgryrkob.sys


---- System - GMER 1.0.15 ----

SSDT      A29F0286                                                                                                              ZwCreateKey
SSDT      A29F027C                                                                                                              ZwCreateThread
SSDT      A29F028B                                                                                                              ZwDeleteKey
SSDT      A29F0295                                                                                                              ZwDeleteValueKey
SSDT      spnm.sys                                                                                                              ZwEnumerateKey [0xF72CBDA4]
SSDT      spnm.sys                                                                                                              ZwEnumerateValueKey [0xF72CC132]
SSDT      A29F029A                                                                                                              ZwLoadKey
SSDT      spnm.sys                                                                                                              ZwOpenKey [0xF72B30C0]
SSDT      A29F0268                                                                                                              ZwOpenProcess
SSDT      A29F026D                                                                                                              ZwOpenThread
SSDT      spnm.sys                                                                                                              ZwQueryKey [0xF72CC20A]
SSDT      spnm.sys                                                                                                              ZwQueryValueKey [0xF72CC08A]
SSDT      A29F02A4                                                                                                              ZwReplaceKey
SSDT      A29F029F                                                                                                              ZwRestoreKey
SSDT      A29F0290                                                                                                              ZwSetValueKey

INT 0x73  ?                                                                                                                    84C46BF8
INT 0x84  ?                                                                                                                    84C46BF8
INT 0x94  ?                                                                                                                    84C46BF8
INT 0xA4  ?                                                                                                                    84C46BF8
INT 0xA4  ?                                                                                                                    84C46BF8
INT 0xA4  ?                                                                                                                    84C46BF8
INT 0xA4  ?                                                                                                                    84C46BF8
INT 0xA4  ?                                                                                                                    84C46BF8
INT 0xB4  ?                                                                                                                    8576DBF8

---- Kernel code sections - GMER 1.0.15 ----

?        spnm.sys                                                                                                              Das System kann die angegebene Datei nicht finden. !
.text    USBPORT.SYS!DllUnload                                                                                                F55818AC 5 Bytes  JMP 84C461D8
.text    amuifdna.SYS                                                                                                          F40F2386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text    amuifdna.SYS                                                                                                          F40F23AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text    amuifdna.SYS                                                                                                          F40F23C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}
.text    amuifdna.SYS                                                                                                          F40F23C9 1 Byte  [2E]
.text    amuifdna.SYS                                                                                                          F40F23C9 11 Bytes  [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text    ...                                                                                                                 
?        C:\WINDOWS\system32\Drivers\mchInjDrv.sys                                                                            Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text    C:\WINDOWS\system32\svchost.exe[164] kernel32.dll!LoadLibraryExW + C4                                                7C801BB9 4 Bytes  CALL 00F30001
.text    C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[192] kernel32.dll!LoadLibraryExW + C4                                7C801BB9 4 Bytes  CALL 01130001
.text    C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] kernel32.dll!LoadLibraryExW + C4                                7C801BB9 4 Bytes  CALL 00F70001
.text    C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] kernel32.dll!CreateProcessW                                      7C802336 6 Bytes  JMP 5F0A0F5A
.text    C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] kernel32.dll!CreateProcessA                                      7C80236B 6 Bytes  JMP 5F040F5A
.text    C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] kernel32.dll!WinExec                                            7C86250D 6 Bytes  JMP 5F0D0F5A
.text    C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegOpenKeyExW                                      77DA6AAF 6 Bytes  JMP 5F1F0F5A
.text    C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegCloseKey                                        77DA6C27 6 Bytes  JMP 5F2E0F5A
.text    C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegCreateKeyExW                                    77DA776C 6 Bytes  JMP 5F2B0F5A
.text    C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegOpenKeyExA                                      77DA7852 6 Bytes  JMP 5F190F5A
.text    C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegOpenKeyW                                        77DA7946 6 Bytes  JMP 5F1C0F5A
.text    C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegSetValueExW                                      77DAD767 6 Bytes  JMP 5F130F5A
.text    C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegCreateKeyExA                                    77DAE9F4 6 Bytes  JMP 5F250F5A
.text    C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegSetValueExA                                      77DAEAE7 6 Bytes  JMP 5F100F5A
.text    C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegOpenKeyA                                        77DAEFC8 6 Bytes  JMP 5F160F5A
.text    C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegCreateKeyW                                      77DCBA55 6 Bytes  JMP 5F280F5A
.text    C:\Programme\Avira\AntiVir Desktop\avshadow.exe[300] ADVAPI32.dll!RegCreateKeyA                                      77DCBCF3 6 Bytes  JMP 5F220F5A
.text    C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe[380] kernel32.dll!LoadLibraryExW + C4                      7C801BB9 4 Bytes  CALL 01280001
.text    C:\WINDOWS\system32\csrss.exe[520] KERNEL32.dll!LoadLibraryExW + C4                                                  7C801BB9 4 Bytes  CALL 01710001
.text    C:\WINDOWS\system32\winlogon.exe[544] kernel32.dll!LoadLibraryExW + C4                                                7C801BB9 4 Bytes  CALL 01330001
.text    C:\WINDOWS\system32\igfxsrvc.exe[572] kernel32.dll!LoadLibraryExW + C4                                                7C801BB9 4 Bytes  CALL 01470001
.text    C:\Programme\FRITZ!DSL\FwebProt.exe[608] kernel32.dll!LoadLibraryExW + C4                                            7C801BB9 4 Bytes  CALL 01250001
.text    ...                                                                                                                 
.text    C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] kernel32.dll!CreateProcessW                                      7C802336 6 Bytes  JMP 5F0A0F5A
.text    C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] kernel32.dll!CreateProcessA                                      7C80236B 6 Bytes  JMP 5F040F5A
.text    C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] kernel32.dll!WinExec                                            7C86250D 6 Bytes  JMP 5F0D0F5A
.text    C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegOpenKeyExW                                      77DA6AAF 6 Bytes  JMP 5F220F5A
.text    C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegCloseKey                                        77DA6C27 6 Bytes  JMP 5F310F5A
.text    C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegCreateKeyExW                                    77DA776C 6 Bytes  JMP 5F2E0F5A
.text    C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegOpenKeyExA                                      77DA7852 6 Bytes  JMP 5F1C0F5A
.text    C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegOpenKeyW                                        77DA7946 6 Bytes  JMP 5F1F0F5A
.text    C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegSetValueExW                                      77DAD767 6 Bytes  JMP 5F160F5A
.text    C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegCreateKeyExA                                    77DAE9F4 6 Bytes  JMP 5F280F5A
.text    C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegSetValueExA                                      77DAEAE7 6 Bytes  JMP 5F130F5A
.text    C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegOpenKeyA                                        77DAEFC8 6 Bytes  JMP 5F190F5A
.text    C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegCreateKeyW                                      77DCBA55 6 Bytes  JMP 5F2B0F5A
.text    C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] ADVAPI32.dll!RegCreateKeyA                                      77DCBCF3 6 Bytes  JMP 5F250F5A
.text    C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] WS2_32.dll!WSCInstallProvider                                    71A21665 3 Bytes  [FF, 25, 1E]
.text    C:\Programme\Avira\AntiVir Desktop\avguard.exe[1716] WS2_32.dll!WSCInstallProvider + 4                                71A21669 2 Bytes  [11, 5F]
.text    C:\Programme\FRITZ!DSL\IGDCTRL.EXE[1744] kernel32.dll!LoadLibraryExW + C4                                            7C801BB9 4 Bytes  CALL 026D0001
.text    C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1796] kernel32.dll!LoadLibraryExW + C4                  7C801BB9 4 Bytes  CALL 01300001
.text    C:\Programme\Java\jre6\bin\jqs.exe[1812] kernel32.dll!LoadLibraryExW + C4                                            7C801BB9 4 Bytes  CALL 01090001
.text    C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe[1876] kernel32.dll!LoadLibraryExW + C4                  7C801BB9 4 Bytes  CALL 00EE0001
.text    C:\WINDOWS\RTHDCPL.EXE[1936] kernel32.dll!LoadLibraryExW + C4                                                        7C801BB9 4 Bytes  CALL 021B0001
.text    ...                                                                                                                 
.text    C:\WINDOWS\System32\svchost.exe[2400] kernel32.dll!FreeLibrary + 15                                                  7C80AC93 4 Bytes  CALL 7170003D
.text    C:\DOKUME~1\ME\LOKALE~1\Temp\RtkBtMnt.exe[2480] kernel32.dll!LoadLibraryExW + C4                                  7C801BB9 4 Bytes  CALL 00C40001
.text    C:\DOKUME~1\ME\LOKALE~1\Temp\RtkBtMnt.exe[2480] kernel32.dll!FreeLibrary + 15                                      7C80AC93 4 Bytes  CALL 7170003D
.text    C:\WINDOWS\System32\alg.exe[2916] kernel32.dll!LoadLibraryExW + C4                                                    7C801BB9 4 Bytes  CALL 00920001
.text    C:\WINDOWS\System32\alg.exe[2916] kernel32.dll!FreeLibrary + 15                                                      7C80AC93 4 Bytes  CALL 7170003D
.text    C:\WINDOWS\system32\wscntfy.exe[2924] kernel32.dll!FreeLibrary + 15                                                  7C80AC93 4 Bytes  CALL 7170003D
.text    C:\WINDOWS\system32\wbem\wmiapsrv.exe[3096] kernel32.dll!LoadLibraryExW + C4                                          7C801BB9 4 Bytes  CALL 00A20001
.text    C:\WINDOWS\system32\wbem\wmiapsrv.exe[3096] kernel32.dll!FreeLibrary + 15                                            7C80AC93 4 Bytes  CALL 7170003D
.text    C:\Dokumente und Einstellungen\ME\Desktop\Scan\GMER\heeelikb.exe[3828] kernel32.dll!FreeLibrary + 15              7C80AC93 4 Bytes  CALL 7170003D

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT      \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                    [F72C3B90] spnm.sys
IAT      \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!KfAcquireSpinLock]                                                  CCCCCCC3
IAT      \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!READ_PORT_UCHAR]                                                    CCCCCCCC
IAT      \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!KeGetCurrentIrql]                                                  CCCCCCCC
IAT      \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!KfRaiseIrql]                                                        CCCCCCCC
IAT      \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!KfLowerIrql]                                                        8BEC8B55
IAT      \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!HalGetInterruptVector]                                              00C73445
IAT      \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!HalTranslateBusAddress]                                            00000000
IAT      \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!KeStallExecutionProcessor]                                          830C458B
IAT      \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!KfReleaseSpinLock]                                                  C0840CEC
IAT      \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                            053C0D74
IAT      \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!READ_PORT_USHORT]                                                  57B80974
IAT      \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                          8B000000
IAT      \SystemRoot\System32\Drivers\amuifdna.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                  56C35DE5
IAT      \SystemRoot\System32\Drivers\amuifdna.SYS[WMILIB.SYS!WmiSystemControl]                                                8D51FC4D
IAT      \SystemRoot\System32\Drivers\amuifdna.SYS[WMILIB.SYS!WmiCompleteRequest]                                              8D52FD55

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                                8576C1F8
Device    \Driver\usbuhci \Device\USBPDO-0                                                                                      84B451F8
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                      84B451F8
Device    \Driver\usbehci \Device\USBPDO-2                                                                                      84C371F8
Device    \Driver\usbuhci \Device\USBPDO-3                                                                                      84B451F8
Device    \Driver\PCI_PNP8692 \Device\00000047                                                                                  spnm.sys
Device    \Driver\usbuhci \Device\USBPDO-4                                                                                      84B451F8
Device    \Driver\usbehci \Device\USBPDO-5                                                                                      84C371F8
Device    \Driver\usbuhci \Device\USBPDO-6                                                                                      84B451F8
Device    \Driver\sptd \Device\1610794942                                                                                      spnm.sys
Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                                857DA1F8
Device    \Driver\usbuhci \Device\USBPDO-7                                                                                      84B451F8
Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                                857DA1F8
Device    \Driver\Cdrom \Device\CdRom0                                                                                          84A483F8
Device    \Driver\iaStor \Device\Ide\iaStor0                                                                                    [F71945A0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                        [F71945A0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                        [F71945A0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\Cdrom \Device\CdRom1                                                                                          84A483F8
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                              84AAD2C8
Device    \Driver\NetBT \Device\NetbiosSmb                                                                                      84AAD2C8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{2CD74D68-50CC-4322-B7A0-6E732CB5032C}                                              84AAD2C8
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                      84B451F8
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                      84B451F8
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    84BB61F8
Device    \Driver\usbuhci \Device\USBFDO-2                                                                                      84B451F8
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          84BB61F8
Device    \Driver\usbehci \Device\USBFDO-3                                                                                      84C371F8
Device    \Driver\usbuhci \Device\USBFDO-4                                                                                      84B451F8
Device    \Driver\Ftdisk \Device\FtControl                                                                                      857DA1F8
Device    \Driver\usbuhci \Device\USBFDO-5                                                                                      84B451F8
Device    \Driver\usbuhci \Device\USBFDO-6                                                                                      84B451F8
Device    \Driver\usbehci \Device\USBFDO-7                                                                                      84C371F8
Device    \Driver\amuifdna \Device\Scsi\amuifdna1                                                                              84A431F8
Device    \Driver\amuifdna \Device\Scsi\amuifdna1Port1Path0Target0Lun0                                                          84A431F8
Device    \FileSystem\Cdfs \Cdfs                                                                                                84A09500

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                    771343423
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                    285507792
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                    1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                  C:\Programme\Alcohol Soft\Alcohol 120\
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                  0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0xC2 0xAA 0xFE 0x7A ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                           
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                      0xA6 0xD4 0x75 0x15 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0x69 0x57 0x15 0x7D ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                 
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                      C:\Programme\Alcohol Soft\Alcohol 120\
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                      0
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xC2 0xAA 0xFE 0x7A ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)       
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                          0xA6 0xD4 0x75 0x15 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x69 0x57 0x15 0x7D ...
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout                                    15
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota                                      10000
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler                                                    yes
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk                                                   
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout                                    90
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota                                      10000
Reg      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs                                  1

---- EOF - GMER 1.0.15 ----
--- --- ---
VG

Pjong 21.03.2011 19:28
OSAM:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:26:35 on 21.03.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.15

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Epson Printer Software Downloader.job" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPAPDL\E_SAPDL2.EXE
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"AxSWindC.cpl" - "Alcohol Soft Development Team" - C:\WINDOWS\system32\AxSWindC.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"02615" (02615) - ? - C:\WINDOWS\System32\drivers\02615.SYS  (File not found)
"4c416" (4c416) - ? - C:\WINDOWS\system32\drivers\4c416.SYS  (File not found)
"afe17" (afe17) - ? - C:\WINDOWS\system32\drivers\afe17.SYS  (File not found)
"amuifdna" (amuifdna) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\amuifdna.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\ME
\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"d99A" (d99A) - ? - C:\WINDOWS\system32\d99A.sys  (File not found)
"DarkSpy" (DarkSpy) - ? - C:\WINDOWS\system32\DarkSpyKernel.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pgryrkob" (pgryrkob) - ? - C:\DOKUME~1\ME\LOKALE~1\Temp\pgryrkob.sys  (Hidden registry entry, rootkit activity | File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\pcouffin.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{86B567D0-313C-11D2-8985-0080ADA96E9B} "G Data Shredder" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\ME\Startmenü\Programme\Autostart\desktop.ini
"FRITZ!DSL Protect.lnk" - "AVM Berlin" - C:\Programme\FRITZ!DSL\FwebProt.exe  (Shortcut exists | File exists)
"FRITZ!DSL Startcenter.lnk" - "AVM Berlin" - C:\Programme\FRITZ!DSL\StCenter.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AlcoholAutomount" - "Alcohol Soft Development Team" - "C:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"'Ashampoo AntiSpyWare 2 Guard'" - "Ashampoo GmbH & Co. KG" - C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"EEventManager" - "SEIKO EPSON CORPORATION" - C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
"IAAnotif" - "Intel Corporation" - C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\WINDOWS\system32\avmprmon.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Ashampoo AntiSpyWare 2 Service" (AASW2_Service) - ? - C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe  (File found, but it contains no detailed information)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
"AVM IGD CTRL Service" (AVM IGD CTRL Service) - "AVM Berlin" - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"NBService" (NBService) - "Nero AG" - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\WINDOWS\System32\TuneUpDefragService.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"Sarah NSP" - "AVM Berlin" - C:\Programme\FRITZ!DSL\sarah.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"SARAH LSP" - "AVM Berlin" - C:\Programme\FRITZ!DSL\sarah.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Pjong 21.03.2011 19:31
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 121):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF79A6000 \WINDOWS\system32\KDCOM.DLL
0xF78B6000 \WINDOWS\system32\BOOTVID.dll
0xF72B2000 spnm.sys
0xF79A8000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF729A000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF726B000 ACPI.sys
0xF725A000 pci.sys
0xF74A6000 isapnp.sys
0xF78BA000 compbatt.sys
0xF78BE000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF723C000 pcmcia.sys
0xF74B6000 MountMgr.sys
0xF721D000 ftdisk.sys
0xF7726000 PartMgr.sys
0xF78C2000 ACPIEC.sys
0xF7A6E000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF74C6000 VolSnap.sys
0xF714D000 iaStor.sys
0xF74D6000 disk.sys
0xF74E6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF712D000 fltmgr.sys
0xF711B000 sr.sys
0xF7104000 KSecDD.sys
0xF70F1000 WudfPf.sys
0xF7064000 Ntfs.sys
0xF7037000 NDIS.sys
0xF701D000 Mup.sys
0xF55A1000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF558D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF78AE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5569000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF772E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF5541000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF414C000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF6F9C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF5BA0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF777E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7786000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF5B90000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF5B80000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF5B70000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF4129000 \SystemRoot\system32\DRIVERS\ks.sys
0xF40F2000 \SystemRoot\System32\Drivers\amuifdna.SYS
0xF685A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF5B60000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7A86000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7516000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF6856000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF40DB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7526000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7536000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7806000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF40CA000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7546000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xEF332000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xEDBB2000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6EEC000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF6EDC000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A3E000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB818D000 \SystemRoot\system32\DRIVERS\update.sys
0xF38C3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6E95000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF6E85000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A40000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA7259000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA7235000 \SystemRoot\system32\drivers\portcls.sys
0xF6E75000 \SystemRoot\system32\drivers\drmk.sys
0xA7215000 \SystemRoot\system32\drivers\IntcHdmi.sys
0xF7A36000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA2A89000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A38000 \SystemRoot\System32\Drivers\Beep.SYS
0xA2742000 \SystemRoot\System32\drivers\vga.sys
0xF7A3A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A3C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA273A000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA2732000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA2D1D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA19D2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA1979000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA1951000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA2D19000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA192F000 \SystemRoot\System32\drivers\afd.sys
0xA2E2C000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA272A000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xA1904000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA1894000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA2E1C000 \SystemRoot\System32\Drivers\Fips.SYS
0xA186E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA1848000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xA49BD000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xA2DEC000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA233B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA2DDC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA2199000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA2337000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA1778000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA209D000 \SystemRoot\System32\drivers\Dxapi.sys
0xA2191000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AFC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF25B000 \SystemRoot\System32\igxpdx32.DLL
0xF5BF0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA1763000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA2091000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA166E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA14F7000 \SystemRoot\system32\DRIVERS\srv.sys
0xA14E2000 \SystemRoot\system32\drivers\wdmaud.sys
0xF39DD000 \SystemRoot\system32\drivers\sysaudio.sys
0xA28A4000 \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys
0xA0D49000 \SystemRoot\System32\Drivers\HTTP.sys
0xA08FC000 \??\C:\DOKUME~1\ME\LOKALE~1\Temp\pgryrkob.sys
0xA08D1000 \SystemRoot\system32\drivers\kmixer.sys
0xA0750000 \SystemRoot\system32\DRIVERS\athw.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
0x10000000 \Programme\Alcohol Soft\Alcohol 120\Alcoholx.dll

Processes (total 46):
0 System Idle Process
4 System
464 C:\WINDOWS\system32\smss.exe
520 C:\WINDOWS\system32\csrss.exe
544 C:\WINDOWS\system32\winlogon.exe
756 C:\WINDOWS\system32\services.exe
768 C:\WINDOWS\system32\lsass.exe
924 C:\WINDOWS\system32\svchost.exe
1004 C:\WINDOWS\system32\svchost.exe
1044 C:\WINDOWS\system32\svchost.exe
1092 C:\WINDOWS\system32\svchost.exe
1296 C:\WINDOWS\system32\svchost.exe
1336 C:\WINDOWS\system32\svchost.exe
1408 C:\WINDOWS\explorer.exe
1480 C:\WINDOWS\system32\spoolsv.exe
1560 C:\Programme\Avira\AntiVir Desktop\sched.exe
1600 C:\WINDOWS\system32\svchost.exe
1664 C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
1716 C:\Programme\Avira\AntiVir Desktop\avguard.exe
1744 C:\Programme\FRITZ!DSL\IGDCTRL.EXE
1796 C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1812 C:\Programme\Java\jre6\bin\jqs.exe
1876 C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1936 C:\WINDOWS\RTHDCPL.EXE
1988 C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
1996 C:\WINDOWS\system32\igfxtray.exe
2004 C:\WINDOWS\system32\hkcmd.exe
2012 C:\WINDOWS\system32\igfxpers.exe
164 C:\WINDOWS\system32\svchost.exe
192 C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
272 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
300 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
380 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
572 C:\WINDOWS\system32\igfxsrvc.exe
608 C:\Programme\FRITZ!DSL\FwebProt.exe
672 C:\Programme\FRITZ!DSL\StCenter.exe
944 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
2480 C:\Dokumente und Einstellungen\ME\Lokale Einstellungen\temp\RtkBtMnt.exe
2916 C:\WINDOWS\system32\alg.exe
2924 C:\WINDOWS\system32\wscntfy.exe
3096 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2400 C:\WINDOWS\system32\svchost.exe
3776 C:\WINDOWS\system32\ctfmon.exe
3968 C:\Programme\Mozilla Firefox\firefox.exe
2108 C:\WINDOWS\system32\notepad.exe
3204 C:\Dokumente und Einstellungen\ME\Desktop\Scan\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`c3dcd400 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

cosinus 21.03.2011 19:37
Zitat:
"02615" (02615) - ? - C:\WINDOWS\System32\drivers\02615.SYS (File not found)
"4c416" (4c416) - ? - C:\WINDOWS\system32\drivers\4c416.SYS (File not found)
"afe17" (afe17) - ? - C:\WINDOWS\system32\drivers\afe17.SYS (File not found)
"d99A" (d99A) - ? - C:\WINDOWS\system32\d99A.sys (File not found)
Bitte mit OSAM deaktivieren und löschen (delete from storage)

Pjong 22.03.2011 19:57
Hi,

Bericht zur Löschung habe ich Ochse net gesaved :( . Habe die Einträge aber ne zweites Mal gelöscht. Danach auch gescant. Hier der Bericht:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 19:52:18 on 22.03.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.15

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Epson Printer Software Downloader.job" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPAPDL\E_SAPDL2.EXE
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"AxSWindC.cpl" - "Alcohol Soft Development Team" - C:\WINDOWS\system32\AxSWindC.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"at7b24t6" (at7b24t6) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\at7b24t6.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\ME\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DarkSpy" (DarkSpy) - ? - C:\WINDOWS\system32\DarkSpyKernel.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\pcouffin.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{86B567D0-313C-11D2-8985-0080ADA96E9B} "G Data Shredder" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\ME\Startmenü\Programme\Autostart\desktop.ini
"FRITZ!DSL Protect.lnk" - "AVM Berlin" - C:\Programme\FRITZ!DSL\FwebProt.exe  (Shortcut exists | File exists)
"FRITZ!DSL Startcenter.lnk" - "AVM Berlin" - C:\Programme\FRITZ!DSL\StCenter.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AlcoholAutomount" - "Alcohol Soft Development Team" - "C:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"'Ashampoo AntiSpyWare 2 Guard'" - "Ashampoo GmbH & Co. KG" - C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"EEventManager" - "SEIKO EPSON CORPORATION" - C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
"IAAnotif" - "Intel Corporation" - C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\WINDOWS\system32\avmprmon.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Ashampoo AntiSpyWare 2 Service" (AASW2_Service) - ? - C:\Programme\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe  (File found, but it contains no detailed information)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
"AVM IGD CTRL Service" (AVM IGD CTRL Service) - "AVM Berlin" - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"NBService" (NBService) - "Nero AG" - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\WINDOWS\System32\TuneUpDefragService.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"Sarah NSP" - "AVM Berlin" - C:\Programme\FRITZ!DSL\sarah.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"SARAH LSP" - "AVM Berlin" - C:\Programme\FRITZ!DSL\sarah.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

cosinus 22.03.2011 20:21
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Pjong 24.03.2011 19:57
Servus,

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6158

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24.03.2011 19:44:08
mbam-log-2011-03-24 (19-44-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Durchsuchte Objekte: 172764
Laufzeit: 21 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Pjong 24.03.2011 20:48
Hier der SuperAntiScan:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/24/2011 at 08:40 PM

Application Version : 4.50.1002

Core Rules Database Version : 6669
Trace Rules Database Version: 4481

Scan type : Complete Scan
Total Scan Time : 00:24:47

Memory items scanned : 556
Memory threats detected : 0
Registry items scanned : 5975
Registry threats detected : 0
File items scanned : 37712
File threats detected : 1

Adware.Tracking Cookie
counter.cam-content.com [ C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\P8ZL6CH2 ]

cosinus 24.03.2011 20:57
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Pjong 27.03.2011 13:37
hi,

avira zeigt nix an. ansonsten auch alles i.O..

was genau war den jetzt alles aufm rechner?

vg

cosinus 27.03.2011 21:02
Einiges an Müll haben wir entfernt.

Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Pjong 30.03.2011 19:54
hi,

alles getan, jedoche bei adobe geblieben. habe noch zwei scans gemacht. poste die noch mal:

maleware:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6218

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30.03.2011 20:01:46
mbam-log-2011-03-30 (20-01-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Durchsuchte Objekte: 178601
Laufzeit: 17 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

und superanti :

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 03/30/2011 at 08:33 PM

Application Version : 4.50.1002

Core Rules Database Version : 6711
Trace Rules Database Version: 4523

Scan type : Complete Scan
Total Scan Time : 00:28:34

Memory items scanned : 508
Memory threats detected : 0
Registry items scanned : 5747
Registry threats detected : 0
File items scanned : 42932
File threats detected : 2

Adware.Tracking Cookie
counter.cam-content.com [ C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\P8ZL6CH2 ]
s0.2mdn.net [ C:\Dokumente und Einstellungen\ME\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\P8ZL6CH2 ]

wäre nett, wenn de nochmals checken könntest. danke !!!

cosinus 30.03.2011 20:06
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Zitat:
alles getan, jedoche bei adobe geblieben.
Kein Problem, nimm das was dir besser gefällt. Achte aber auf regelmäßige Updates vom AdobeReader und besser noch sowas wie JavaScript in den Einstellungen deaktivieren!

Pjong 31.03.2011 17:11
DANKE!

jetzt aber noch eins: was hatte ich auf dem rechner?

besten dank!

cosinus 31.03.2011 17:50
Einiges an Müll, u.a. wohl den ZBot. Sofern du damit was anfangen kannst :pfeiff:

Pjong 03.04.2011 13:08
hi,
das mit dem z dachte ich mir.
rest is dann auch egal.
danke dir für die hilfe!
hoffe nicht auf baldiges wiedersehen ;)
kann geschlossen werden!!!
THX!!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:26 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131