Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virtumonde / Malware Trace

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.08.2010, 18:44   #1
Falko1987
 
Virtumonde / Malware Trace - Standard

Virtumonde / Malware Trace



Hallo Helfer Team!
Ich habe mir vermutlich Virtumonde eingefangen, vielleicht auch noch andere Viren. Ein Spybot Scan hatte dies zunächst ergeben (Virus in der Registry), nachdem der Pc abgeschmiert ist. Der Rechner lahmt gewaltig und teilweise verabschiedet er sich in einen Blue Screen (nur ganz kurz) danach macht er einen Neustart, um dann in die Eingabe zu wechseln und was vom Starten von der Bootdisk zu sagen.
Kaspersky sagt mir auch ständig das die Datenbank beschädigt sei, ich nehme das es da auch einen Zusammenhang gibt. Malwarebytes kann ich leider nicht auf die neuste Version aktualisieren. Ich werde aufgefordert eine Verbindung zum Internet herzustellen sowie die Firewalleinstellungen zu überprüfen, beides ist jedoch vorhanden und funktioniert! Deshalb musste ich erstmal eine ältere Version ( 6/09) nehmen. CC Cleaner habe ich durchgeführt. Malwarebytes ermittelte Malware Trace in der Registry,sagte allerdings nichts von Virtumonde. Ich befürchte durch reines löschen ist es aber wohl nicht getan. Ich hatte 2008 ein ähnliches Problem und habe hier qualitative Hilfe bekommen, ich hoffe ihr könnt mir auch diesmal helfen.

Malwarebytes
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.36
Datenbank Version: 1945
Windows 6.0.6001 Service Pack 1

18.08.2010 18:52:02
mbam-log-2010-08-18 (18-52-02).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 250994
Laufzeit: 2 hour(s), 59 minute(s), 51 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Rsit
Code:
ATTFilter
Logfile of random's system information tool 1.08 (written by random/random)
Run by ** at 2010-08-18 18:56:45
Microsoft® Windows Vista™ Home Premium  Service Pack 1
System drive C: has 69 GB (58%) free of 119 GB
Total RAM: 1917 MB (42% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\1-Klick-Wartung.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{403451BA-B7D8-40A8-A20B-0F3F4AACB35B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\NEUEPR~1\Spybot\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll [2010-05-06 68184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll [2010-05-06 268888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-29 4911104]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]
"NDSTray.exe"=NDSTray.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2008-01-17 431456]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2008-01-25 509816]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2008-01-22 712704]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"avgnt"=C:\Program Files\Antivir\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-14 185872]
"dcmsvc"=C:\Program Files\dcmsvc\dcmsvc.exe [2009-04-07 30440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"FreePDF Assistant"=C:\Program Files\FreePDF_XP\fpassist.exe [2009-09-05 385024]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe [2010-05-06 361120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2008-07-04 430080]
"AnyDVD"=C:\Neue Programme\Any dvd\AnyDVD\AnyDVDtray.exe [2010-07-14 4430784]
"SpybotSD TeaTimer"=C:\Neue Programme\Spybot\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Magic-i Visual Effects.lnk - C:\Neue Programme\Hama Webcam\Magic-i Visual Effects\Magic-i Visual Effects.exe

C:\Users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2010-05-06 219736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-18 18:56:46 ----D---- C:\Program Files\trend micro
2010-08-18 18:56:45 ----D---- C:\rsit
2010-08-18 12:58:14 ----ASH---- C:\hiberfil.sys
2010-08-12 21:57:08 ----D---- C:\Users\**\AppData\Roaming\Red Kawa
2010-08-12 21:53:51 ----D---- C:\Program Files\Regensoft
2010-08-12 21:52:35 ----D---- C:\Program Files\AviSynth 2.5
2010-08-12 21:51:39 ----D---- C:\Program Files\Red Kawa
2010-08-01 21:48:32 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 months======

2010-08-18 18:56:46 ----RD---- C:\Program Files
2010-08-18 18:56:37 ----D---- C:\Windows\Temp
2010-08-18 15:42:36 ----D---- C:\ProgramData\Kaspersky Lab
2010-08-18 13:30:42 ----D---- C:\Windows\system32\catroot2
2010-08-18 13:18:57 ----D---- C:\Windows\system32\drivers
2010-08-18 13:13:52 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-08-18 13:13:44 ----D---- C:\Windows\Minidump
2010-08-18 13:13:44 ----D---- C:\Windows\Debug
2010-08-18 13:13:44 ----AD---- C:\Windows
2010-08-18 13:05:04 ----SHD---- C:\System Volume Information
2010-08-17 22:58:37 ----D---- C:\Windows\Prefetch
2010-08-14 21:31:12 ----AD---- C:\Windows\System32
2010-08-14 21:31:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-14 21:31:09 ----D---- C:\Windows\inf
2010-08-07 15:23:15 ----D---- C:\Users\**\AppData\Roaming\ICQ
2010-08-04 18:45:26 ----D---- C:\Users\**\AppData\Roaming\skypePM
2010-08-03 15:13:58 ----D---- C:\Users\**\AppData\Roaming\Skype
2010-08-01 21:49:19 ----SHD---- C:\Windows\Installer
2010-08-01 21:49:07 ----RD---- C:\Program Files\Skype
2010-08-01 21:48:46 ----D---- C:\Windows\system32\Tasks
2010-08-01 21:48:32 ----D---- C:\Program Files\Common Files
2010-08-01 21:48:26 ----D---- C:\ProgramData\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680]
R0 klbg;Kaspersky Lab Boot Guard Driver; C:\Windows\system32\drivers\klbg.sys [2009-10-14 36880]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-02-23 43872]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-08-06 611064]
R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2008-01-21 285184]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]
R1 avgio;avgio; \??\C:\Program Files\Antivir\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-01-01 26024]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Neue Programme\Ultraiso\UltraISO\drivers\ISODrive.sys [2009-02-10 82320]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-09-01 128016]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2010-06-01 311312]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 enodpl;enodpl; C:\Windows\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 tandpl;tandpl; C:\Windows\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 ALSysIO;ALSysIO; \??\C:\Users\**\AppData\Local\Temp\ALSysIO.sys []
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2010-06-09 106432]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-02-26 4385792]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-30 2058528]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-04-06 38496]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-12-20 234016]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
S3 aj6g72s5;aj6g72s5; C:\Windows\system32\drivers\aj6g72s5.sys []
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-05-30 16640]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 lgmcbus;LGE Mobile driver (WDM); C:\Windows\system32\DRIVERS\lgmcbus.sys [2008-01-09 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter; C:\Windows\system32\DRIVERS\lgmcmdfl.sys [2008-01-09 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver; C:\Windows\system32\DRIVERS\lgmcmdm.sys [2008-01-09 110464]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\lgmcmgmt.sys [2008-01-09 104448]
S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS); C:\Windows\system32\DRIVERS\lgmcnd5.sys [2008-01-09 25344]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\lgmcobex.sys [2008-01-09 100480]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM); C:\Windows\system32\DRIVERS\lgmcunic.sys [2008-01-09 109952]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-20 60416]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Antivir\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Antivir\Avira\AntiVir Desktop\avguard.exe [2010-04-20 267432]
R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
R2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-02-25 733184]
R2 AVP;Kaspersky Security Suite CBE 10; C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe [2010-05-06 361120]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 NMSAccessU;NMSAccessU; C:\Neue Programme\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 SBSDWSCService;SBSD Security Center Service; C:\Neue Programme\Spybot\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-01-21 83312]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]
R2 TosCoSrv;TOSHIBA Power Saver; c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2008-01-17 431456]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-04 136176]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe []
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-22 138168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-11-01 361728]

-----------------EOF-----------------
         
Rsit2
Code:
ATTFilter
info.txt logfile of random's system information tool 1.08 2010-08-18 18:56:57

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->C:\Neue Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x7 
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Download Manager-->"C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81000000003}
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
Alice Software 4.10.0-->C:\Neue Programme\Alice\Alice Software\AliceUninstall.exe
AnyDVD-->"C:\Neue Programme\Any dvd\AnyDVD\AnyDVD-uninst.exe" /D="C:\Neue Programme\Any dvd\AnyDVD"
Aufstieg des Hexenkönigs™-->E:\Schlacht um Mittelerde 2- Aufstieg des Hexenkönigs\EAUninstall.exe
Auto Desktop Background Changer 1.0.5-->"C:\Neue Programme\Hintergrundwechsler\Auto Desktop Background Changer\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Antivir\Avira\AntiVir Desktop\setup.exe /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Baphomets Fluch Trilogie-->"C:\Program Files\Uninstall\Baphomets Fluch Trilogie\uninstall.exe" "/U:E:\Baphomets Fluch Triologie\Uninstall\uninstall.xml"
Broken Sword 2.5-->"E:\Broken Sword 2.5\unins000.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"C:\Neue Programme\CCcleaner\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0007 -removeonly
CDBurnerXP-->"C:\Neue Programme\CDBurnerXP\unins000.exe"
CloneDVD2-->"C:\Neue Programme\Clone Dvd\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Neue Programme\Clone Dvd\CloneDVD2"
dBpoweramp Music Converter-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Ogg Vorbis Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
dcmsvc 1.0-->"C:\Program Files\dcmsvc\unins000.exe"
Die Schlacht um Mittelerde(tm)-->E:\Herr der Ringe- Schlacht um Mittelerde\EAUninstall.exe
Die Schlacht um Mittelerde™ II-->E:\Herr der Ringe- Schlacht um Mittelerde II\EAUninstall.exe
DivX Codec-->C:\Neue Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Neue Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Neue Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Neue Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x7 
DVD Shrink 3.2-->"C:\Neue Programme\DVDShrink\DVD Shrink\unins000.exe"
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)-->C:\Program Files\MAGIX\Common\Database\uninstall.exe
Free Video to Mp3 Converter version 3.1-->"C:\Neue Programme\Freevideotomp3\Free Video to Mp3 Converter\unins000.exe"
FreePDF (Remove only)-->C:\Program Files\FreePDF_XP\fpsetup.exe /r
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0007 -removeonly
FUSSBALL MANAGER 09-->E:\Fussballmanager 09\eauninstall.exe
Gimp 2.6.2 Debug-->"C:\Neue Programme\Gimp\Gimp-2.0\setup\unins000.exe"
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GPL Ghostscript 8.70-->c:\neue programme\ghostscript\gs\uninstgs.exe "c:\neue programme\ghostscript\gs\gs8.70\uninstal.txt"
Hama Webcam Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}\Setup.exe" -l0x7 
HijackThis 2.0.2-->"C:\Neue Programme\Hijackthis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
IZArc 3.81-->"C:\Neue Programme\IZArc\unins000.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Security Suite CBE 10-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
Kaspersky Security Suite CBE 10-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
LG MC USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6059C682-4C5F-4106-8487-943E98225D3B}\setup.exe" -l0x7  -removeonly
LG PC Suite II-->C:\Program Files\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x0007 -removeonly
MAGIX Digital Foto Maker SE 4.1.0.835 (D)-->C:\Program Files\MAGIX\DigitalFotoMaker2007_SE\instslct.exe
MAGIX Foto Suite 1.12.0.89 (D)-->C:\Program Files\MAGIX\Foto_Suite\instslct.exe
MAGIX Online Druck Service 2.3.2.0 (D)-->C:\Program Files\MAGIX\Online_Druck_Service\instslct.exe
Malwarebytes' Anti-Malware-->"C:\Neue Programme\Malwarebytes\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme-->MsiExec.exe /X{90120000-00B2-0407-0000-0000000FF1CE}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (2.0.0.20)-->C:\Neue Programme\MozillaFirefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero 9 Essentials-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="XM02-508X-MHAT-19WU-9Z3Z-0CH0-3U6E-85W5-MMHH-6647-1Z5L-7M8C-0U45-758P-0000"
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Online Upgrade-->MsiExec.exe /X{dba84796-8503-4ff0-af57-1747dd9a166d}
Nero StartSmart OEM-->MsiExec.exe /X{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PcWatt-->C:\Programme\PcWatt\uninstall.exe
PDF Blender-->C:\Program Files\PDF Blender\uninstall.exe
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PSP Video 9 5.04-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7  -removeonly
REALTEK RTL8187B Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}\Install.exe -uninst -l0x7
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9  -removeonly
Realtek WiFi Protected Setup Library-->C:\Program Files\InstallShield Installation Information\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}\Install.exe -uninst -l0x7
RedMon - Redirection Port Monitor-->C:\Windows\system32\unredmon.exe
SecureW2 TTLS Client 3.3.3 for Windows-->C:\Program Files\SecureW2\SecureW2 TTLS Client\Uninstall.exe
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SopCast 3.0.3-->C:\Neue Programme\SopCast\uninst.exe
Spybot - Search & Destroy-->"C:\Neue Programme\Spybot\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TextMaker Viewer-->C:\Windows\unTMV.exe
TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA Benutzerhandbücher-->C:\Program Files\InstallShield Installation Information\{56995235-B76E-44A6-BA17-8FF13D3F907A}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA ConfigFree-->MsiExec.exe /X{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0007 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0407
TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2883F6F5-0509-43F3-868C-D50330DD9DD3}\setup.exe" -l0x7 
Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0007 -removeonly
TOSHIBA Recovery Disc Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}\setup.exe" -l0x7 
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0407
TRDCReminder-->C:\Program Files\InstallShield Installation Information\{773970F1-5EBA-4474-ADEE-1EA3B0A59492}\setup.exe -runfromtemp -l0x0407
TRORDCLauncher-->C:\Program Files\InstallShield Installation Information\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\setup.exe -runfromtemp -l0x0407
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
TVAnts 1.0-->C:\NEUEPR~1\TVAnts\UNWISE.EXE C:\NEUEPR~1\TVAnts\INSTALL.LOG
UltraISO Premium V9.35-->"C:\Neue Programme\Ultraiso\UltraISO\unins000.exe"
Uninstall 1.0.0.0-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Veetle TV 0.9.17-->C:\Program Files\Veetle\UninstallVeetleTV.exe
VideoLAN VLC media player 0.8.6f-->C:\Neue Programme\VLC Player\VLC\uninstall.exe
Vuze Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
WinAce Archiver-->"C:\Neue Programme\Winace\SXUNINST.EXE" "C:\Neue Programme\Winace\SXUNINST.INI"
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
YouTube Downloader App 2.03-->C:\Program Files\Regensoft\Downloader App\uninstaller.exe
Zarb 4.1-->C:\NEUEPR~1\Zarb\Setup.exe /remove /q0

======Hosts File======

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com

======Security center information======

AS: Spybot - Search and Destroy
AS: Windows Defender

======System event log======

Computer Name: **-Laptop
Event Code: 7
Message: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Record Number: 250179
Source Name: disk
Time Written: 20100818162858.666096-000
Event Type: Fehler
User: 

Computer Name: **-Laptop
Event Code: 7
Message: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Record Number: 250180
Source Name: disk
Time Written: 20100818162903.486496-000
Event Type: Fehler
User: 

Computer Name: **-Laptop
Event Code: 7
Message: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Record Number: 250181
Source Name: disk
Time Written: 20100818162908.338096-000
Event Type: Fehler
User: 

Computer Name: **-Laptop
Event Code: 7
Message: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Record Number: 250182
Source Name: disk
Time Written: 20100818163102.140096-000
Event Type: Fehler
User: 

Computer Name: **-Laptop
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 250183
Source Name: Service Control Manager
Time Written: 20100818164901.000000-000
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: **-Laptop
Event Code: 20
Message: 
Record Number: 48728
Source Name: Google Update
Time Written: 20100818145002.000000-000
Event Type: Fehler
User: NT-AUTORITÄT\SYSTEM

Computer Name: **-Laptop
Event Code: 4097
Message: Der AntiVir Dienst wurde beendet!
Record Number: 48729
Source Name: Avira AntiVir
Time Written: 20100818152708.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: **-Laptop
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!
Record Number: 48730
Source Name: Avira AntiVir
Time Written: 20100818152746.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: **-Laptop
Event Code: 20
Message: 
Record Number: 48731
Source Name: Google Update
Time Written: 20100818154917.000000-000
Event Type: Fehler
User: NT-AUTORITÄT\SYSTEM

Computer Name: **-Laptop
Event Code: 20
Message: 
Record Number: 48732
Source Name: Google Update
Time Written: 20100818164917.000000-000
Event Type: Fehler
User: NT-AUTORITÄT\SYSTEM

=====Security event log=====

Computer Name: **-Laptop
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\KLIFX86\klif.sys	
Record Number: 89978
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100818160945.217696-000
Event Type: Überwachung gescheitert
User: 

Computer Name: **-Laptop
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\KLIFX86\klmouflt.sys	
Record Number: 89979
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100818160945.467296-000
Event Type: Überwachung gescheitert
User: 

Computer Name: **-Laptop
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\KLIFX86\klmouflt.sys	
Record Number: 89980
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100818160945.607696-000
Event Type: Überwachung gescheitert
User: 

Computer Name: **-Laptop
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\KLIFX86\klmouflt.sys	
Record Number: 89981
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100818160945.763696-000
Event Type: Überwachung gescheitert
User: 

Computer Name: **-Laptop
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\KLIFX86\klmouflt.sys	
Record Number: 89982
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100818160945.904096-000
Event Type: Überwachung gescheitert
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\ArcSoft\Bin;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Neue Programme\Quicktime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6802
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------
         
Hijackthis
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:49, on 18.08.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Antivir\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\dcmsvc\dcmsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Neue Programme\Any dvd\AnyDVD\AnyDVDtray.exe
C:\Neue Programme\Spybot\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Neue Programme\Hama Webcam\Magic-i Visual Effects\Magic-i Visual Effects.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Neue Programme\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://*.manutd.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://*.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://*go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://*go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://*go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\NEUEPR~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Antivir\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Neue Programme\Any dvd\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Neue Programme\Spybot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Magic-i Visual Effects.lnk = C:\Neue Programme\Hama Webcam\Magic-i Visual Effects\Magic-i Visual Effects.exe
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - h**p://**rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - h**p://*w.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\NEUEPR~1\Spybot\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\NEUEPR~1\Spybot\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Neue Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Neue Programme\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - h**p://*download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**ps://*fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - h**p://*platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CE46121-EED2-4A71-B6D1-42E0605BD426}: NameServer = 213.191.92.87 62.109.123.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D7CC473-56C7-43EF-BE05-ACDF6BA7753F}: NameServer = 192.168.1.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Antivir\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Antivir\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Security Suite CBE 10 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Neue Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Windows\system32\IoctlSvc.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Neue Programme\Spybot\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12122 bytes
         

Alt 19.08.2010, 11:18   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virtumonde / Malware Trace - Standard

Virtumonde / Malware Trace



Hallo,

probier mal diesen random installer von Malwarebytes => http://malwarebytes.org/mbam-download-exe-random.php
__________________

__________________

Alt 19.08.2010, 12:33   #3
Falko1987
 
Virtumonde / Malware Trace - Standard

Virtumonde / Malware Trace



auch das neue update hat nichts gefunden (quick scan)
hier das log

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4447

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

19.08.2010 13:29:23
mbam-log-2010-08-19 (13-29-23).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 131358
Laufzeit: 12 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
der pc lahmt immer noch oder hängt sich teilweise auf, obwohl ich mittlerweile mit spybot den virtumonde beseitigt habe und mit Malwarebytes malware trace.
__________________

Alt 19.08.2010, 17:16   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virtumonde / Malware Trace - Standard

Virtumonde / Malware Trace



Mach bitte einen Vollscan mit dem aktuellen Malwarebytes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.08.2010, 19:38   #5
Falko1987
 
Virtumonde / Malware Trace - Standard

Virtumonde / Malware Trace



same here
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4449

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

19.08.2010 20:35:41
mbam-log-2010-08-19 (20-35-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 299354
Laufzeit: 2 Stunde(n), 9 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         


Alt 19.08.2010, 19:58   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virtumonde / Malware Trace - Standard

Virtumonde / Malware Trace



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
--> Virtumonde / Malware Trace

Alt 19.08.2010, 20:29   #7
Falko1987
 
Virtumonde / Malware Trace - Standard

Virtumonde / Malware Trace



otl 1
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.08.2010 21:01:03 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\**\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: *** | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,37 Gb Total Space | 67,54 Gb Free Space | 58,04% Space Free | Partition Type: NTFS
Drive D: | 57,41 Gb Total Space | 7,25 Gb Free Space | 12,63% Space Free | Partition Type: NTFS
Drive E: | 57,64 Gb Total Space | 17,06 Gb Free Space | 29,60% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ****
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Neue Programme\Any dvd\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtblfs.exe (Kaspersky Lab)
PRC - C:\Programme\Antivir\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Antivir\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Antivir\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Antivir\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Users\**\Desktop\programme\CoreTemp32\Core Temp.exe ()
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\dcmsvc\dcmsvc.exe ()
PRC - C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe ()
PRC - C:\Programme\AskBarDis\bar\bin\AskService.exe ()
PRC - C:\Neue Programme\Spybot\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Neue Programme\Spybot\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Neue Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Neue Programme\Hama Webcam\Magic-i Visual Effects\Magic-i Visual Effects.exe (ArcSoft, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\**\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\System32\IoctlSvc.exe File not found
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
SRV - (AntiVirService) -- C:\Program Files\Antivir\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Antivir\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (ASKUpgrade) -- C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (ASKService) -- C:\Programme\AskBarDis\bar\bin\AskService.exe ()
SRV - (SBSDWSCService) -- C:\Neue Programme\Spybot\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (NMSAccessU) -- C:\Neue Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (ALSysIO) -- C:\Users\**\AppData\Local\Temp\ALSysIO.sys File not found
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (avgio) -- C:\Programme\Antivir\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ISODrive) -- C:\Neue Programme\Ultraiso\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (lgmcmdm) -- C:\Windows\System32\drivers\lgmcmdm.sys (MCCI Corporation)
DRV - (lgmcunic) LGE Mobile USB WMC Ethernet ELDA (WDM) -- C:\Windows\System32\drivers\lgmcunic.sys (MCCI Corporation)
DRV - (lgmcmgmt) LGE Mobile USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\lgmcmgmt.sys (MCCI Corporation)
DRV - (lgmcobex) -- C:\Windows\System32\drivers\lgmcobex.sys (MCCI Corporation)
DRV - (lgmcnd5) LGE Mobile USB WMC Ethernet ELDA (NDIS) -- C:\Windows\System32\drivers\lgmcnd5.sys (MCCI Corporation)
DRV - (lgmcmdfl) -- C:\Windows\System32\drivers\lgmcmdfl.sys (MCCI Corporation)
DRV - (lgmcbus) LGE Mobile driver (WDM) -- C:\Windows\System32\drivers\lgmcbus.sys (MCCI Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys ()
DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://*.manutd.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..keyword.URL: "h*p://**h.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Neue Programme\MozillaFirefox\components [2009.01.13 22:46:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Neue Programme\MozillaFirefox\plugins [2010.02.01 21:47:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.06.01 17:09:30 | 000,000,000 | ---D | M]
 
[2010.08.12 22:13:43 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\6491e898.default\extensions
[2010.04.01 22:52:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\6491e898.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.11.26 19:29:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\6491e898.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.12.07 12:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\6491e898.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009.04.12 19:42:20 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\6491e898.default\extensions\moveplayer@movenetworks.com
[2010.08.12 22:13:44 | 000,000,944 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\FireFox\Profiles\6491e898.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2010.05.19 14:27:49 | 000,395,385 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 13655 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Neue Programme\Spybot\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Antivir\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [dcmsvc] C:\Programme\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [AnyDVD] C:\Neue Programme\Any dvd\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Neue Programme\Spybot\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Falko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Neue Programme\Spybot\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Neue Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Neue Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} h+p://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} h*p://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h*p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} h*p://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} h*p://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} h*p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h*p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} *ps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h*p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\**\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\**\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.19 20:59:55 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\**\Desktop\OTL.exe
[2010.08.19 13:06:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.19 13:06:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.19 13:06:37 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.18 18:56:46 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.08.18 18:56:45 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.12 21:57:13 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Geckofx
[2010.08.12 21:57:08 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Red Kawa
[2010.08.12 21:57:08 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Red Kawa
[2010.08.12 21:53:52 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Regensoft
[2010.08.12 21:53:51 | 000,000,000 | ---D | C] -- C:\Programme\Regensoft
[2010.08.12 21:52:35 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5
[2010.08.12 21:51:39 | 000,000,000 | ---D | C] -- C:\Programme\Red Kawa
[2010.08.12 00:03:53 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Hausarbeit
[2010.08.11 15:01:45 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Chinesische Lernstile
[2010.08.01 21:48:32 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.19 21:01:57 | 007,602,176 | -HS- | M] () -- C:\Users\*\NTUSER.DAT
[2010.08.19 21:00:00 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.08.19 20:59:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2010.08.19 20:49:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.19 20:37:01 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{403451BA-B7D8-40A8-A20B-0F3F4AACB35B}.job
[2010.08.19 20:19:30 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.19 20:19:30 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.19 18:19:35 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.19 18:19:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.19 18:19:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.19 18:19:12 | 2010,779,648 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.19 18:10:49 | 000,096,768 | ---- | M] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.19 15:40:49 | 000,524,288 | -HS- | M] () -- C:\Users\*\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.08.19 15:40:49 | 000,065,536 | -HS- | M] () -- C:\Users\*\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.19 15:38:57 | 002,538,313 | -H-- | M] () -- C:\Users\*\AppData\Local\IconCache.db
[2010.08.18 19:49:59 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.18 19:49:59 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.18 19:49:59 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.18 19:49:59 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.18 19:49:59 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.18 19:07:42 | 000,011,111 | ---- | M] () -- C:\Users\*\Desktop\Hallo Helfer Team.docx
[2010.08.18 16:55:11 | 000,013,098 | ---- | M] () -- C:\Users\*\Desktop\KÖRPERLICHE GENETISCHE BEDINGUNG   Klasse der Lernstile.docx
[2010.08.18 16:08:42 | 000,002,631 | ---- | M] () -- C:\Users\*\Desktop\Microsoft Office Word 2007.lnk
[2010.08.12 19:58:46 | 000,397,520 | ---- | M] () -- C:\Temp
[2010.08.01 21:48:33 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.07.29 22:54:42 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.07.29 22:54:42 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.18 16:23:29 | 000,011,111 | ---- | C] () -- C:\Users\*\Desktop\Hallo Helfer Team.docx
[2010.08.18 12:58:14 | 2010,779,648 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.16 18:09:11 | 000,013,098 | ---- | C] () -- C:\Users\*\Desktop\KÖRPERLICHE GENETISCHE BEDINGUNG   Klasse der Lernstile.docx
[2010.08.12 19:58:41 | 000,397,520 | ---- | C] () -- C:\Temp
[2010.08.01 21:48:33 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.05.19 14:56:11 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.12.03 10:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.06.23 19:18:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.11.26 22:37:06 | 000,000,680 | ---- | C] () -- C:\Users\*\AppData\Local\d3d9caps.dat
[2008.11.23 00:28:41 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2008.11.23 00:28:36 | 000,000,016 | -H-- | C] () -- C:\Users\*\AppData\Roaming\mxfilerelatedcache.mxc2
[2008.11.23 00:28:36 | 000,000,016 | -H-- | C] () -- C:\Users\*\AppData\Local\mxfilerelatedcache.mxc2
[2008.11.07 15:14:22 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008.11.07 15:14:22 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.11.07 15:07:24 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2008.11.07 15:07:24 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2008.08.06 11:31:05 | 000,611,064 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.08.06 11:31:05 | 000,142,904 | ---- | C] () -- C:\Windows\System32\drivers\sptddrv1.sys
[2008.07.29 19:44:56 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.07.23 18:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008.07.23 18:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.05.31 19:02:10 | 000,096,768 | ---- | C] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.30 21:07:58 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.05.18 14:59:50 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008.05.18 14:57:36 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008.05.18 14:57:36 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008.05.18 14:57:36 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.05.18 14:57:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008.02.22 12:33:54 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.02.22 12:31:50 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.02.22 12:17:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.02.22 12:17:28 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.02.22 12:17:28 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.02.22 12:17:28 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.02.22 12:17:28 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.02.22 12:17:28 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.02.22 11:27:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.22 11:26:11 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.01.09 16:01:48 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:1E4817C980EA7EC3
< End of report >
         
--- --- ---

[/code]

otl 2

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.08.2010 21:01:03 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\*\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: * | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,37 Gb Total Space | 67,54 Gb Free Space | 58,04% Space Free | Partition Type: NTFS
Drive D: | 57,41 Gb Total Space | 7,25 Gb Free Space | 12,63% Space Free | Partition Type: NTFS
Drive E: | 57,64 Gb Total Space | 17,06 Gb Free Space | 29,60% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: **
Current User Name: **
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22F3C66F-D813-4EDC-85C7-7D56FC5D00CD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{46FA6DAD-0A6B-4E61-96C6-9A3CF8FBEB74}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6D7911E7-1D3C-4331-9852-0072F79879B5}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9C46AF5E-4D02-46F6-90D0-4C99F7CCF452}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{A61A0A64-6FE4-4B6E-8A82-1662592906D5}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{BDB9C7A2-EABA-4D25-965D-A26F3639FC32}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C69AFE46-FC1C-4F2F-8259-DC3B8EE67BC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F259E3B0-680D-4713-8E2E-FDF324B33E32}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1242EA66-3F09-4E93-962A-7C73EA71E3AD}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{1EE74ECE-96BA-4439-A8EA-D103D2838882}" = protocol=17 | dir=in | app=e:\schlacht um mittelerde 2- aufstieg des hexenkönigs\game.dat | 
"{24574F86-B049-4AD5-ABF5-906EE9E4C13B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{27AAADB6-306B-4F4E-B271-CBE70219E07E}" = protocol=6 | dir=in | app=e:\herr der ringe- schlacht um mittelerde ii\game.dat | 
"{32102224-2C18-4F0A-AB59-AF75E3543ECF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6A7868C1-B375-4EB2-906D-C96C403E1723}" = protocol=6 | dir=in | app=e:\schlacht um mittelerde 2- aufstieg des hexenkönigs\game.dat | 
"{6D8CCBD2-3322-4138-ADFB-7EA993A1569D}" = protocol=17 | dir=in | app=c:\neue programme\malwarebytes\malwarebytes' anti-malware\mbam.exe | 
"{7709B646-0842-4C15-9C3F-E47CE6DA43A2}" = protocol=6 | dir=in | app=e:\herr der ringe- schlacht um mittelerde\game.dat | 
"{7A68F619-629A-4658-B7BD-8790A7C92D60}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8579D8F2-EAFB-4EA3-865D-780A3D5CA511}" = protocol=17 | dir=in | app=e:\herr der ringe- schlacht um mittelerde ii\game.dat | 
"{9CF80AFB-6D49-444A-B24E-EBF4B31EC5B2}" = protocol=6 | dir=in | app=c:\neue programme\malwarebytes\malwarebytes' anti-malware\mbam.exe | 
"{A7B8A608-6491-48E0-9D9B-4EA07FEEF05F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C9A2D005-9FB2-4CC9-9599-8EAA9944D23B}" = protocol=17 | dir=in | app=e:\herr der ringe- schlacht um mittelerde\game.dat | 
"{E36BCA06-5C6D-457D-9ED0-EADC9F8C9C21}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{0BAE54A9-3605-4C40-98AF-806146A8F707}C:\neue programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\neue programme\icq6.5\icq.exe | 
"TCP Query User{0CE1FAC0-9D69-46A1-B258-B5D1B626168F}C:\neue programme\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\neue programme\sopcast\adv\sopadver.exe | 
"TCP Query User{240A7BEA-4863-4E9A-8EB7-5B72A169C608}C:\neue programme\azureus\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\neue programme\azureus\azureus\azureus.exe | 
"TCP Query User{27B58CAF-FF3A-47D9-B672-302CE7E0E681}C:\program files\java\jre1.6.0_03\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_03\launch4j-tmp\jdownloader.exe | 
"TCP Query User{2C8B7152-EB87-4F26-9220-F39962BF74B0}C:\neue programme\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\neue programme\sopcast\adv\sopadver.exe | 
"TCP Query User{3852287A-EABB-4A86-A2C1-CD4B2306DFB1}C:\program files\java\jre1.6.0_03\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\javaw.exe | 
"TCP Query User{471FE0DC-337D-42BE-B5B3-CD0C1944F6B4}C:\neue programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\neue programme\sopcast\sopcast.exe | 
"TCP Query User{4A7F1408-2F0A-4C76-92E1-BDDDCCE9F12C}E:\xiii\system\xiii.exe" = protocol=6 | dir=in | app=e:\xiii\system\xiii.exe | 
"TCP Query User{6513622D-E7C9-4C61-B240-F97D2FBA211D}C:\neue programme\icq6\icq.exe" = protocol=6 | dir=in | app=c:\neue programme\icq6\icq.exe | 
"TCP Query User{701F96D8-45D2-4802-8A7E-599D6CE576C1}C:\program files\java\jre1.6.0_03\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\java.exe | 
"TCP Query User{76F5C97E-A207-4A97-8C1F-D76F7F723A8F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{77A30270-D8E6-4A2D-A4F3-34C1C4D9C3E9}C:\neue programme\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\neue programme\realplayer\realplay.exe | 
"TCP Query User{8F019E1F-4083-45F4-B5B7-4466EDC1CBAC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{919EEA4F-8B23-4B87-89D0-5AAB56374EB4}C:\neue programme\mozillafirefox\firefox.exe" = protocol=6 | dir=in | app=c:\neue programme\mozillafirefox\firefox.exe | 
"TCP Query User{98E2131E-E258-4982-94A2-59326D412384}C:\neue programme\azureus\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\neue programme\azureus\azureus\azureus.exe | 
"TCP Query User{AF4C2F4D-659F-49E8-9068-66F5F5CF2B72}C:\neue programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\neue programme\sopcast\sopcast.exe | 
"TCP Query User{AF898DED-1882-461C-9CA2-7B0F4DEB15D2}C:\neue programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\neue programme\icq6.5\icq.exe | 
"TCP Query User{B59DDEFB-76C4-47EA-81D2-6B461545196F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{BF312A50-60FC-4BE6-A0B5-D74CA45A50AF}C:\program files\java\jre1.6.0_03\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\javaw.exe | 
"TCP Query User{CA887445-CFC6-4570-B56C-5E9B54A5DDA3}C:\neue programme\mozillafirefox\firefox.exe" = protocol=6 | dir=in | app=c:\neue programme\mozillafirefox\firefox.exe | 
"TCP Query User{E70A2062-FB95-4A0C-8C5E-AA45DEDCD92B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{ED8CF45A-B69B-4D2B-8314-39F06D625B27}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{F0980A8C-8D20-46F6-8065-C6DD6D184AB2}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{FAE487F5-98CB-428B-9106-4432E139FFCA}C:\neue programme\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\neue programme\realplayer\realplay.exe | 
"TCP Query User{FCFBF4E8-960C-48BF-992C-A0132A939E0B}C:\program files\java\jre1.6.0_03\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_03\launch4j-tmp\jdownloader.exe | 
"UDP Query User{0A91033C-EE5F-424F-92B7-C1E44B4AF767}C:\neue programme\mozillafirefox\firefox.exe" = protocol=17 | dir=in | app=c:\neue programme\mozillafirefox\firefox.exe | 
"UDP Query User{124CFC21-6C73-40D8-9DA4-FC9A4EDDCFE8}C:\neue programme\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\neue programme\realplayer\realplay.exe | 
"UDP Query User{153D9B8D-F3B7-47A1-A0B2-7591942CE5DA}E:\xiii\system\xiii.exe" = protocol=17 | dir=in | app=e:\xiii\system\xiii.exe | 
"UDP Query User{1817384A-C60A-45FB-A20C-7CDD5D69B795}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{27D35284-9913-4C4B-9B78-86355871198F}C:\program files\java\jre1.6.0_03\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_03\launch4j-tmp\jdownloader.exe | 
"UDP Query User{28387A10-5081-47F9-A4DF-ABB41CEC7BAC}C:\neue programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\neue programme\sopcast\sopcast.exe | 
"UDP Query User{2C0063E9-4848-4D90-86A1-056A2DDD9EEC}C:\neue programme\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\neue programme\sopcast\adv\sopadver.exe | 
"UDP Query User{361F851A-031A-4C4D-89F8-5041F95B861A}C:\neue programme\azureus\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\neue programme\azureus\azureus\azureus.exe | 
"UDP Query User{42CD96B4-38BE-4354-B349-129A127F2D50}C:\program files\java\jre1.6.0_03\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\java.exe | 
"UDP Query User{5BD4AA13-3F13-40FA-838B-9477508469B1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{5EDAF5F3-4BEA-467A-9DA5-C0A90F9EFF04}C:\program files\java\jre1.6.0_03\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_03\launch4j-tmp\jdownloader.exe | 
"UDP Query User{857117B9-2268-4A0C-BCC3-99ADB03CB5F9}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{91E16D8B-6FF8-41C8-BC01-D814198F5BD9}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{9D41248E-16E2-4877-B0BD-AFB08445EDD2}C:\program files\java\jre1.6.0_03\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\javaw.exe | 
"UDP Query User{9DBC5868-7291-4E6F-80CC-9A3BF2CF4F93}C:\neue programme\icq6\icq.exe" = protocol=17 | dir=in | app=c:\neue programme\icq6\icq.exe | 
"UDP Query User{AE77C1B6-2A02-483D-8B99-137BA0D376CC}C:\neue programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\neue programme\sopcast\sopcast.exe | 
"UDP Query User{B12471FA-ED7E-4401-9C9E-7CD89B390249}C:\program files\java\jre1.6.0_03\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\javaw.exe | 
"UDP Query User{B6DF9040-0B2E-4A62-87BE-A00516487C4B}C:\neue programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\neue programme\icq6.5\icq.exe | 
"UDP Query User{C6F6C037-DBF7-4EDF-94FE-68E0C337FDA5}C:\neue programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\neue programme\icq6.5\icq.exe | 
"UDP Query User{CEBD78CF-21A9-45C6-BFA3-A28080AF56EE}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{CFFC43B0-6666-4F1C-8E26-DBAEBED52B09}C:\neue programme\mozillafirefox\firefox.exe" = protocol=17 | dir=in | app=c:\neue programme\mozillafirefox\firefox.exe | 
"UDP Query User{D8636E41-F8B3-47E1-A0A6-E4D8CA18E6C5}C:\neue programme\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\neue programme\sopcast\adv\sopadver.exe | 
"UDP Query User{F26FF14F-5029-4631-A251-34140D30E18C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{F619B585-0CC8-48DE-9D23-16CBA8E33EDC}C:\neue programme\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\neue programme\realplayer\realplay.exe | 
"UDP Query User{FB7AE5F8-B91D-4357-9E6A-B5119A90067D}C:\neue programme\azureus\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\neue programme\azureus\azureus\azureus.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082C8591-A04B-C51B-99C1-729A9765C559}" = CCC Help English
"{0C49AFCF-4EEC-F150-3748-56906B26116D}" = Catalyst Control Center Graphics Full Existing
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18778440-FBC2-7845-5D75-2E3FB2901CA3}" = Catalyst Control Center Core Implementation
"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2160868F-58F6-7B2D-03A3-89A3582AEA1C}" = Skins
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{235513D8-5555-4987-BF5B-66B518754129}" = LG PC Suite II
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3F11A4D1-FAEC-E1FD-5D35-25C94EC33D46}" = ccc-core-static
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{45d46ae1-eab1-4688-9fe5-cc372cc41023}" = Nero 9 Essentials
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{508D251A-9378-C840-90A0-563C649BC749}" = Catalyst Control Center Graphics Previews Vista
"{560BEED8-69A3-0471-FFAE-9BA8AC58B61A}" = ccc-utility
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{580D6A69-F3F7-CB21-A5F5-3451A38CA1C2}" = Catalyst Control Center InstallProxy
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{62E965A8-25BB-2C3C-D9D5-D73CF4CC55AB}" = Catalyst Control Center HydraVision Full
"{68D1CBD5-899D-037D-FC17-191811C44EA5}" = ATI Catalyst Install Manager
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7528F5C4-1707-A9D6-4564-F2D5C64FA3A6}" = Catalyst Control Center Graphics Light
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{97959329-F1E9-2D17-E910-253C05B00C6E}" = Catalyst Control Center Graphics Full New
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A402B569-BA69-8849-1DFC-6D4CE9F4EDA5}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Alice Software" = Alice Software 4.10.0
"AnyDVD" = AnyDVD
"Ask Toolbar_is1" = Vuze Toolbar
"Auto Desktop Background Changer_is1" = Auto Desktop Background Changer 1.0.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Baphomets Fluch Trilogie" = Baphomets Fluch Trilogie
"Broken Sword 2.5_is1" = Broken Sword 2.5
"CCleaner" = CCleaner (remove only)
"CloneDVD2" = CloneDVD2
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dcmsvc_is1" = dcmsvc 1.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"FreePDF_XP" = FreePDF (Remove only)
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"PcWatt" = PcWatt
"PDF Blender" = PDF Blender
"Picasa2" = Picasa 2
"PSP Video 9" = PSP Video 9 5.04
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.3.3 for Windows
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TextMaker Viewer" = TextMaker Viewer
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TVAnts 1.0" = TVAnts 1.0
"UltraISO_is1" = UltraISO Premium V9.35
"Uninstall_is1" = Uninstall 1.0.0.0
"UnityWebPlayer" = Unity Web Player
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WinAce Archiver" = WinAce Archiver
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"YouTube Downloader App" = YouTube Downloader App 2.03
"Zarb" = Zarb 4.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.10.2009 12:04:18 | Computer Name = * | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.10.2009 14:36:53 | Computer Name = * | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.10.2009 14:51:13 | Computer Name = * | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.10.2009 15:06:09 | Computer Name = * | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.10.2009 15:20:51 | Computer Name = *| Source = WinMgmt | ID = 10
Description = 
 
Error - 17.10.2009 20:13:28 | Computer Name = *| Source = VSS | ID = 8194
Description = 
 
Error - 17.10.2009 20:14:37 | Computer Name = *| Source = System Restore | ID = 8193
Description = 
 
Error - 17.10.2009 22:24:05 | Computer Name = * | Source = EventSystem | ID = 4621
Description = 
 
Error - 17.10.2009 23:04:51 | Computer Name = * | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.10.2009 12:50:31 | Computer Name = * | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 29.04.2010 13:31:15 | Computer Name = * | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 2961 seconds with 2400 seconds of active time.  This session ended with a
 crash.
 
Error - 29.04.2010 13:32:52 | Computer Name = * | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 56 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 19.08.2010 15:07:41 | Computer Name = * | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 19.08.2010 15:07:46 | Computer Name = * | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 19.08.2010 15:07:51 | Computer Name = * | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 19.08.2010 15:07:56 | Computer Name = * | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 19.08.2010 15:08:31 | Computer Name = * | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 19.08.2010 15:08:36 | Computer Name = * | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 19.08.2010 15:08:41 | Computer Name = * | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 19.08.2010 15:08:46 | Computer Name = * | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 19.08.2010 15:08:50 | Computer Name = * | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 19.08.2010 15:08:55 | Computer Name = * | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
 
< End of report >
         
--- --- ---

[/code]

Alt 19.08.2010, 21:31   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virtumonde / Malware Trace - Standard

Virtumonde / Malware Trace



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
PRC - C:\Programme\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [dcmsvc] C:\Programme\dcmsvc\dcmsvc.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
@Alternate Data Stream - 24 bytes -> C:\Windows:1E4817C980EA7EC3
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.08.2010, 22:51   #9
Falko1987
 
Virtumonde / Malware Trace - Standard

Virtumonde / Malware Trace



hier das log
Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named dcmsvc.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dcmsvc deleted successfully.
C:\Programme\dcmsvc\dcmsvc.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync deleted successfully.
ADS C:\Windows:1E4817C980EA7EC3 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41044 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 8498 bytes
->Temporary Internet Files folder emptied: 30301019 bytes
->Java cache emptied: 90580008 bytes
->FireFox cache emptied: 3619389 bytes
->Flash cache emptied: 44277 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 48 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55230944 bytes
RecycleBin emptied: 131658 bytes
 
Total Files Cleaned = 172,00 mb
 
 
OTL by OldTimer - Version 3.2.10.0 log created on 08192010_234155

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 20.08.2010, 07:42   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virtumonde / Malware Trace - Standard

Virtumonde / Malware Trace



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.08.2010, 13:00   #11
Falko1987
 
Virtumonde / Malware Trace - Standard

Virtumonde / Malware Trace



log


Combofix Logfile:
Code:
ATTFilter
ComboFix 10-08-18.05 - *** 20.08.2010  12:48:49.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.1917.1103 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\***\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Public\invokesi.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-20 bis 2010-08-20  ))))))))))))))))))))))))))))))
.

2010-08-20 11:06 . 2010-08-20 11:10	--------	d-----w-	c:\users\***\AppData\Local\temp
2010-08-20 11:06 . 2010-08-20 11:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-19 21:41 . 2010-08-19 21:41	--------	d-----w-	C:\_OTL
2010-08-19 11:06 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-19 11:06 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-19 11:06 . 2010-08-19 11:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-18 16:56 . 2010-08-18 16:56	--------	d-----w-	c:\program files\trend micro
2010-08-18 16:56 . 2010-08-18 16:56	--------	d-----w-	C:\rsit
2010-08-12 19:57 . 2010-08-12 19:57	--------	d-----w-	c:\users\**\AppData\Local\Geckofx
2010-08-12 19:57 . 2010-08-12 19:57	--------	d-----w-	c:\users\**\AppData\Roaming\Red Kawa
2010-08-12 19:53 . 2010-08-12 19:53	--------	d-----w-	c:\program files\Regensoft
2010-08-12 19:52 . 2010-08-12 19:52	--------	d-----w-	c:\program files\AviSynth 2.5
2010-08-12 19:51 . 2010-08-12 19:51	--------	d-----w-	c:\program files\Red Kawa
2010-08-01 19:48 . 2010-08-01 19:48	--------	d-----w-	c:\program files\Common Files\Skype

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 10:29 . 2008-05-30 20:33	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-08-19 21:48 . 2009-11-19 22:55	--------	d-----w-	c:\programdata\Kaspersky Lab
2010-08-19 21:41 . 2009-11-22 21:15	--------	d-----w-	c:\program files\dcmsvc
2010-08-18 17:49 . 2008-01-21 07:15	618442	----a-w-	c:\windows\system32\perfh007.dat
2010-08-18 17:49 . 2008-01-21 07:15	122842	----a-w-	c:\windows\system32\perfc007.dat
2010-08-07 13:23 . 2008-05-30 19:23	--------	d-----w-	c:\users\**\AppData\Roaming\ICQ
2010-08-04 16:45 . 2009-06-23 17:18	--------	d-----w-	c:\users\**\AppData\Roaming\skypePM
2010-08-03 13:13 . 2009-06-23 17:14	--------	d-----w-	c:\users\**\AppData\Roaming\Skype
2010-08-01 19:49 . 2009-06-23 17:14	--------	d-----r-	c:\program files\Skype
2010-08-01 19:48 . 2009-06-23 17:14	--------	d-----w-	c:\programdata\Skype
2010-07-29 20:54 . 2010-06-01 15:11	97549	----a-w-	c:\windows\system32\drivers\klick.dat
2010-07-29 20:54 . 2010-06-01 15:11	113933	----a-w-	c:\windows\system32\drivers\klin.dat
2010-07-14 20:19 . 2008-11-06 16:31	--------	d-----w-	c:\users\**\AppData\Roaming\gtk-2.0
2010-07-04 09:31 . 2010-07-04 09:31	--------	d-----w-	c:\program files\MSECache
2010-06-16 17:40 . 2008-05-18 12:54	74336	----a-w-	c:\users\**\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-16 10:18 . 2010-06-16 10:18	1079048	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-09 20:41 . 2010-06-09 20:41	106432	----a-w-	c:\windows\system32\drivers\AnyDVD.sys
2010-06-01 15:33 . 2010-06-01 15:33	932368	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-06-01 15:33 . 2010-06-01 15:33	678416	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-06-01 15:33 . 2010-06-01 15:33	604688	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-06-01 15:33 . 2010-06-01 15:33	1096208	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-06-01 15:33 . 2010-06-01 15:33	522768	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-05-30 08:31 . 2010-03-09 19:21	443912	----a-w-	c:\users\**\AppData\Roaming\Real\Update\setup3.10\setup.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 11:47	333192	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2008-07-04 430080]
"AnyDVD"="c:\neue programme\Any dvd\AnyDVD\AnyDVDtray.exe" [2010-07-14 4430784]
"SpybotSD TeaTimer"="c:\neue programme\Spybot\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NDSTray.exe"="NDSTray.exe" [BU]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"avgnt"="c:\program files\Antivir\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-14 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe" [2010-05-06 361120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Magic-i Visual Effects.lnk - c:\neue programme\Hama Webcam\Magic-i Visual Effects\Magic-i Visual Effects.exe [2009-8-28 330240]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\neue programme\ICQ6.5\ICQ.exe" silent
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\neue programme\Quicktime\QTTask.exe" -atboottime
"DAEMON Tools"="c:\neue programme\DAEMON Tools\daemon.exe" -lang 1033
" Malwarebytes Anti-Malware  (reboot)"="c:\neue programme\Malwarebytes\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 136176]
R3 ALSysIO;ALSysIO;c:\users\**\AppData\Local\Temp\ALSysIO.sys [x]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-05-30 16640]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmcbus.sys [2008-01-09 83584]
R3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmcmdfl.sys [2008-01-09 14976]
R3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmcmdm.sys [2008-01-09 110464]
R3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmcmgmt.sys [2008-01-09 104448]
R3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\DRIVERS\lgmcnd5.sys [2008-01-09 25344]
R3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmcobex.sys [2008-01-09 100480]
R3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\DRIVERS\lgmcunic.sys [2008-01-09 109952]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-08-06 611064]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Antivir\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 SBSDWSCService;SBSD Security Center Service;c:\neue programme\Spybot\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-08-20 c:\windows\Tasks\1-Klick-Wartung.job
- c:\neue programme\TuneUpUtilities\OneClickStarter.exe [2008-08-21 17:47]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 10:38]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 10:38]

2010-08-19 c:\windows\Tasks\User_Feed_Synchronization-{403451BA-B7D8-40A8-A20B-0F3F4AACB35B}.job
- c:\windows\system32\msfeedssync.exe [2010-06-02 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = h**p://**w.manutd.c*m/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - h**p://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - h**p://*w.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
TCP: {4D7CC473-56C7-43EF-BE05-ACDF6BA7753F} = 192.168.1.1
FF - ProfilePath - c:\users\**\AppData\Roaming\Mozilla\Firefox\Profiles\6491e898.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\neue programme\MozillaFirefox\components\xpinstal.dll
FF - component: c:\neue programme\MozillaFirefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\neue programme\MozillaFirefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
 c:\neue programme\MozillaFirefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\neue programme\MozillaFirefox\greprefs\all.js - pref("network.cookie.p3plevel",             1); // 0=low, 1=medium, 2=high, 3=custom
c:\neue programme\MozillaFirefox\greprefs\all.js - pref("network.enablePad",                   false); // Allow client to do proxy autodiscovery
c:\neue programme\MozillaFirefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\neue programme\MozillaFirefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom",  "chrome://branding/content/searchconfig.properties");
c:\neue programme\MozillaFirefox\defaults\pref\firefox.js - pref("signon.prefillForms",                 true);
c:\neue programme\MozillaFirefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\neue programme\MozillaFirefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\neue programme\MozillaFirefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "hxxp://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\neue programme\MozillaFirefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "hxxp://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\neue programme\MozillaFirefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "hxxp://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-20 13:08
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2903945304-151071018-3808793006-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:26,43,aa,7b,97,e3,1b,73,9b,46,ec,cf,a3,f5,5d,55,29,a9,60,fa,0c,7c,31,
   af,5c,48,c5,4d,0a,6a,ff,4e,29,6e,f1,86,76,64,7b,b8,32,3b,e8,2d,23,0a,ed,49,\
"??"=hex:45,32,2f,17,37,04,06,f3,c3,3a,0f,13,ed,5c,06,59

[HKEY_USERS\S-1-5-21-2903945304-151071018-3808793006-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:4a,12,fd,57,19,83,7d,1f,54,e7,2a,42,45,d5,65,e4,2a,a3,6d,54,c7,
   9d,5f,92,84,05,85,3b,af,62,12,64,ff,03,06,de,76,a3,6b,49,f9,e2,75,d4,bc,8d,\
"rkeysecu"=hex:10,7c,44,37,2a,d9,61,7b,c9,fd,39,69,e1,55,93,7b

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-08-20  13:33:46
ComboFix-quarantined-files.txt  2010-08-20 11:33

Vor Suchlauf: 14 Verzeichnis(se), 71.597.432.832 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 71.549.882.368 Bytes frei

- - End Of File - - BC60DAF133D5DBB8C4CB969F179E272E
         
--- --- ---

Alt 20.08.2010, 13:02   #12
Falko1987
 
Virtumonde / Malware Trace - Standard

Virtumonde / Malware Trace



hm da ging wohl gerade was schief, also hier nochmal das log

Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 10-08-18.05 - *** 20.08.2010  12:48:49.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.1917.1103 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\***\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Public\invokesi.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-20 bis 2010-08-20  ))))))))))))))))))))))))))))))
.

2010-08-20 11:06 . 2010-08-20 11:10	--------	d-----w-	c:\users\***\AppData\Local\temp
2010-08-20 11:06 . 2010-08-20 11:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-19 21:41 . 2010-08-19 21:41	--------	d-----w-	C:\_OTL
2010-08-19 11:06 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-19 11:06 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-19 11:06 . 2010-08-19 11:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-18 16:56 . 2010-08-18 16:56	--------	d-----w-	c:\program files\trend micro
2010-08-18 16:56 . 2010-08-18 16:56	--------	d-----w-	C:\rsit
2010-08-12 19:57 . 2010-08-12 19:57	--------	d-----w-	c:\users\**\AppData\Local\Geckofx
2010-08-12 19:57 . 2010-08-12 19:57	--------	d-----w-	c:\users\**\AppData\Roaming\Red Kawa
2010-08-12 19:53 . 2010-08-12 19:53	--------	d-----w-	c:\program files\Regensoft
2010-08-12 19:52 . 2010-08-12 19:52	--------	d-----w-	c:\program files\AviSynth 2.5
2010-08-12 19:51 . 2010-08-12 19:51	--------	d-----w-	c:\program files\Red Kawa
2010-08-01 19:48 . 2010-08-01 19:48	--------	d-----w-	c:\program files\Common Files\Skype

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 10:29 . 2008-05-30 20:33	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-08-19 21:48 . 2009-11-19 22:55	--------	d-----w-	c:\programdata\Kaspersky Lab
2010-08-19 21:41 . 2009-11-22 21:15	--------	d-----w-	c:\program files\dcmsvc
2010-08-18 17:49 . 2008-01-21 07:15	618442	----a-w-	c:\windows\system32\perfh007.dat
2010-08-18 17:49 . 2008-01-21 07:15	122842	----a-w-	c:\windows\system32\perfc007.dat
2010-08-07 13:23 . 2008-05-30 19:23	--------	d-----w-	c:\users\**\AppData\Roaming\ICQ
2010-08-04 16:45 . 2009-06-23 17:18	--------	d-----w-	c:\users\**\AppData\Roaming\skypePM
2010-08-03 13:13 . 2009-06-23 17:14	--------	d-----w-	c:\users\**\AppData\Roaming\Skype
2010-08-01 19:49 . 2009-06-23 17:14	--------	d-----r-	c:\program files\Skype
2010-08-01 19:48 . 2009-06-23 17:14	--------	d-----w-	c:\programdata\Skype
2010-07-29 20:54 . 2010-06-01 15:11	97549	----a-w-	c:\windows\system32\drivers\klick.dat
2010-07-29 20:54 . 2010-06-01 15:11	113933	----a-w-	c:\windows\system32\drivers\klin.dat
2010-07-14 20:19 . 2008-11-06 16:31	--------	d-----w-	c:\users\**\AppData\Roaming\gtk-2.0
2010-07-04 09:31 . 2010-07-04 09:31	--------	d-----w-	c:\program files\MSECache
2010-06-16 17:40 . 2008-05-18 12:54	74336	----a-w-	c:\users\**\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-16 10:18 . 2010-06-16 10:18	1079048	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-09 20:41 . 2010-06-09 20:41	106432	----a-w-	c:\windows\system32\drivers\AnyDVD.sys
2010-06-01 15:33 . 2010-06-01 15:33	932368	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-06-01 15:33 . 2010-06-01 15:33	678416	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-06-01 15:33 . 2010-06-01 15:33	604688	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-06-01 15:33 . 2010-06-01 15:33	1096208	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-06-01 15:33 . 2010-06-01 15:33	522768	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-05-30 08:31 . 2010-03-09 19:21	443912	----a-w-	c:\users\**\AppData\Roaming\Real\Update\setup3.10\setup.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 11:47	333192	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2008-07-04 430080]
"AnyDVD"="c:\neue programme\Any dvd\AnyDVD\AnyDVDtray.exe" [2010-07-14 4430784]
"SpybotSD TeaTimer"="c:\neue programme\Spybot\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NDSTray.exe"="NDSTray.exe" [BU]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"avgnt"="c:\program files\Antivir\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-14 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe" [2010-05-06 361120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Magic-i Visual Effects.lnk - c:\neue programme\Hama Webcam\Magic-i Visual Effects\Magic-i Visual Effects.exe [2009-8-28 330240]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\neue programme\ICQ6.5\ICQ.exe" silent
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\neue programme\Quicktime\QTTask.exe" -atboottime
"DAEMON Tools"="c:\neue programme\DAEMON Tools\daemon.exe" -lang 1033
" Malwarebytes Anti-Malware  (reboot)"="c:\neue programme\Malwarebytes\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 136176]
R3 ALSysIO;ALSysIO;c:\users\**\AppData\Local\Temp\ALSysIO.sys [x]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-05-30 16640]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmcbus.sys [2008-01-09 83584]
R3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmcmdfl.sys [2008-01-09 14976]
R3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmcmdm.sys [2008-01-09 110464]
R3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmcmgmt.sys [2008-01-09 104448]
R3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\DRIVERS\lgmcnd5.sys [2008-01-09 25344]
R3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmcobex.sys [2008-01-09 100480]
R3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\DRIVERS\lgmcunic.sys [2008-01-09 109952]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-08-06 611064]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Antivir\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 SBSDWSCService;SBSD Security Center Service;c:\neue programme\Spybot\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-08-20 c:\windows\Tasks\1-Klick-Wartung.job
- c:\neue programme\TuneUpUtilities\OneClickStarter.exe [2008-08-21 17:47]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 10:38]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-04 10:38]

2010-08-19 c:\windows\Tasks\User_Feed_Synchronization-{403451BA-B7D8-40A8-A20B-0F3F4AACB35B}.job
- c:\windows\system32\msfeedssync.exe [2010-06-02 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = h**p://**w.manutd.c*m/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - h**p://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - h**p://*w.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
TCP: {4D7CC473-56C7-43EF-BE05-ACDF6BA7753F} = 192.168.1.1
FF - ProfilePath - c:\users\**\AppData\Roaming\Mozilla\Firefox\Profiles\6491e898.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\neue programme\MozillaFirefox\components\xpinstal.dll
FF - component: c:\neue programme\MozillaFirefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\neue programme\MozillaFirefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
 c:\neue programme\MozillaFirefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\neue programme\MozillaFirefox\greprefs\all.js - pref("network.cookie.p3plevel",             1); // 0=low, 1=medium, 2=high, 3=custom
c:\neue programme\MozillaFirefox\greprefs\all.js - pref("network.enablePad",                   false); // Allow client to do proxy autodiscovery
c:\neue programme\MozillaFirefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\neue programme\MozillaFirefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom",  "chrome://branding/content/searchconfig.properties");
c:\neue programme\MozillaFirefox\defaults\pref\firefox.js - pref("signon.prefillForms",                 true);
c:\neue programme\MozillaFirefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\neue programme\MozillaFirefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\neue programme\MozillaFirefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "hxxp://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\neue programme\MozillaFirefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "hxxp://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\neue programme\MozillaFirefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "hxxp://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-20 13:08
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2903945304-151071018-3808793006-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:26,43,aa,7b,97,e3,1b,73,9b,46,ec,cf,a3,f5,5d,55,29,a9,60,fa,0c,7c,31,
   af,5c,48,c5,4d,0a,6a,ff,4e,29,6e,f1,86,76,64,7b,b8,32,3b,e8,2d,23,0a,ed,49,\
"??"=hex:45,32,2f,17,37,04,06,f3,c3,3a,0f,13,ed,5c,06,59

[HKEY_USERS\S-1-5-21-2903945304-151071018-3808793006-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:4a,12,fd,57,19,83,7d,1f,54,e7,2a,42,45,d5,65,e4,2a,a3,6d,54,c7,
   9d,5f,92,84,05,85,3b,af,62,12,64,ff,03,06,de,76,a3,6b,49,f9,e2,75,d4,bc,8d,\
"rkeysecu"=hex:10,7c,44,37,2a,d9,61,7b,c9,fd,39,69,e1,55,93,7b

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-08-20  13:33:46
ComboFix-quarantined-files.txt  2010-08-20 11:33

Vor Suchlauf: 14 Verzeichnis(se), 71.597.432.832 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 71.549.882.368 Bytes frei

- - End Of File - - BC60DAF133D5DBB8C4CB969F179E272E
         
--- --- ---
einmal löschen bitte

Alt 21.08.2010, 13:18   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virtumonde / Malware Trace - Standard

Virtumonde / Malware Trace



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.08.2010, 22:28   #14
Falko1987
 
Virtumonde / Malware Trace - Standard

Virtumonde / Malware Trace



während des suchlaufs mit GMER kam ein bluescreen und der pc startete neu.Da sich das Programm schon vorher aufgehangen hatte habe ich mit osam weiter gemacht.
Folgendes ergab der Scan:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:03:15 on 21.08.2010
OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
 Rootkits detection (hidden registry)
 Rootkits detection (hidden files)
 Retrieve files information
 Check Microsoft signatures

Filters
 Trusted entries
 Empty entries
 Hidden registry entries (rootkit activity)
 Exclusively opened files
 Not found files
 Files without detailed information
 Existing files
 Non-startable services
 Non-startable drivers
 Active entries
 Disabled entries
 	Risk	Name	Publisher	Full Path	Status
AppInit DLLs
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
 	      	"AppInit_DLLs"	"Kaspersky Lab"	C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll	File exists
 	      	"AppInit_DLLs"	"Kaspersky Lab"	C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll	File exists
Common
%SystemRoot%\Tasks
 	||||  	"GoogleUpdateTaskMachineCore.job"	"Google Inc."	C:\Program Files\Google\Update\GoogleUpdate.exe	File exists
 	||||  	"GoogleUpdateTaskMachineUA.job"	"Google Inc."	C:\Program Files\Google\Update\GoogleUpdate.exe	File exists
 	||||  	"1-Klick-Wartung.job"	"TuneUp Software GmbH"	C:\Neue Programme\TuneUpUtilities\OneClickStarter.exe	File exists
Control Panel Objects
%SystemRoot%\system32
 	||||||	"TOSCDSPD.cpl"	"TOSHIBA"	C:\Windows\system32\TOSCDSPD.cpl	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
 	||||||	"QuickTime"	"Apple Inc."	C:\Neue Programme\Quicktime\QTSystem\QuickTime.cpl	File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
 	      	"ALSysIO" (ALSysIO)		C:\Users\**\AppData\Local\Temp\ALSysIO.sys	File not found
 	||||||	"AnyDVD" (AnyDVD)	"SlySoft, Inc."	C:\Windows\System32\Drivers\AnyDVD.sys	File exists
 	||||||	"ArcSoft Magic-I Visual Effect" (ArcSoftKsUFilter)	"ArcSoft, Inc."	C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys	File exists
 	||||||	"avgio" (avgio)	"Avira GmbH"	C:\Program Files\Antivir\Avira\AntiVir Desktop\avgio.sys	File exists
 	||||||	"avgntflt" (avgntflt)	"Avira GmbH"	C:\Windows\System32\DRIVERS\avgntflt.sys	File exists
 	||||||	"avipbb" (avipbb)	"Avira GmbH"	C:\Windows\System32\DRIVERS\avipbb.sys	File exists
 	      	"catchme" (catchme)		C:\Users\***\AppData\Local\Temp\catchme.sys	File not found
 	||||||	"ElbyCDIO Driver" (ElbyCDIO)	"Elaborate Bytes AG"	C:\Windows\System32\Drivers\ElbyCDIO.sys	File exists
 	||||||	"enodpl" (enodpl)		C:\Windows\System32\drivers\enodpl.sys	File found, but it contains no detailed information
 	      	"IP in IP Tunnel Driver" (IpInIp)		C:\Windows\System32\DRIVERS\ipinip.sys	File not found
 	      	"IPX Traffic Filter Driver" (NwlnkFlt)		C:\Windows\System32\DRIVERS\nwlnkflt.sys	File not found
 	      	"IPX Traffic Forwarder Driver" (NwlnkFwd)		C:\Windows\System32\DRIVERS\nwlnkfwd.sys	File not found
 	||||||	"ISO DVD/CD-ROM Device Driver" (ISODrive)	"EZB Systems, Inc."	C:\Neue Programme\Ultraiso\UltraISO\drivers\ISODrive.sys	File exists
 	||||||	"PPdus ASPI Shell" (Afc)	"Arcsoft, Inc."	C:\Windows\System32\drivers\Afc.sys	File exists
 	||||||	"PxHelp20" (PxHelp20)	"Sonic Solutions"	C:\Windows\System32\Drivers\PxHelp20.sys	File exists
 	||||||	"ssmdrv" (ssmdrv)	"Avira GmbH"	C:\Windows\System32\DRIVERS\ssmdrv.sys	File exists
 	||||||	"tandpl" (tandpl)		C:\Windows\System32\drivers\tandpl.sys	File found, but it contains no detailed information
Explorer
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
 	||||||	{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class"	"Illustrate"	C:\Program Files\Illustrate\dBpoweramp\dBShell.dll	File exists
 	||||||	{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension"	"Adobe Systems, Inc."	C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll	File exists
 	      	{7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}"			File not found | COM-object registry key not found
HKLM\Software\Classes\Protocols\Filter
 	||||||	{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter"	"Microsoft Corporation"	C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL	File exists
HKLM\Software\Classes\Protocols\Handler
 	||||||	{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class"	"Microsoft Corporation"	C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll	File exists
 	||||||	{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class"	"Skype Technologies"	C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL	File exists
 	||||  	{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol"	"Skype Technologies S.A."	C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
 	      	{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"			File not found | COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
 	      	{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files"			File not found | COM-object registry key not found
 	||||||	{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension"	"Igor Pavlov"	C:\Program Files\7-Zip\7-zip.dll	File exists
 	      	{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder"			File not found | COM-object registry key not found
 	      	{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder"			File not found | COM-object registry key not found
 	      	{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder"			File not found | COM-object registry key not found
 	||||||	{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class"	"Illustrate"	C:\Program Files\Illustrate\dBpoweramp\dMCShell.dll	File exists
 	      	{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band"			File not found | COM-object registry key not found
 	      	{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist"			File not found | COM-object registry key not found
 	||||||	{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu"		C:\NEUEPR~1\IZArc\IZArcCM.dll	File found, but it contains no detailed information
 	||||||	{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu"		C:\NEUEPR~1\IZArc\IZArcCM.dll	File found, but it contains no detailed information
 	      	{00020d75-0000-0000-c000-000000000046} "lnkfile"			File not found | COM-object registry key not found
 	||||||	{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler"	"Microsoft Corporation"	C:\Program Files\Microsoft Office\Office12\msohevi.dll	File exists
 	||||||	{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler"	"Microsoft Corporation"	C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll	File exists
 	||||||	{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"	"Microsoft Corporation"	C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL	File exists
 	||||||	{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler"	"Microsoft Corporation"	C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll	File exists
 	      	{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler"			File not found | COM-object registry key not found
 	      	{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler"			File not found | COM-object registry key not found
 	||||||	{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class"	"RealNetworks, Inc."	C:\Neue Programme\RealPlayer\rpshell.dll	File exists
 	      	{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder"			File not found | COM-object registry key not found
 	      	{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder"			File not found | COM-object registry key not found
 	||||||	{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning"	"Avira GmbH"	C:\Program Files\Antivir\Avira\AntiVir Desktop\shlext.dll	File exists
 	||||||	{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class"	"Advanced Micro Devices, Inc."	C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll	File exists
 	||||||	{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension"	"TuneUp Software GmbH"	C:\Neue Programme\TuneUpUtilities\SDShelEx-win32.dll	File exists
 	||||||	{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension"	"TuneUp Software GmbH"	C:\Windows\System32\uxtuneup.dll	File exists
 	||||||	{AD392E40-428C-459F-961E-9B147782D099} "UIContextMenu Class"	"EZB Systems, Inc."	C:\Neue Programme\Ultraiso\UltraISO\isoshell.dll	File exists
 	||||||	{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} "WinAceContext Menu (Add) Extension"	"e-merge GmbH"	C:\Neue Programme\Winace\arcext.dll	File exists
 	||||||	{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} "WinAceContext Menu Extension"	"e-merge GmbH"	C:\Neue Programme\Winace\arcext.dll	File exists
 	||||||	{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} "WinAceDrag-Drop Extension"	"e-merge GmbH"	C:\Neue Programme\Winace\arcext.dll	File exists
 	||||||	{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} "WinAceProperty Sheet Extension"	"e-merge GmbH"	C:\Neue Programme\Winace\arcext.dll	File exists
 	      	{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service"			File not found | COM-object registry key not found
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
 	||||  	"Ask Toolbar"	"Ask.com"	C:\Program Files\AskBarDis\bar\bin\askBar.dll	File exists
 	      	ITBar7Height "ITBar7Height"			File not found | COM-object registry key not found
 	      	"ITBar7Layout"			File not found | COM-object registry key not found
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
 	||||  	{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar"	"ICQ"	C:\Program Files\ICQ6Toolbar\ICQToolBar.dll	File exists
 	      	"{855F3B16-6D32-4fe6-8A56-BBB695989046}"			File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
 	||||||	{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control"
h**p://download.bitdefender.com/resources/scan8/oscan8.cab	"BitDefender"	C:\Windows\DOWNLO~1\oscan82.ocx	File exists
 	||    	{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "get_atlcom Class"
h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab	"NOS Microsystems Ltd."	C:\Windows\Downloaded Program Files\gp.ocx	File exists
 	||||  	{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03"
h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab	"Sun Microsystems, Inc."	C:\Program Files\Java\jre6\bin\jp2iexp.dll	File exists
 	||||  	{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17"
h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab	"Sun Microsystems, Inc."	C:\Program Files\Java\jre6\bin\jp2iexp.dll	File exists
 	||||  	{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17"
h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab	"Sun Microsystems, Inc."	C:\Program Files\Java\jre6\bin\jp2iexp.dll	File exists
 	||||  	{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17"
h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab	"Sun Microsystems, Inc."	C:\Program Files\Java\jre6\bin\npjpi160_17.dll	File exists
 	||||||	{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"
h**ps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab	"Adobe Systems, Inc."	C:\Windows\system32\Macromed\Flash\Flash10d.ocx	File exists
 	||||  	{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool"
h**p://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab	"Microsoft Corporation"	C:\Windows\system32\LegitCheckControl.DLL	File exists
 	      	{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}"
h**p://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab			File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
 	      	{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur"	"Kaspersky Lab"	C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll	File exists
 	      	"Amazon.de"		H**p://*w.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home	HTTP value
 	||||  	{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden"	"Microsoft Corporation"	C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll	File exists
 	||||||	{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension"	"Safer Networking Limited"	C:\NEUEPR~1\Spybot\SPYBOT~1\SDHelper.dll	File exists
 	      	"eBay - Der weltweite Online Marktplatz"		H**p://rover.ebay.com/rover/1/707-44556-9400-3/4	HTTP value
 	||||||	"Exec"		C:\Windows\bdoscandel.exe	File found, but it contains no detailed information
 	||||  	"ICQ6"	"ICQ, LLC."	C:\Neue Programme\ICQ6.5\ICQ.exe	File exists
 	      	{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen"	"Kaspersky Lab"	C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll	File exists
 	||||  	{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research"	"Microsoft Corporation"	C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL	File exists
 	||||  	{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer"	"Skype Technologies S.A."	C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll	File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
 	||||  	"Ask Toolbar"	"Ask.com"	C:\Program Files\AskBarDis\bar\bin\askBar.dll	File exists
 	||||  	{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar"	"ICQ"	C:\Program Files\ICQ6Toolbar\ICQToolBar.dll	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
 	||||||	{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader"	"Adobe Systems Incorporated"	C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll	File exists
 	||||  	{201f27d4-3704-41d6-89c1-aa35e39143ed} "AskBar BHO"	"Ask.com"	C:\Program Files\AskBarDis\bar\bin\askBar.dll	File exists
 	      	{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class"	"Kaspersky Lab"	C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll	File exists
 	      	{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class"	"Kaspersky Lab"	C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll	File exists
 	||||  	{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper"	"Sun Microsystems, Inc."	C:\Program Files\Java\jre6\bin\jp2ssv.dll	File exists
 	||||  	{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer"	"Skype Technologies S.A."	C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll	File exists
 	||||||	{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection"	"Safer Networking Limited"	C:\NEUEPR~1\Spybot\SPYBOT~1\SDHelper.dll	File exists
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
 	||||||	"desktop.ini"		C:\Users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
 	||||||	"desktop.ini"		C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	File exists
 	||||  	"Magic-i Visual Effects.lnk"	"ArcSoft, Inc."	C:\Neue Programme\Hama Webcam\Magic-i Visual Effects\Magic-i Visual Effects.exe	Shortcut exists | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
 	||||||	"SpybotSD TeaTimer"	"Safer-Networking Ltd."	C:\Neue Programme\Spybot\Spybot - Search & Destroy\TeaTimer.exe	File exists
 	||||  	"TOSCDSPD"	"TOSHIBA"	C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe	File exists
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
 	      	"StartupPrograms"		rdpclip	File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
 	||||||	"00TCrdMain"	"TOSHIBA Corporation"	%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe	File exists
 	||||  	"Adobe Reader Speed Launcher"	"Adobe Systems Incorporated"	"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"	File exists
 	||||  	"ArcSoft Connection Service"	"ArcSoft Inc."	C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe	File exists
 	||||||	"avgnt"	"Avira GmbH"	"C:\Program Files\Antivir\Avira\AntiVir Desktop\avgnt.exe" /min	File exists
 	||||||	"AVP"	"Kaspersky Lab"	"C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe"	File exists
 	      	"FreePDF Assistant"	"shbox.de"	C:\Program Files\FreePDF_XP\fpassist.exe	File exists
 	      	"NDSTray.exe"		NDSTray.exe	File not found
 	||||  	"SmoothView"	"TOSHIBA Corporation"	%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe	File exists
 	||||  	"StartCCC"	"Advanced Micro Devices, Inc."	"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun	File exists
 	||||  	"SunJavaUpdateSched"	"Sun Microsystems, Inc."	"C:\Program Files\Java\jre6\bin\jusched.exe"	File exists
 	||||  	"TkBellExe"	"RealNetworks, Inc."	"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot	File exists
 	||||  	"topi"	"TOSHIBA"	C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup	File exists
 	||||||	"TPwrMain"	"TOSHIBA Corporation"	%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE	File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
 	||||||	"Redirected Port"		C:\Windows\system32\redmonnt.dll	File found, but it contains no detailed information
 	||||||	"Send To Microsoft OneNote Monitor"	"Microsoft Corporation"	C:\Windows\system32\msonpmon.dll	File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
 	||||||	"@%SystemRoot%\System32\TuneUpDefragService.exe,-1" (TuneUp.Defrag)	"TuneUp Software GmbH"	C:\Windows\System32\TuneUpDefragService.exe	File exists
 	||||||	"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp)	"TuneUp Software GmbH"	C:\Windows\System32\uxtuneup.dll	File exists
 	||||||	"@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper)	"NOS Microsystems Ltd."	C:\Program Files\NOS\bin\getPlus_Helper.dll	File exists
 	||||||	"ArcSoft Connect Daemon" (ACDaemon)	"ArcSoft Inc."	C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe	File exists
 	||    	"ASKService" (ASKService)		C:\Program Files\AskBarDis\bar\bin\AskService.exe	File found, but it contains no detailed information
 	||    	"ASKUpgrade" (ASKUpgrade)		C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe	File found, but it contains no detailed information
 	||||||	"Avira AntiVir Guard" (AntiVirService)	"Avira GmbH"	C:\Program Files\Antivir\Avira\AntiVir Desktop\avguard.exe	File exists
 	||||||	"Avira AntiVir Planer" (AntiVirSchedulerService)	"Avira GmbH"	C:\Program Files\Antivir\Avira\AntiVir Desktop\sched.exe	File exists
 	||||||	"ConfigFree Service" (ConfigFree Service)	"TOSHIBA CORPORATION"	C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe	File exists
 	||||||	"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance)	"MAGIX®"	C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe	File exists
 	||||  	"Google Update Service (gupdate)" (gupdate)	"Google Inc."	C:\Program Files\Google\Update\GoogleUpdate.exe	File exists
 	||||  	"Google Updater Service" (gusvc)	"Google"	C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe	File exists
 	||||||	"Kaspersky Security Suite CBE 10" (AVP)	"Kaspersky Lab"	C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe	File exists
 	||||||	"Microsoft Office Diagnostics Service" (odserv)	"Microsoft Corporation"	C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE	File exists
 	||||||	"Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0)	"Nero AG"	C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe	File exists
 	||||||	"NMSAccessU" (NMSAccessU)		C:\Neue Programme\CDBurnerXP\NMSAccessU.exe	File found, but it contains no detailed information
 	||||||	"Office Source Engine" (ose)	"Microsoft Corporation"	C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	File exists
 	      	"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service)		C:\Windows\system32\IoctlSvc.exe	File not found
 	||||||	"SBSD Security Center Service" (SBSDWSCService)	"Safer Networking Ltd."	C:\Neue Programme\Spybot\Spybot - Search & Destroy\SDWinSec.exe	File exists
 	||||||	"TOSHIBA Navi Support Service" (TNaviSrv)	"TOSHIBA Corporation"	C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe	File exists
 	||||||	"TOSHIBA Optical Disc Drive Service" (TODDSrv)	"TOSHIBA Corporation"	C:\Windows\system32\TODDSrv.exe	File exists
 	||||||	"TOSHIBA Power Saver" (TosCoSrv)	"TOSHIBA Corporation"	c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe	File exists
 	||||||	"TOSHIBA SMART Log Service" (TOSHIBA SMART Log Service)	"TOSHIBA Corporation"	c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe	File exists
 	||||||	"Ulead Burning Helper" (UleadBurningHelper)	"Ulead Systems, Inc."	C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe	File exists
Winlogon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
 	      	"klogon"	"Kaspersky Lab"	C:\Windows\system32\klogon.dll	File exists
         
Hier das Ergebnis von Bootkit:

Size : 232 Gb
Device: \\.\PhysicalDrive0
MBR Status: OK <DOS/Win32 Boot code found>

Edit:

Das Log läßt sich nur doof posten. Falls es nicht lesbar ist muss ich es wohl nochmal posten

Alt 22.08.2010, 18:41   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virtumonde / Malware Trace - Standard

Virtumonde / Malware Trace



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Virtumonde / Malware Trace
acroiehelper.dll, agere systems, antivir, antivir guard, ask toolbar, avgnt, avgntflt.sys, avira, avp.exe, browser, c:\windows\system32\rundll32.exe, cdburnerxp, combofix, decrypter, desktop, device driver, diagnostics, downloader, druck, ebay, error, excel, firefox, flash player, hdaudio.sys, hkus\s-1-5-18, home, home premium, install.exe, jusched.exe, local\temp, mp3, msiexec.exe, nodrives, notepad.exe, problem, programdata, proxy, realtek, safer networking, saver, scan, security, senden, software, sptd.sys, start menu, system, uleadburninghelper, usb 2.0, usbvideo.sys, video converter, virtumonde, virus, vlc media player, wireless lan, wscript.exe



Ähnliche Themen: Virtumonde / Malware Trace


  1. Adware.Trace malware entfernen
    Anleitungen, FAQs & Links - 06.11.2015 (2)
  2. Malware.trace auf dem Laptop- wie entfernen
    Log-Analyse und Auswertung - 30.04.2015 (1)
  3. Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker
    Log-Analyse und Auswertung - 10.03.2013 (18)
  4. Malwarebytes hat dhxiuw.dat (Malware.Trace) entdeckt
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (5)
  5. Malware Trace, HEUR/HTML.Malware
    Log-Analyse und Auswertung - 02.12.2011 (30)
  6. Log-Analyse nach Trojaner/Malware befall (Malware.Trace / Trojan.BHO)
    Log-Analyse und Auswertung - 26.09.2011 (16)
  7. Malwarebytes' Anti-Malware hat Trojan.ZbotR.Gen, Trojan.Agent und Malware.Trace entdeckt - und nun?
    Log-Analyse und Auswertung - 18.07.2011 (32)
  8. Problem mit Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 11.02.2011 (4)
  9. Rätselhafter Mailversand - Malware.Packer.Gen, Trojan.Patched und Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 03.11.2010 (25)
  10. Internet geblockt - Bifrose.Trace/Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 18.08.2010 (13)
  11. Malware.Trace: cglogs.dat, UuU.uUu, XxX.xXx
    Plagegeister aller Art und deren Bekämpfung - 21.07.2010 (2)
  12. trojan.dropper & malware.trace
    Plagegeister aller Art und deren Bekämpfung - 15.07.2010 (9)
  13. Ich habe eine Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 28.06.2010 (8)
  14. Malware.Trace XxX.xXx
    Plagegeister aller Art und deren Bekämpfung - 24.06.2010 (4)
  15. Kann Malware nicht löschen! Trojan.Agent und Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 18.06.2010 (19)
  16. Kriege Malware.Trace nicht los
    Plagegeister aller Art und deren Bekämpfung - 19.05.2010 (5)
  17. Wurm Malware.Trace was tun
    Log-Analyse und Auswertung - 18.07.2009 (1)

Zum Thema Virtumonde / Malware Trace - Hallo Helfer Team! Ich habe mir vermutlich Virtumonde eingefangen, vielleicht auch noch andere Viren. Ein Spybot Scan hatte dies zunächst ergeben (Virus in der Registry), nachdem der Pc abgeschmiert ist. - Virtumonde / Malware Trace...
Archiv
Du betrachtest: Virtumonde / Malware Trace auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.