Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
System Check Malware entfernt, aber immer noch Probleme

System Check Malware entfernt, aber immer noch Probleme


Log-Analyse und Auswertung: System Check Malware entfernt, aber immer noch Probleme

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 2 von 3 1 2 3
Alt 09.02.2012, 20:04   #16
struppyx
 
System Check Malware entfernt, aber immer noch Probleme - Standard

System Check Malware entfernt, aber immer noch Probleme


Hallo Arne,

erst einmal vielen Dank für deine Bemühungen und das Bearbeiten der ganzen Logs. Ich finde es klasse, wir Ihr Euer Wissen und Eure Zeit für uns zur Verfügung stellt.

Hier nun das Log:

Code:
ATTFilter
ComboFix 12-02-08.01 - tmondelli 09.02.2012  19:29:55.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2039.1304 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\tmondelli.NB-001\Desktop\Tahoma.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\tmondelli.NB-001\Desktop\CFScript.txt
AV: G DATA AVK Client *Enabled/Outdated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-09 bis 2012-02-09  ))))))))))))))))))))))))))))))
.
.
2012-02-09 11:05 . 2012-01-05 19:19	6557240	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{8A2714AE-C847-4906-B4B7-A19421E474BA}\mpengine.dll
2012-02-07 15:48 . 2012-02-07 15:48	--------	d-----w-	c:\programme\ESET
2012-02-07 14:04 . 2012-02-07 14:04	--------	d-----w-	C:\ProcAlyzer Dumps
2012-02-06 12:55 . 2012-02-06 12:55	--------	d-----w-	c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Simply Super Software
2012-02-06 12:26 . 2012-02-06 12:26	--------	d-----w-	c:\programme\Gemeinsame Dateien\Java
2012-02-06 12:24 . 2012-02-06 12:21	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-02-06 10:49 . 2012-02-06 10:49	388096	----a-r-	c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-06 10:49 . 2012-02-06 10:49	--------	d-----w-	c:\programme\Trend Micro
2012-02-04 17:25 . 2012-02-04 17:25	--------	d-----w-	c:\programme\SmartTools
2012-02-03 13:41 . 2012-02-03 13:41	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-03 13:31 . 2012-01-05 19:19	6557240	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-03 13:14 . 2011-06-21 10:24	32768	----a-w-	c:\windows\system32\drivers\sp_rsdrv2.sys
2012-02-03 13:03 . 2012-02-03 15:14	--------	d-----w-	c:\programme\Spyware Terminator
2012-02-03 12:41 . 2012-02-03 12:41	--------	d-----w-	c:\windows\Logs
2012-02-03 12:37 . 2012-02-03 12:37	--------	d-----w-	c:\dokumente und einstellungen\tmondelli.NB-001\Lokale Einstellungen\Anwendungsdaten\PackageAware
2012-02-03 11:53 . 1998-06-23 23:00	407104	----a-w-	c:\windows\system32\MSHFLXGD.OCX
2012-02-03 11:19 . 2002-06-02 15:29	73216	----a-w-	c:\windows\system32\SYNSOACC.dll
2012-02-03 11:19 . 2002-02-13 12:23	598016	----a-w-	c:\windows\system32\SYNSOPOS.exe
2012-02-03 11:19 . 2001-04-09 19:03	17784	----a-w-	c:\windows\system32\drivers\NSynas32.sys
2012-02-03 11:05 . 2012-02-03 13:33	--------	d-----w-	C:\ArCon
2012-02-03 10:20 . 2012-02-03 10:20	--------	d-----w-	c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Malwarebytes
2012-02-03 10:19 . 2012-02-03 10:19	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-02-03 10:19 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-03 10:19 . 2012-02-03 10:19	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-02-03 07:09 . 2012-02-09 10:33	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2012-02-03 07:06 . 2009-01-25 12:14	15224	----a-w-	c:\windows\system32\sdnclean.exe
2012-02-03 07:06 . 2012-02-03 11:50	--------	d-----w-	c:\programme\Spybot - Search & Destroy 2
2012-02-03 05:30 . 2012-02-03 05:30	--------	d-----w-	c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\IObit
2012-02-03 05:30 . 2012-02-03 05:30	--------	d-----w-	c:\programme\IObit
2012-02-02 20:50 . 2012-02-02 20:50	8192	--sha-w-	c:\windows\o2cLicStore.bin
2012-02-02 20:49 . 2012-02-02 20:49	1115704	----a-w-	c:\windows\system32\O2CPlayer.OCX
2012-02-02 20:48 . 2012-02-02 20:48	--------	d-----w-	c:\programme\directx
2012-02-02 20:43 . 2012-02-02 20:43	--------	d-----w-	c:\windows\mbgruppe
2012-02-02 20:43 . 1995-09-24 11:02	243472	------w-	c:\windows\system32\vbar2232.dll
2012-02-02 20:43 . 1996-01-12 00:00	722192	------w-	c:\windows\system32\VB40032.DLL
2012-02-02 20:43 . 1995-09-20 16:16	23824	------w-	c:\windows\system32\msjter32.dll
2012-02-02 20:43 . 1995-09-20 16:13	977680	------w-	c:\windows\system32\msjt3032.dll
2012-02-02 20:43 . 1995-09-20 16:16	35088	------w-	c:\windows\system32\msjint32.dll
2012-02-02 20:43 . 1996-12-02 18:44	582144	------w-	c:\windows\system32\dao350.dll
2012-02-02 20:42 . 2012-02-03 12:33	--------	d-----w-	C:\3DBauGarten
2012-02-02 18:28 . 2012-02-02 18:28	--------	d-----w-	c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\InstallShield
2012-02-02 13:25 . 2012-02-02 13:25	--------	d-----w-	c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\ElevatedDiagnostics
2012-02-02 12:46 . 2012-01-26 23:21	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-02 12:43 . 2012-02-02 12:45	--------	d-----w-	c:\programme\Microsoft Security Client
2012-02-01 23:02 . 2012-02-01 23:02	--------	d--h--w-	c:\windows\msdownld.tmp
2012-02-01 22:57 . 2012-02-01 22:59	--------	dc-h--w-	c:\windows\ie8
2012-02-01 13:32 . 2012-02-01 13:32	97961	----a-w-	c:\windows\system32\drivers\klick.dat
2012-02-01 13:32 . 2012-02-01 13:32	115369	----a-w-	c:\windows\system32\drivers\klin.dat
2012-02-01 13:29 . 2012-02-09 18:45	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2012-02-01 13:29 . 2012-02-01 13:29	--------	d-----w-	c:\programme\Kaspersky Lab
2012-02-01 13:23 . 2012-02-01 13:24	--------	d-----w-	C:\kleaner.tmp
2012-02-01 09:31 . 2012-02-01 09:31	--------	d-----r-	c:\dokumente und einstellungen\NetworkService\Favoriten
2012-02-01 08:48 . 2012-02-01 08:48	--------	d-----w-	c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
2012-01-28 10:40 . 2012-01-28 10:40	--------	d-----w-	c:\programme\Lame For Audacity
2012-01-23 19:51 . 2012-01-23 19:51	--------	d-----w-	c:\programme\iPod
2012-01-17 15:01 . 2012-01-28 17:04	--------	d-----w-	c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Audacity
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-06 12:21 . 2011-02-28 16:44	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-12-05 12:31 . 2011-06-06 13:21	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-29 18:57 . 2011-11-29 18:57	29184	----a-r-	c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Microsoft\Installer\{106F886B-A874-43DF-BCC4-01DB57E1F3C6}\IconTmpl5.26D6FF13_F77C_402E_8E96_9E49DFBBAF31.exe
2011-11-25 21:57 . 2004-08-04 10:00	293888	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-04 10:00	1859712	----a-w-	c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-04 10:00	61952	----a-w-	c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-04 10:00	354816	----a-w-	c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-04 10:00	152064	----a-w-	c:\windows\system32\schannel.dll
2012-02-02 23:04 . 2011-04-30 19:32	134104	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\NSynas32.sys ---
Company: Syncrosoft Hard- und Software GmbH
File Description: Internet Protection Hardware Driver
File Version: 1.108
Product Name: Internet Protection Hardware Driver
Copyright: © Syncrosoft Hard- und Software GmbH 1999
Original Filename: NSynas32.sys
File size: 17784
Created time: 2012-02-03 11:19
Modified time: 2001-04-09 19:03
MD5: 4B4A21E158C039EE0888741BFE1D24E0
SHA1: C58404C9C59D851C1239AFF58F45A70F952E8ABE
.
---- Directory of c:\windows\mbgruppe ----
.
2012-02-02 20:43 . 2002-05-02 16:36	126976	----a-w-	c:\windows\mbgruppe\mbUtil.dll
2012-02-02 20:43 . 2002-04-05 12:33	45056	----a-w-	c:\windows\mbgruppe\mbHLink.ocx
2012-02-02 20:43 . 2001-12-18 15:58	319488	----a-w-	c:\windows\mbgruppe\mbdbjet.dll
2012-02-02 20:43 . 2000-10-31 11:11	90112	----a-w-	c:\windows\mbgruppe\mbctrl.ocx
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}]
2011-11-22 08:59	269824	----a-w-	c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUpon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]
"ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"hpWirelessAssistant"="c:\programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iSaverCtrl"="c:\programme\iSaver\iSaverCtrl.exe" [2009-06-08 1160192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"LogitechQuickCamRibbon"="c:\programme\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"AVP"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"MSC"="c:\programme\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SDTray"="c:\programme\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
"Spybot-S&D Cleaning"="c:\programme\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-10-05 3025304]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"EPSON SX100 Series (Kopie 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE" [2008-02-05 188928]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-16 09:45	63712	----a-w-	c:\programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Device Listener]
2011-01-25 08:48	380416	----a-w-	c:\programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programme\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Programme\\Synology\\Assistant\\DSAssistant.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Programme\\Synology Data Replicator  3\\Backup.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Programme\\Synology Download Redirector\\Redirector.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.03.2009 18:42 715248]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04.03.2011 13:23 11352]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\programme\Spybot - Search & Destroy 2\SDHookDrv32.sys [03.02.2012 08:06 38504]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [03.02.2012 11:19 652360]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\programme\Spybot - Search & Destroy 2\SDHookSvc.exe [03.02.2012 08:06 130976]
R2 StumbleUponUpdater;StumbleUpon Updater;c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe [22.11.2011 09:59 18432]
R2 SynoDrService;SynoDrService;c:\programme\Synology Data Replicator  3\SynoDrService.exe [12.01.2010 03:45 245760]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10.03.2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02.11.2009 20:27 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03.02.2012 11:19 20464]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 12:16 130384]
S2 gupdate1c9cc19a2b7bc2e;Google Update Service (gupdate1c9cc19a2b7bc2e);c:\programme\Google\Update\GoogleUpdate.exe [03.05.2009 19:04 133104]
S3 crmsrv;INTERMEDIATE enomic Intern Server;"c:\programme\Intermediate Intern Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf --> c:\programme\Intermediate Intern Server\enomic-server\Wrapper.exe [?]
S3 enomicsrv;Intermediate ENOMIC Server;"c:\programme\Intermediate Demo Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf --> c:\programme\Intermediate Demo Server\enomic-server\Wrapper.exe [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [03.05.2009 19:04 133104]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programme\Spybot - Search & Destroy 2\SDFSSvc.exe [03.02.2012 08:06 892336]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [03.02.2012 08:06 955816]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 12:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32	8192	----a-w-	c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-02-09 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDUpdate.exe [2012-02-03 14:46]
.
2012-02-06 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-16 13:26]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-05-03 18:04]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-05-03 18:04]
.
2012-02-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
2012-02-09 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDImmunize.exe [2012-02-03 14:46]
.
2012-02-09 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDScan.exe [2012-02-03 14:46]
.
2012-02-08 c:\windows\Tasks\Synology Data Replicator 3-NB-001-tmondelli.job
- c:\programme\Synology Data Replicator  3\Backup.exe [2010-09-15 09:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.mondelli.de/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Hinzufügen zu Anti-Banner - c:\programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Mozilla\Firefox\Profiles\u67unzlk.default\
FF - prefs.js: browser.startup.homepage - www.mondelli.de
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-09 19:45
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"7040111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1492)
c:\programme\Spybot - Search & Destroy 2\SDHook32.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\MPRUI.dll
c:\windows\system32\netmsg.dll
.
- - - - - - - > 'lsass.exe'(1548)
c:\programme\Spybot - Search & Destroy 2\SDHook32.dll
.
- - - - - - - > 'explorer.exe'(3120)
c:\programme\Spybot - Search & Destroy 2\SDHook32.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\MPR.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\igfxsrvc.exe
c:\programme\Hewlett-Packard\Shared\HpqToaster.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-09  19:50:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-09 18:50
ComboFix2.txt  2012-02-09 11:02
ComboFix3.txt  2012-02-08 16:53
.
Vor Suchlauf: 8.933.801.984 Bytes frei
Nach Suchlauf: 8.903.917.568 Bytes frei
.
- - End Of File - - B834760F299D2D6188B9202AC8B01AA1
ComboFix lief soweit problemlos durch. Allerdings hatte ComboFix am Anfang moniert, dass der G-Data AV-Client noch aktiv sei. Leider konnte ich nichts finden um ihn zu schließen, da alle Dateien im G-Data-Verzeichnis vom Virus gelöscht worden sind. Ich habe keine Ahnung welcher Prozess da im Hintergrund noch am laufen ist. Ich hoffe mal, dass dies kein schlechtes Zeichen ist.

Gruß Thomas

Alt 09.02.2012, 21:46   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Check Malware entfernt, aber immer noch Probleme - Standard

System Check Malware entfernt, aber immer noch Probleme


Sagmal ist das rein zufällig ein Büro- oder andersweitig hauptsächlich gewerblich eingesetzter Rechner?
__________________

__________________
Alt 09.02.2012, 22:32   #18
struppyx
 
System Check Malware entfernt, aber immer noch Probleme - Standard

System Check Malware entfernt, aber immer noch Probleme


Das war früher mein Home-Office-Rechner, den ich jetzt aber vorwiegend nur noch privat nutze.
__________________
Alt 10.02.2012, 12:12   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Check Malware entfernt, aber immer noch Probleme - Standard

System Check Malware entfernt, aber immer noch Probleme


Zitat:
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
Sind tatsächlich Kaspersky IS und MSE gleichzeitig installiert??
Wenn ja, sowas geht nicht, man sollte nie zwei Virenscanner dieser Art gleichzeitig nutzen. Eins umgehend deinstallieren!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.02.2012, 14:37   #20
struppyx
 
System Check Malware entfernt, aber immer noch Probleme - Standard

System Check Malware entfernt, aber immer noch Probleme


Alles klar, werde einen wieder deaktivieren. Aus meiner Sicht funktionieren beide gleich gut, da der Kaspersky sowieso nur eine Test-Version ist, werde ich mit dem MSE weitermachen, oder hast du als Experten einen anderen Ratschlag?

Was mich noch unsicher macht, ist die Geschichte, mit dem nicht mehr vorhandenen G-Data Client, den ComboFix bemerkt hatte. Muss man da noch etwas tun oder kann man das ignorieren?

Gruß Thomas


Alt 10.02.2012, 16:08   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Check Malware entfernt, aber immer noch Probleme - Standard

System Check Malware entfernt, aber immer noch Probleme


Nein, nicht deaktivieren, sondern deinstallieren!
__________________
--> System Check Malware entfernt, aber immer noch Probleme

Alt 10.02.2012, 17:28   #22
struppyx
 
System Check Malware entfernt, aber immer noch Probleme - Standard

System Check Malware entfernt, aber immer noch Probleme


So, Kaspersky ist deinstalliert. Kann ich noch etwas tun?

Gruß Thomas

Alt 10.02.2012, 19:02   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Check Malware entfernt, aber immer noch Probleme - Standard

System Check Malware entfernt, aber immer noch Probleme


Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.02.2012, 22:01   #24
struppyx
 
System Check Malware entfernt, aber immer noch Probleme - Standard

System Check Malware entfernt, aber immer noch Probleme


Hallo Arne,

hier die Osam-Log:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:08:52 on 10.02.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\WINDOWS\system32\sdnclean.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"Check for updates (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Refresh immunization (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDImmunize.exe
"Scan the system (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDScan.exe
"MP Scheduled Scan.job" - "Microsoft Corporation" - C:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe
"Synology Data Replicator 3-NB-001-tmondelli.job" - ? - C:\Programme\Synology Data Replicator  3\Backup.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"ImageDrive.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\ImageDrive.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"HPWACpl" - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\HP Wireless Assistant\WACntlPnl.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"BlackBerry-Smartphone" (RimUsb) - ? - C:\WINDOWS\System32\Drivers\RimUsb.sys  (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\catchme.sys  (File not found)
"cercsr6" (cercsr6) - "Adaptec, Inc." - C:\WINDOWS\system32\drivers\cercsr6.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"fftdqpog" (fftdqpog) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\fftdqpog.sys  (Hidden registry entry, rootkit activity | File not found)
"GEAR ASPI Filter Driver" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MpKsla4b0dc35" (MpKsla4b0dc35) - "Microsoft Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{126C6DA4-AF2A-4415-89FA-30A859E32C96}\MpKsla4b0dc35.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"SANDRA" (SANDRA) - ? - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\WNt500x86\Sandra.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"Spybot-S&D 2 Hook Driver" (SDHookDriver) - ? - C:\Programme\Spybot - Search & Destroy 2\SDHookDrv32.sys  (File found, but it contains no detailed information)
"tclondrv" (tclondrv) - ? - C:\WINDOWS\System32\DRIVERS\tclondrv.sys  (File not found)
"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WinDriver6" (WinDriver6) - "Jungo" - C:\WINDOWS\System32\drivers\windrvr6.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{9C450606-ED24-4958-92BA-B8940C99D441} "PixiePack Codec Pack 1.1.400.0" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Programme\Pinnacle\VideoSpin\Programs\BlueShellExt.dll  (File found, but it contains no detailed information)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll  (File found, but it contains no detailed information)
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI239C~1\shellext.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{44176360-2BBF-4EC1-93CE-384B8681A0BC} "Spybot-S&D Explorer Integration" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDECon32.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx / hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10t.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} "StumbleUpon" - "StumbleUpon Inc." - C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUpon.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\tmondelli.NB-001\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ISUSPM" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"IntelWireless" - "Intel Corporation" - "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
"IntelZeroConfig" - "Intel Corporation" - "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
"iSaverCtrl" - "infoMantis GmbH" - C:\Programme\iSaver\iSaverCtrl.exe --startup
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"MSC" - "Microsoft Corporation" - "C:\Programme\Microsoft Security Client\msseces.exe" -hide -runkey
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SDTray" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe"
"Spybot-S&D Cleaning" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Broadcom 802.11 Wireless LAN Adapter Logon Provider" - "Broadcom Corporation" - C:\WINDOWS\System32\BCMLogon.dll
"IntelNetProvCredMan" - "Intel Corporation" - c:\windows\system32\netprovcredman.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDFCreator" - "internet-support foehr.com" - C:\WINDOWS\system32\pdfcmnnt.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\WINDOWS\system32\bgsvcgen.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9cc19a2b7bc2e)" (gupdate1c9cc19a2b7bc2e) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"INTERMEDIATE enomic Intern Server" (crmsrv) - ? - "C:\Programme\Intermediate Intern Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf  (File not found)
"Intermediate ENOMIC Server" (enomicsrv) - ? - "C:\Programme\Intermediate Demo Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf  (File not found)
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LiveShare P2P Server 9" (RoxLiveShare9) - ? - "C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe"  (File not found)
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
"Spybot S&D 2 Live Protection Service" (SDHookService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe
"Spybot-S&D 2 Scanner Service" (SDScannerService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
"Spybot-S&D 2 Updating Service" (SDUpdateService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
"StumbleUpon Updater" (StumbleUponUpdater) - ? - C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe  (File found, but it contains no detailed information)
"SynoDrService" (SynoDrService) - ? - C:\Programme\Synology Data Replicator  3\SynoDrService.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Und die aswMBR.txt:
Code:
ATTFilter
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-10 21:19:13
-----------------------------
21:19:13.734    OS Version: Windows 5.1.2600 Service Pack 3
21:19:13.734    Number of processors: 2 586 0xF06
21:19:13.734    ComputerName: NB-001  UserName: 
21:19:14.109    Initialize success
21:19:18.484    AVAST engine defs: 12021000
21:19:22.312    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:19:22.312    Disk 0 Vendor: ST912082 7.24 Size: 114473MB BusType: 3
21:19:22.468    Disk 0 MBR read successfully
21:19:22.468    Disk 0 MBR scan
21:19:22.500    Disk 0 Windows XP default MBR code
21:19:22.500    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        50011 MB offset 63
21:19:22.546    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        64459 MB offset 102422880
21:19:22.640    Disk 0 scanning sectors +234435600
21:19:22.859    Disk 0 scanning C:\WINDOWS\system32\drivers
21:19:57.281    Service scanning
21:19:57.609    Service MpKsla4b0dc35 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{126C6DA4-AF2A-4415-89FA-30A859E32C96}\MpKsla4b0dc35.sys **LOCKED** 32
21:19:57.656    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
21:19:58.187    Modules scanning
21:21:06.265    Disk 0 trace - called modules:
21:21:06.328    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spwf.sys >>UNKNOWN [0x8a636944]<<
21:21:06.328    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5889c0]
21:21:06.328    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000091[0x8a58aa28]
21:21:06.328    5 ACPI.sys[b9e69620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a589030]
21:21:06.703    AVAST engine scan C:\WINDOWS
21:21:38.187    AVAST engine scan C:\WINDOWS\system32
21:33:45.000    AVAST engine scan C:\WINDOWS\system32\drivers
21:34:46.140    AVAST engine scan C:\Dokumente und Einstellungen\tmondelli.NB-001
21:42:33.421    AVAST engine scan C:\Dokumente und Einstellungen\All Users
21:44:12.218    Scan finished successfully
21:51:55.406    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\MBR.dat"
21:51:55.421    The log file has been saved successfully to "C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\aswMBR.txt"
Gruß Thomas

Alt 10.02.2012, 22:18   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Check Malware entfernt, aber immer noch Probleme - Standard

System Check Malware entfernt, aber immer noch Probleme


GMER fehlt. Warum packst du nicht alles als CODE hier in den Beitrag? war ein Log zu groß?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.02.2012, 22:42   #26
struppyx
 
System Check Malware entfernt, aber immer noch Probleme - Standard

System Check Malware entfernt, aber immer noch Probleme


GMER läuft noch, sobald er durch ist poste ich dir nochmal alles zusammen.

Alt 10.02.2012, 22:57   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Check Malware entfernt, aber immer noch Probleme - Standard

System Check Malware entfernt, aber immer noch Probleme


Ist ok, nimm dir die Zeit!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.02.2012, 07:59   #28
struppyx
 
System Check Malware entfernt, aber immer noch Probleme - Standard

System Check Malware entfernt, aber immer noch Probleme


Guten Morgen Arne,

nun habe ich alle Logs zusammen:

GMER:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-11 07:52:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST912082 rev.7.24
Running: 47crshwe.exe; Driver: C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\fftdqpog.sys


---- System - GMER 1.0.15 ----

SSDT      spec.sys                                                                                                                                      ZwCreateKey [0xB9EAB0E0]
SSDT      spec.sys                                                                                                                                      ZwEnumerateKey [0xB9EC8CA2]
SSDT      spec.sys                                                                                                                                      ZwEnumerateValueKey [0xB9EC9030]
SSDT      spec.sys                                                                                                                                      ZwOpenKey [0xB9EAB0C0]
SSDT      spec.sys                                                                                                                                      ZwQueryKey [0xB9EC9108]
SSDT      spec.sys                                                                                                                                      ZwQueryValueKey [0xB9EC8F88]
SSDT      spec.sys                                                                                                                                      ZwSetValueKey [0xB9EC919A]

INT 0x62  ?                                                                                                                                             8A685BF8
INT 0x73  ?                                                                                                                                             8A615BF8
INT 0x73  ?                                                                                                                                             8A684BF8
INT 0x73  ?                                                                                                                                             8A615BF8
INT 0xA4  ?                                                                                                                                             8A684BF8

---- Kernel code sections - GMER 1.0.15 ----

?         spec.sys                                                                                                                                      Das System kann die angegebene Datei nicht finden. !
.text     USBPORT.SYS!DllUnload                                                                                                                         B83B28AC 5 Bytes  JMP 8A6841D8 

---- User code sections - GMER 1.0.15 ----

.text     C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[288] kernel32.dll!LoadLibraryExW + C4                                                        7C801BB9 4 Bytes  CALL 008E0001 
.text     C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[288] kernel32.dll!CreateProcessW                                                             7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[288] kernel32.dll!CreateProcessA                                                             7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[400] kernel32.dll!LoadLibraryExW + C4                                         7C801BB9 4 Bytes  CALL 00BA0001 
.text     C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[400] kernel32.dll!CreateProcessW                                              7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[400] kernel32.dll!CreateProcessA                                              7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Programme\Java\jre6\bin\jqs.exe[416] kernel32.dll!LoadLibraryExW + C4                                                                      7C801BB9 4 Bytes  CALL 00F10001 
.text     C:\Programme\Java\jre6\bin\jqs.exe[416] kernel32.dll!CreateProcessW                                                                           7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\Programme\Java\jre6\bin\jqs.exe[416] kernel32.dll!CreateProcessA                                                                           7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\Programme\Google\Update\GoogleUpdate.exe[484] kernel32.dll!LoadLibraryExW + C4                                                             7C801BB9 4 Bytes  CALL 00FA0001 
.text     C:\Programme\Google\Update\GoogleUpdate.exe[484] kernel32.dll!CreateProcessW                                                                  7C802336 6 Bytes  JMP 71A60F5A 
.text     C:\Programme\Google\Update\GoogleUpdate.exe[484] kernel32.dll!CreateProcessA                                                                  7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[500] kernel32.dll!LoadLibraryExW + C4                                7C801BB9 4 Bytes  CALL 00CB0001 
.text     C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[500] kernel32.dll!CreateProcessW                                     7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[500] kernel32.dll!CreateProcessA                                     7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\WINDOWS\Explorer.EXE[580] kernel32.dll!LoadLibraryExW + C4                                                                                 7C801BB9 4 Bytes  CALL 00F00001 
.text     C:\WINDOWS\Explorer.EXE[580] kernel32.dll!CreateProcessW                                                                                      7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\WINDOWS\Explorer.EXE[580] kernel32.dll!CreateProcessA                                                                                      7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[584] kernel32.dll!LoadLibraryExW + C4                                            7C801BB9 4 Bytes  CALL 00AF0001 
.text     C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[584] kernel32.dll!CreateProcessW                                                 7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[584] kernel32.dll!CreateProcessA                                                 7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[616] kernel32.dll!LoadLibraryExW + C4                                                 7C801BB9 4 Bytes  CALL 01310001 
.text     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[616] kernel32.dll!CreateProcessW                                                      7C802336 6 Bytes  JMP 71A60F5A 
.text     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[616] kernel32.dll!CreateProcessA                                                      7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe[624] kernel32.dll!LoadLibraryExW + C4                                             7C801BB9 4 Bytes  CALL 00DE0001 
.text     C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe[624] kernel32.dll!CreateProcessW                                                  7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe[624] kernel32.dll!CreateProcessA                                                  7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!LoadLibraryExW + C4                                                                         7C801BB9 4 Bytes  CALL 00F50001 
.text     C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateProcessW                                                                              7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateProcessA                                                                              7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 01820001 
.text     C:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!CreateProcessW                                                                             7C802336 6 Bytes  JMP 71A60F5A 
.text     C:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!CreateProcessA                                                                             7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 01490001 
.text     C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessW                                                                             7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessA                                                                             7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryExW + C4                                                                           7C801BB9 4 Bytes  CALL 01340001 
.text     C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessW                                                                                7C802336 6 Bytes  JMP 71A60F5A 
.text     C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessA                                                                                7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\Programme\iTunes\iTunesHelper.exe[1008] kernel32.dll!LoadLibraryExW + C4                                                                   7C801BB9 4 Bytes  CALL 00BB0001 
.text     C:\Programme\iTunes\iTunesHelper.exe[1008] kernel32.dll!CreateProcessW                                                                        7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\Programme\iTunes\iTunesHelper.exe[1008] kernel32.dll!CreateProcessA                                                                        7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] kernel32.dll!LoadLibraryExW + C4               7C801BB9 4 Bytes  CALL 01FA0001 
.text     C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] kernel32.dll!CreateProcessW                    7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] kernel32.dll!CreateProcessA                    7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 00E50001 
.text     C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessW                                                                             7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessA                                                                             7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 01010001 
.text     C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW                                                                             7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA                                                                             7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\WINDOWS\system32\bgsvcgen.exe[1280] kernel32.dll!LoadLibraryExW + C4                                                                       7C801BB9 4 Bytes  CALL 010F0001 
.text     C:\WINDOWS\system32\bgsvcgen.exe[1280] kernel32.dll!CreateProcessW                                                                            7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\WINDOWS\system32\bgsvcgen.exe[1280] kernel32.dll!CreateProcessA                                                                            7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\Programme\Bonjour\mDNSResponder.exe[1316] kernel32.dll!LoadLibraryExW + C4                                                                 7C801BB9 4 Bytes  CALL 00CF0001 
.text     C:\Programme\Bonjour\mDNSResponder.exe[1316] kernel32.dll!CreateProcessW                                                                      7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\Programme\Bonjour\mDNSResponder.exe[1316] kernel32.dll!CreateProcessA                                                                      7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1356] kernel32.dll!LoadLibraryExW + C4                                         7C801BB9 4 Bytes  CALL 052B0001 
.text     C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1356] kernel32.dll!CreateProcessW                                              7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1356] kernel32.dll!CreateProcessA                                              7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[1364] kernel32.dll!LoadLibraryExW + C4                                             7C801BB9 4 Bytes  CALL 00F50001 
.text     C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[1364] kernel32.dll!CreateProcessW                                                  7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[1364] kernel32.dll!CreateProcessA                                                  7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 02650001 
.text     C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!CreateProcessW                                                                             7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!CreateProcessA                                                                             7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 00D60001 
.text     C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessW                                                                             7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessA                                                                             7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!LoadLibraryExW + C4                                                           7C801BB9 4 Bytes  CALL 07400001 
.text     C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!CreateProcessW                                                                7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!CreateProcessA                                                                7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[1568] kernel32.dll!LoadLibraryExW + C4                                                            7C801BB9 4 Bytes  CALL 010D0001 
.text     C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[1568] kernel32.dll!CreateProcessW                                                                 7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[1568] kernel32.dll!CreateProcessA                                                                 7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 00BB0001 
.text     C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessW                                                                             7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessA                                                                             7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe[1704] kernel32.dll!LoadLibraryExW + C4                                                 7C801BB9 4 Bytes  CALL 00B00001 
.text     C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe[1704] kernel32.dll!CreateProcessW                                                      7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe[1704] kernel32.dll!CreateProcessA                                                      7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 00DD0001 
.text     C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessW                                                                             7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessA                                                                             7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 00DC0001 
.text     C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessW                                                                             7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessA                                                                             7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1892] kernel32.dll!LoadLibraryExW + C4                                                             7C801BB9 4 Bytes  CALL 0A6D0001 
.text     C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1892] kernel32.dll!CreateProcessW                                                                  7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1892] kernel32.dll!CreateProcessA                                                                  7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\WINDOWS\system32\spoolsv.exe[1992] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 00D90001 
.text     C:\WINDOWS\system32\spoolsv.exe[1992] kernel32.dll!CreateProcessW                                                                             7C802336 6 Bytes  JMP 71A80F5A 
.text     C:\WINDOWS\system32\spoolsv.exe[1992] kernel32.dll!CreateProcessA                                                                             7C80236B 6 Bytes  JMP 71AE0F5A 
.text     C:\Programme\Analog Devices\Core\smax4pnp.exe[2052] kernel32.dll!LoadLibraryExW + C4                                                          7C801BB9 4 Bytes  CALL 00E00001 
.text     C:\Programme\Analog Devices\Core\smax4pnp.exe[2052] kernel32.dll!CreateProcessW                                                               7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\Programme\Analog Devices\Core\smax4pnp.exe[2052] kernel32.dll!CreateProcessA                                                               7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[2124] kernel32.dll!LoadLibraryExW + C4                                                            7C801BB9 4 Bytes  CALL 01540001 
.text     C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[2124] kernel32.dll!CreateProcessW                                                                 7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[2124] kernel32.dll!CreateProcessA                                                                 7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe[2172] kernel32.dll!LoadLibraryExW + C4  7C801BB9 4 Bytes  CALL 008D0001 
.text     C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe[2172] kernel32.dll!CreateProcessW       7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe[2172] kernel32.dll!CreateProcessA       7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Programme\Synology Data Replicator  3\SynoDrService.exe[2220] kernel32.dll!LoadLibraryExW + C4                                             7C801BB9 4 Bytes  CALL 00980001 
.text     C:\Programme\Synology Data Replicator  3\SynoDrService.exe[2220] kernel32.dll!CreateProcessW                                                  7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\Programme\Synology Data Replicator  3\SynoDrService.exe[2220] kernel32.dll!CreateProcessA                                                  7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2268] kernel32.dll!LoadLibraryExW + C4                                                  7C801BB9 4 Bytes  CALL 00DA0001 
.text     C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2268] kernel32.dll!CreateProcessW                                                       7C802336 6 Bytes  JMP 71A50F5A 
.text     C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2268] kernel32.dll!CreateProcessA                                                       7C80236B 6 Bytes  JMP 71AD0F5A 
.text     E:\Temp\47crshwe.exe[2384] kernel32.dll!LoadLibraryExW + C4                                                                                   7C801BB9 4 Bytes  CALL 00C00001 
.text     E:\Temp\47crshwe.exe[2384] kernel32.dll!CreateProcessW                                                                                        7C802336 6 Bytes  JMP 71A90F5A 
.text     E:\Temp\47crshwe.exe[2384] kernel32.dll!CreateProcessA                                                                                        7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] kernel32.dll!LoadLibraryExW + C4                                                 7C801BB9 4 Bytes  CALL 011B0001 
.text     C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] kernel32.dll!CreateProcessW                                                      7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] kernel32.dll!CreateProcessA                                                      7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\WINDOWS\system32\igfxsrvc.exe[2432] kernel32.dll!LoadLibraryExW + C4                                                                       7C801BB9 4 Bytes  CALL 00B80001 
.text     C:\WINDOWS\system32\igfxsrvc.exe[2432] kernel32.dll!CreateProcessW                                                                            7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\WINDOWS\system32\igfxsrvc.exe[2432] kernel32.dll!CreateProcessA                                                                            7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[2520] kernel32.dll!LoadLibraryExW + C4                                                           7C801BB9 4 Bytes  CALL 013C0001 
.text     C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[2520] kernel32.dll!CreateProcessW                                                                7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[2520] kernel32.dll!CreateProcessA                                                                7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Programme\iPod\bin\iPodService.exe[2604] kernel32.dll!LoadLibraryExW + C4                                                                  7C801BB9 4 Bytes  CALL 00980001 
.text     C:\Programme\iPod\bin\iPodService.exe[2604] kernel32.dll!CreateProcessW                                                                       7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\Programme\iPod\bin\iPodService.exe[2604] kernel32.dll!CreateProcessA                                                                       7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe[2824] kernel32.dll!LoadLibraryExW + C4                                                     7C801BB9 4 Bytes  CALL 00C00001 
.text     C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe[2824] kernel32.dll!CreateProcessW                                                          7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe[2824] kernel32.dll!CreateProcessA                                                          7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\WINDOWS\system32\igfxtray.exe[2868] kernel32.dll!LoadLibraryExW + C4                                                                       7C801BB9 4 Bytes  CALL 00C00001 
.text     C:\WINDOWS\system32\igfxtray.exe[2868] kernel32.dll!CreateProcessW                                                                            7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\WINDOWS\system32\igfxtray.exe[2868] kernel32.dll!CreateProcessA                                                                            7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\WINDOWS\system32\wbem\wmiapsrv.exe[2908] kernel32.dll!LoadLibraryExW + C4                                                                  7C801BB9 4 Bytes  CALL 009D0001 
.text     C:\WINDOWS\system32\wbem\wmiapsrv.exe[2908] kernel32.dll!CreateProcessW                                                                       7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\WINDOWS\system32\wbem\wmiapsrv.exe[2908] kernel32.dll!CreateProcessA                                                                       7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\WINDOWS\system32\hkcmd.exe[2920] kernel32.dll!LoadLibraryExW + C4                                                                          7C801BB9 4 Bytes  CALL 00C00001 
.text     C:\WINDOWS\system32\hkcmd.exe[2920] kernel32.dll!CreateProcessW                                                                               7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\WINDOWS\system32\hkcmd.exe[2920] kernel32.dll!CreateProcessA                                                                               7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\WINDOWS\system32\igfxpers.exe[2956] kernel32.dll!LoadLibraryExW + C4                                                                       7C801BB9 4 Bytes  CALL 00B70001 
.text     C:\WINDOWS\system32\igfxpers.exe[2956] kernel32.dll!CreateProcessW                                                                            7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\WINDOWS\system32\igfxpers.exe[2956] kernel32.dll!CreateProcessA                                                                            7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\WINDOWS\System32\alg.exe[3008] kernel32.dll!LoadLibraryExW + C4                                                                            7C801BB9 4 Bytes  CALL 00940001 
.text     C:\WINDOWS\System32\alg.exe[3008] kernel32.dll!CreateProcessW                                                                                 7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\WINDOWS\System32\alg.exe[3008] kernel32.dll!CreateProcessA                                                                                 7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\WINDOWS\system32\wbem\wmiprvse.exe[3060] kernel32.dll!LoadLibraryExW + C4                                                                  7C801BB9 4 Bytes  CALL 00A00001 
.text     C:\WINDOWS\system32\wbem\wmiprvse.exe[3060] kernel32.dll!CreateProcessW                                                                       7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\WINDOWS\system32\wbem\wmiprvse.exe[3060] kernel32.dll!CreateProcessA                                                                       7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[3292] kernel32.dll!LoadLibraryExW + C4                                        7C801BB9 4 Bytes  CALL 00C60001 
.text     C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[3292] kernel32.dll!CreateProcessW                                             7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[3292] kernel32.dll!CreateProcessA                                             7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Programme\Microsoft Security Client\msseces.exe[3660] kernel32.dll!LoadLibraryExW + C4                                                     7C801BB9 4 Bytes  CALL 00CD0001 
.text     C:\Programme\Microsoft Security Client\msseces.exe[3660] kernel32.dll!CreateProcessW                                                          7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\Programme\Microsoft Security Client\msseces.exe[3660] kernel32.dll!CreateProcessA                                                          7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[3664] kernel32.dll!LoadLibraryExW + C4                                                    7C801BB9 4 Bytes  CALL 00FC0001 
.text     C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[3664] kernel32.dll!CreateProcessW                                                         7C802336 6 Bytes  JMP 71A70F5A 
.text     C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[3664] kernel32.dll!CreateProcessA                                                         7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3816] kernel32.dll!LoadLibraryExW + C4                                           7C801BB9 4 Bytes  CALL 00DC0001 
.text     C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3816] kernel32.dll!CreateProcessW                                                7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3816] kernel32.dll!CreateProcessA                                                7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3820] kernel32.dll!LoadLibraryExW + C4                                    7C801BB9 4 Bytes  CALL 00B30001 
.text     C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3820] kernel32.dll!CreateProcessW                                         7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3820] kernel32.dll!CreateProcessA                                         7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[3856] kernel32.dll!LoadLibraryExW + C4                                                   7C801BB9 4 Bytes  CALL 00D40001 
.text     C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[3856] kernel32.dll!CreateProcessW                                                        7C802336 6 Bytes  JMP 71A70F5A 
.text     C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[3856] kernel32.dll!CreateProcessA                                                        7C80236B 6 Bytes  JMP 71AF0F5A 
.text     C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[3976] kernel32.dll!LoadLibraryExW + C4                                 7C801BB9 4 Bytes  CALL 00B60001 
.text     C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[3976] kernel32.dll!CreateProcessW                                      7C802336 6 Bytes  JMP 71A90F5A 
.text     C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[3976] kernel32.dll!CreateProcessA                                      7C80236B 6 Bytes  JMP 71AF0F5A 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT       atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                            [B9EAC046] spec.sys
IAT       atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                                    [B9EAC142] spec.sys
IAT       atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                                           [B9EAC0C4] spec.sys
IAT       atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                                   [B9EAC7CE] spec.sys
IAT       atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                                           [B9EAC6A4] spec.sys
IAT       \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                                            [B9EB7D7A] spec.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT       C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                                      [00F12F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT       C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                             [00F12C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT       C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                           [00F12CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT       C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                                 [00F12CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT       C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                      [011C2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT       C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]             [011C2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT       C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                           [011C2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT       C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                 [011C2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                                                        8A6831F8
Device    \Driver\usbuhci \Device\USBPDO-0                                                                                                              89B5B1F8
Device    \Driver\dmio \Device\DmControl\DmIoDaemon                                                                                                     8A6161F8
Device    \Driver\dmio \Device\DmControl\DmConfig                                                                                                       8A6161F8
Device    \Driver\dmio \Device\DmControl\DmPnP                                                                                                          8A6161F8
Device    \Driver\dmio \Device\DmControl\DmInfo                                                                                                         8A6161F8
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                                              89B5B1F8
Device    \Driver\usbuhci \Device\USBPDO-2                                                                                                              89B5B1F8
Device    \Driver\usbuhci \Device\USBPDO-3                                                                                                              89B5B1F8
Device    \Driver\usbehci \Device\USBPDO-4                                                                                                              89B2E1F8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{D96C6CDB-062D-46B2-B66F-FA4B9ECC5E51}                                                                      897BC500
Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                        8A6861F8
Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                                                        8A6861F8
Device    \Driver\Cdrom \Device\CdRom0                                                                                                                  89B071F8
Device    \Driver\iastor \Device\Ide\iaStor0                                                                                                            [B9D585D0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                                                   [B9DE0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                                            [B9DE0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\iastor \Device\Ide\IAAStorageDevice-0                                                                                                 [B9D585D0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                       897BC500
Device    \Driver\NetBT \Device\NetbiosSmb                                                                                                              897BC500
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                                              89B5B1F8
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                                              89B5B1F8
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                             8983B500
Device    \Driver\usbuhci \Device\USBFDO-2                                                                                                              89B5B1F8
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                                   8983B500
Device    \Driver\usbuhci \Device\USBFDO-3                                                                                                              89B5B1F8
Device    \Driver\usbehci \Device\USBFDO-4                                                                                                              89B2E1F8
Device    \Driver\Ftdisk \Device\FtControl                                                                                                              8A6861F8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{CEAE2D63-0D6E-426B-A352-BE5CF7D88C2A}                                                                      897BC500
Device    \FileSystem\Cdfs \Cdfs                                                                                                                        89A58500

---- Registry - GMER 1.0.15 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                            771343423
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                            285507792
Reg       HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                                             
Reg       HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                                              Apartment
Reg       HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg       HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b                            0xC8 0x28 0x51 0xAF ...
Reg       HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                                             
Reg       HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                                              Apartment
Reg       HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg       HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b                            0x71 0x3B 0x04 0x66 ...
Reg       HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                                             
Reg       HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                                              Apartment
Reg       HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg       HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016                            0x25 0xDA 0xEC 0x7E ...
Reg       HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                                             
Reg       HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                                              Apartment
Reg       HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg       HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48                            0x86 0x8C 0x21 0x01 ...
Reg       HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                                             
Reg       HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                                              Apartment
Reg       HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg       HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472                            0xCD 0x44 0xCD 0xB9 ...
Reg       HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                                             
Reg       HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                                              Apartment
Reg       HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg       HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d                            0xDF 0x20 0x58 0x62 ...
Reg       HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                                             
Reg       HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                                              Apartment
Reg       HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg       HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b                            0x31 0x77 0xE1 0xBA ...
Reg       HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                                             
Reg       HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                                              Apartment
Reg       HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg       HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d                            0x83 0x6C 0x56 0x8B ...
Reg       HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                                             
Reg       HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                                              Apartment
Reg       HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg       HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3                            0x51 0xFA 0x6E 0x91 ...
Reg       HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                                             
Reg       HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                                              Apartment
Reg       HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg       HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b                            0xB1 0xCD 0x45 0x5A ...
Reg       HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                                             
Reg       HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                                              Apartment
Reg       HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg       HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6                            0xE3 0x0E 0x66 0xD5 ...
Reg       HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                                             
Reg       HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                                              Apartment
Reg       HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg       HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2                            0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File      C:\Dokumente und Einstellungen\tmondelli.NB-001\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4TFY2B41\integrity-local[1].txt     40 bytes
File      C:\Dokumente und Einstellungen\tmondelli.NB-001\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4TFY2B41\integrity-local[2].txt     40 bytes

---- EOF - GMER 1.0.15 ----
OSAM:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:08:52 on 10.02.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\WINDOWS\system32\sdnclean.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"Check for updates (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Refresh immunization (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDImmunize.exe
"Scan the system (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDScan.exe
"MP Scheduled Scan.job" - "Microsoft Corporation" - C:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe
"Synology Data Replicator 3-NB-001-tmondelli.job" - ? - C:\Programme\Synology Data Replicator  3\Backup.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"ImageDrive.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\ImageDrive.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"HPWACpl" - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\HP Wireless Assistant\WACntlPnl.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"BlackBerry-Smartphone" (RimUsb) - ? - C:\WINDOWS\System32\Drivers\RimUsb.sys  (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\catchme.sys  (File not found)
"cercsr6" (cercsr6) - "Adaptec, Inc." - C:\WINDOWS\system32\drivers\cercsr6.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"fftdqpog" (fftdqpog) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\fftdqpog.sys  (Hidden registry entry, rootkit activity | File not found)
"GEAR ASPI Filter Driver" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MpKsla4b0dc35" (MpKsla4b0dc35) - "Microsoft Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{126C6DA4-AF2A-4415-89FA-30A859E32C96}\MpKsla4b0dc35.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"SANDRA" (SANDRA) - ? - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\WNt500x86\Sandra.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"Spybot-S&D 2 Hook Driver" (SDHookDriver) - ? - C:\Programme\Spybot - Search & Destroy 2\SDHookDrv32.sys  (File found, but it contains no detailed information)
"tclondrv" (tclondrv) - ? - C:\WINDOWS\System32\DRIVERS\tclondrv.sys  (File not found)
"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WinDriver6" (WinDriver6) - "Jungo" - C:\WINDOWS\System32\drivers\windrvr6.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{9C450606-ED24-4958-92BA-B8940C99D441} "PixiePack Codec Pack 1.1.400.0" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Programme\Pinnacle\VideoSpin\Programs\BlueShellExt.dll  (File found, but it contains no detailed information)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll  (File found, but it contains no detailed information)
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI239C~1\shellext.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{44176360-2BBF-4EC1-93CE-384B8681A0BC} "Spybot-S&D Explorer Integration" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDECon32.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx / hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10t.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} "StumbleUpon" - "StumbleUpon Inc." - C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUpon.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\tmondelli.NB-001\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ISUSPM" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"IntelWireless" - "Intel Corporation" - "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
"IntelZeroConfig" - "Intel Corporation" - "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
"iSaverCtrl" - "infoMantis GmbH" - C:\Programme\iSaver\iSaverCtrl.exe --startup
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"MSC" - "Microsoft Corporation" - "C:\Programme\Microsoft Security Client\msseces.exe" -hide -runkey
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SDTray" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe"
"Spybot-S&D Cleaning" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Broadcom 802.11 Wireless LAN Adapter Logon Provider" - "Broadcom Corporation" - C:\WINDOWS\System32\BCMLogon.dll
"IntelNetProvCredMan" - "Intel Corporation" - c:\windows\system32\netprovcredman.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDFCreator" - "internet-support foehr.com" - C:\WINDOWS\system32\pdfcmnnt.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\WINDOWS\system32\bgsvcgen.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9cc19a2b7bc2e)" (gupdate1c9cc19a2b7bc2e) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"INTERMEDIATE enomic Intern Server" (crmsrv) - ? - "C:\Programme\Intermediate Intern Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf  (File not found)
"Intermediate ENOMIC Server" (enomicsrv) - ? - "C:\Programme\Intermediate Demo Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf  (File not found)
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LiveShare P2P Server 9" (RoxLiveShare9) - ? - "C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe"  (File not found)
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
"Spybot S&D 2 Live Protection Service" (SDHookService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe
"Spybot-S&D 2 Scanner Service" (SDScannerService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
"Spybot-S&D 2 Updating Service" (SDUpdateService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
"StumbleUpon Updater" (StumbleUponUpdater) - ? - C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe  (File found, but it contains no detailed information)
"SynoDrService" (SynoDrService) - ? - C:\Programme\Synology Data Replicator  3\SynoDrService.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-10 21:19:13
-----------------------------
21:19:13.734    OS Version: Windows 5.1.2600 Service Pack 3
21:19:13.734    Number of processors: 2 586 0xF06
21:19:13.734    ComputerName: NB-001  UserName: 
21:19:14.109    Initialize success
21:19:18.484    AVAST engine defs: 12021000
21:19:22.312    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:19:22.312    Disk 0 Vendor: ST912082 7.24 Size: 114473MB BusType: 3
21:19:22.468    Disk 0 MBR read successfully
21:19:22.468    Disk 0 MBR scan
21:19:22.500    Disk 0 Windows XP default MBR code
21:19:22.500    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        50011 MB offset 63
21:19:22.546    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        64459 MB offset 102422880
21:19:22.640    Disk 0 scanning sectors +234435600
21:19:22.859    Disk 0 scanning C:\WINDOWS\system32\drivers
21:19:57.281    Service scanning
21:19:57.609    Service MpKsla4b0dc35 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{126C6DA4-AF2A-4415-89FA-30A859E32C96}\MpKsla4b0dc35.sys **LOCKED** 32
21:19:57.656    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
21:19:58.187    Modules scanning
21:21:06.265    Disk 0 trace - called modules:
21:21:06.328    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spwf.sys >>UNKNOWN [0x8a636944]<<
21:21:06.328    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5889c0]
21:21:06.328    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000091[0x8a58aa28]
21:21:06.328    5 ACPI.sys[b9e69620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a589030]
21:21:06.703    AVAST engine scan C:\WINDOWS
21:21:38.187    AVAST engine scan C:\WINDOWS\system32
21:33:45.000    AVAST engine scan C:\WINDOWS\system32\drivers
21:34:46.140    AVAST engine scan C:\Dokumente und Einstellungen\tmondelli.NB-001
21:42:33.421    AVAST engine scan C:\Dokumente und Einstellungen\All Users
21:44:12.218    Scan finished successfully
21:51:55.406    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\MBR.dat"
21:51:55.421    The log file has been saved successfully to "C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\aswMBR.txt"
Bin gespannt auf deine Einschätzung

Gruß Thomas

Alt 12.02.2012, 13:13   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Check Malware entfernt, aber immer noch Probleme - Standard

System Check Malware entfernt, aber immer noch Probleme


Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.02.2012, 22:52   #30
struppyx
 
System Check Malware entfernt, aber immer noch Probleme - Standard

System Check Malware entfernt, aber immer noch Probleme


Hallo Arne,

hier die Logs der zwei Vollscans.

Malwarebytes lief ohne Beanstandung durch:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.13.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
tmondelli :: NB-001 [Administrator]

Schutz: Deaktiviert

13.02.2012 10:49:19
mbam-log-2012-02-13 (10-49-19).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 524890
Laufzeit: 4 Stunde(n), 17 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Antwort
Seite 2 von 3 1 2 3

Themen zu System Check Malware entfernt, aber immer noch Probleme
aufruf, check, dateien, dateien beschädigt, diverse, entfernen, falsche, festgestellt, firefox, internet, kaspersky, keine programme, link, malware, meldung, microsoft security, problem, probleme, programme, remover, security, sicherheitssoftware, spybot, system, tools, trojan, unregelmäßige, weiterleitung, windows, öffnet


« 50€ Trojaner eingefangen | Wie schon beschrieben, Windows blockert --> 50€ bezahlen etc... »


Ähnliche Themen: System Check Malware entfernt, aber immer noch Probleme


  1. Mystartsearch mit Malewarebytes entfernt aber immer noch da im internet explorer
    Plagegeister aller Art und deren Bekämpfung - 08.06.2015 (13)
  2. Widows 7: Trojaner Befall Mitte August mit Anti-Malware entfernt system aber immernoch langsam
    Log-Analyse und Auswertung - 09.09.2014 (5)
  3. Win7 - Tojaner gefunden und entfernt, aber immer noch Probleme mit Internet Explorer 11
    Log-Analyse und Auswertung - 11.02.2014 (5)
  4. Trojan p2p worm entfernt, aber immer noch Probleme
    Plagegeister aller Art und deren Bekämpfung - 13.12.2013 (3)
  5. Lyricxeeker entfernt, aber Laptop immer noch langsam
    Plagegeister aller Art und deren Bekämpfung - 10.11.2013 (15)
  6. DealPly und Co. entfernt aber immer noch seltsame Werbepopups im Chrome Browser
    Plagegeister aller Art und deren Bekämpfung - 22.09.2013 (15)
  7. Trojaner und Malware gefunden, wurden gelöscht, Pc-Probleme sind aber noch da
    Plagegeister aller Art und deren Bekämpfung - 06.09.2013 (18)
  8. Bundespolizeitrojaner entfernt aber irgendwie habe ich einige Funktionen immer noch nicht
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (1)
  9. System Check Virus vollständig entfernt?
    Log-Analyse und Auswertung - 30.03.2012 (4)
  10. System Check vollständig entfernt?
    Log-Analyse und Auswertung - 28.03.2012 (8)
  11. System Check Virus. Nach Trojaner Entfernung immer noch geblockt!
    Plagegeister aller Art und deren Bekämpfung - 23.03.2012 (17)
  12. System Check Malware eingefangen, entfert, Unsicherheit ob alles entfernt wurde
    Log-Analyse und Auswertung - 25.01.2012 (2)
  13. Win 7 Security 2012 zwar entfernt aber trotzdem noch Probleme!
    Log-Analyse und Auswertung - 24.06.2011 (9)
  14. Trojaner TR/kazy.mekml.1 nach Anweisung entfernt aber trotzdem noch Probleme!
    Log-Analyse und Auswertung - 28.04.2011 (2)
  15. b.exe entfernt, aber im HijackThis log-file immer noch ein Eintrag
    Plagegeister aller Art und deren Bekämpfung - 19.11.2009 (1)
  16. System zweimal neu aufgesetzt-noch immer Probleme
    Plagegeister aller Art und deren Bekämpfung - 28.11.2007 (1)
  17. isamntr.exe entfernt nun Bitte um check, ob da noch was Verdächtiges ist
    Log-Analyse und Auswertung - 16.04.2007 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema System Check Malware entfernt, aber immer noch Probleme - Hallo Arne, erst einmal vielen Dank für deine Bemühungen und das Bearbeiten der ganzen Logs. Ich finde es klasse, wir Ihr Euer Wissen und Eure Zeit für uns zur Verfügung - System Check Malware entfernt, aber immer noch Probleme...
Archiv
Du betrachtest: System Check Malware entfernt, aber immer noch Probleme auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129