Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.10.2010, 17:18   #1
brbsmoky
 
Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! - Standard

Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!



Hallo liebes Forum,

nach langer Zeit muss ich mich (leider - nicht falsch verstehen) mal wieder hier melden.
Vorab, das betreffend System ist nicht von mir, ich bin glücklicherweise seit geraumer Zeit viren- und trojanerfrei und habe auch vor, es zu bleiben.

Gestern nachmittag hat mich ein Freund angerufen und mir erzählt, dass in unregelmäßigen Abständen von 5-20 Minuten andauernd Internet Explorer Popups aufgingen. Das kam ihm spanisch vor, zumal sein Standardbrowser Firefox ist.
Also führte er einen Komplett-Scan mit Avira Antivir durch, der jedoch keinen Virus oder Ähnliches fand. Bemerkenswert: Am Ende des Scanns kann man bei Avira ja auf den Button "Report" klicken. Als mein Freund dies tat, geschah einfach nichts - keine Fehlermeldung, garnichts.
Als er daraufhin Antivir per Doppelklick in der Taskleiste rechts unten öffnen wollte, kam die Nachricht: onDblClick() failed.
Startete er das Programm normal über Arbeitsplatz-> C-> Programme usw., startet es einwandfrei.

Aus diesem Grund führte er einen Komplettscan mit Malwarebytes durch,
den ich der Übersicht halber in einen Code packe :
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4952

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26.10.2010 17:56:23
mbam-log-2010-10-26 (17-56-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 257986
Laufzeit: 1 Stunde(n), 14 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 12

Infizierte Speicherprozesse:
C:\WINDOWS\Nsojua.exe (Rootkit.TDSS) -> Unloaded process successfully.
d:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nqm.exe (Rootkit.TDSS) -> Unloaded process successfully.
d:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nql.exe (Rootkit.TDSS) -> Unloaded process successfully.

Infizierte Speichermodule:
c:\WINDOWS\system32\sshnas21.dll (Rootkit.TDSS) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u36vrsflg6 (Rootkit.TDSS) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\WINDOWS\system32\sshnas21.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\Nsojua.exe (Rootkit.TDSS) -> Delete on reboot.
d:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nqm.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
d:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nql.exe (Rootkit.TDSS) -> Delete on reboot.
D:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\iCHkuypo.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nqj.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nqk.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
D:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Pic7BFOK.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{0E312F60-82BF-4D0D-B314-38829684461D}\RP67\A0023359.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
         
Die betroffenen Stellen ließ er natürlich, wie von MBAM vorgeschlagen, beim nächsten Reboot löschen.
Als er daraufhin erneut mit Avira und MBAM scannte, wurde nichts mehr gefunden.
Schön und gut - aber zu früh gefreut!
Heute rief er mich erneut an und berichtete, dass zwar die ominösen Popups aufgehört haben, er Antivir aber immernoch nicht per Doppelklick starten kann und nun folgendes Problem besteht:

Er hat ca. 15-20 Computerspiele installiert.
Davon kann er nurnoch eine handvoll starten (zufälligerweise alles ältere Spiele wie z.B. Titan Quest oder Stronghold Crusader), bei allen anderen wie z.B. Oblivion kommt die Nachricht:

"Auf das angegebene Gerät bzw. Pfad oder Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichende Berechtigungen, um auf das Element zugreifen zu können"

Der zunächst geäußerte Verdacht, es könnt an Windows 7 oder ähnlichem liegen, zerstreute sich schnell, ist er doch begeisterter User von Windows XP (natürlich SP3 installiert ).

Nun stellt sich natürlich die Frage:
Ist das System immernoch verseucht?
Und falls ja, muss es neu aufgesetzt werden?

Anbei noch der HJT-Log:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:09, on 27.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\ICQ6.5\ICQ.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\LogMeIn Hamachi\hamachi-2.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://www.google.de/
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [IE7] rundll32 advpack.dll,LaunchINFSection IE7.inf,FirstUserStart (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Als HTML speichern - C:\Programme\SmarThru Office\WebCapture.dll1.htm
O8 - Extra context menu item: Auswahl erfassen - C:\Programme\SmarThru Office\WebCapture.dll2.htm
O8 - Extra context menu item: Capture Selection - C:\Programme\SmarThru Office\WebCapture.dll2.htm
O8 - Extra context menu item: Markierten Text speichern - C:\Programme\SmarThru Office\WebCapture.dll.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save as HTML - C:\Programme\SmarThru Office\WebCapture.dll1.htm
O8 - Extra context menu item: Save Selected Text - C:\Programme\SmarThru Office\WebCapture.dll.htm
O8 - Extra context menu item: Web Capture - C:\Programme\SmarThru Office\WebCapture.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Web Capture - {7BDBFB9E-FD6E-43c2-937A-5C9F33FEBE5F} - C:\Programme\SmarThru Office\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: Web Capture - {7BDBFB9E-FD6E-43c2-937A-5C9F33FEBE5F} - C:\Programme\SmarThru Office\WebCapture.dll (HKCU)
O9 - Extra button: Auswahl erfassen - {A36A58CC-70D5-4462-9C90-C0E9D244B230} - C:\Programme\SmarThru Office\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: Auswahl erfassen - {A36A58CC-70D5-4462-9C90-C0E9D244B230} - C:\Programme\SmarThru Office\WebCapture.dll (HKCU)
O9 - Extra button: Markierten Text speichern - {A5183750-A927-4ec3-B027-C633A2D5418C} - C:\Programme\SmarThru Office\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: Markierten Text speichern - {A5183750-A927-4ec3-B027-C633A2D5418C} - C:\Programme\SmarThru Office\WebCapture.dll (HKCU)
O9 - Extra button: Als HTML speichern - {BDC4DF0E-D605-48d6-B4AF-CA5927A463EE} - C:\Programme\SmarThru Office\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: Als HTML speichern - {BDC4DF0E-D605-48d6-B4AF-CA5927A463EE} - C:\Programme\SmarThru Office\WebCapture.dll (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281355840328
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programme\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 21378 bytes
         

Ich bedanke mich schonmal recht herzlich für Eure Hilfe.
Vielleicht ist ja doch noch etwas zu retten.

Alt 28.10.2010, 07:33   #2
Chris4You
 
Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! - Standard

Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!



Hi,

HJ sieht eigentlich gut aus...

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris
__________________

__________________

Alt 28.10.2010, 16:36   #3
brbsmoky
 
Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! - Standard

Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!



Hallo,
habe alles abgearbeitet.
So wie ich das sehe, scheint alles in Ordnung zu sein??
Egal, ihr seid die Experten:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.10.2010 17:32:39 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = d:\Dokumente und Einstellungen\Konstantin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,12 Gb Total Space | 12,55 Gb Free Space | 16,06% Space Free | Partition Type: NTFS
Drive D: | 154,76 Gb Total Space | 144,46 Gb Free Space | 93,35% Space Free | Partition Type: NTFS
 
Computer Name: SCARTO | User Name: Konstantin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - d:\Dokumente und Einstellungen\Konstantin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE (Logitech Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - d:\Dokumente und Einstellungen\Konstantin\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Temp\IadHide5.dll (BackWeb)
MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva248) -- C:\WINDOWS\System32\XDva248.sys File not found
DRV - (SSPORT) -- C:\WINDOWS\System32\Drivers\SSPORT.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042MOU.SYS (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS (Logitech, Inc.)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.schuelervz.net/Start/tid/101"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.21 11:10:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.21 11:10:37 | 000,000,000 | ---D | M]
 
[2008.10.14 13:18:37 | 000,000,000 | ---D | M] -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Extensions
[2010.10.27 16:25:30 | 000,000,000 | ---D | M] -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions
[2010.05.07 14:35:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.26 13:44:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.05.03 10:53:55 | 000,000,000 | ---D | M] (Media Converter) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2010.08.19 16:06:03 | 000,000,000 | ---D | M] (Adblock Plus) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.21 13:56:24 | 000,000,000 | ---D | M] (Greasemonkey) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.27 16:25:30 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.10.11 10:39:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.09.17 19:09:09 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.17 19:09:09 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.17 19:09:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.17 19:09:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.17 19:09:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.03.30 09:58:51 | 000,381,108 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 13126 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - Startup: d:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: d:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Als HTML speichern - C:\Programme\SmarThru Office\WEBCapture.dll1.htm ()
O8 - Extra context menu item: Auswahl erfassen - C:\Programme\SmarThru Office\WEBCapture.dll2.htm ()
O8 - Extra context menu item: Capture Selection - C:\Programme\SmarThru Office\WEBCapture.dll2.htm ()
O8 - Extra context menu item: Markierten Text speichern - C:\Programme\SmarThru Office\WEBCapture.dll.htm ()
O8 - Extra context menu item: Save as HTML - C:\Programme\SmarThru Office\WEBCapture.dll1.htm ()
O8 - Extra context menu item: Save Selected Text - C:\Programme\SmarThru Office\WEBCapture.dll.htm ()
O8 - Extra context menu item: Web Capture - C:\Programme\SmarThru Office\WebCapture.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281355840328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\bw+0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw+0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.13 15:56:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0ddad734-1ed4-11df-bab2-0019dbcc4e28}\Shell - "" = AutoRun
O33 - MountPoints2\{0ddad734-1ed4-11df-bab2-0019dbcc4e28}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.28 17:31:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- d:\Dokumente und Einstellungen\Konstantin\Desktop\OTL.exe
[2010.10.27 17:18:59 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\Konstantin\Desktop\Neuer Ordner
[2010.10.26 18:02:42 | 000,000,000 | RH-D | C] -- d:\Dokumente und Einstellungen\Konstantin\Recent
[2010.10.21 11:10:49 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\Konstantin\Desktop\Sonstiges
[2010.10.15 10:36:42 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010.10.15 10:36:42 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010.10.15 10:36:42 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010.10.15 10:36:32 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010.10.11 10:44:24 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\skypePM
[2010.10.11 10:39:51 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Skype
[2010.10.11 10:39:24 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.10.11 10:39:24 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2010.10.11 10:39:18 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.28 17:33:41 | 001,207,026 | ---- | M] () -- d:\Dokumente und Einstellungen\Konstantin\Desktop\tdsskiller.zip
[2010.10.28 17:31:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- d:\Dokumente und Einstellungen\Konstantin\Desktop\OTL.exe
[2010.10.28 17:26:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.28 15:52:29 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2010.10.27 16:54:36 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010.10.22 11:48:00 | 000,000,107 | ---- | M] () -- d:\Dokumente und Einstellungen\Konstantin\default.pls
[2010.10.22 11:47:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.19 14:24:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.15 20:17:03 | 000,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.11 10:44:24 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.10.08 12:02:46 | 000,458,476 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.10.08 12:02:46 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.08 12:02:46 | 000,084,512 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.10.08 12:02:46 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.28 17:33:26 | 001,207,026 | ---- | C] () -- d:\Dokumente und Einstellungen\Konstantin\Desktop\tdsskiller.zip
[2010.10.11 10:44:24 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.03.21 18:29:34 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010.03.21 18:29:33 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.10.03 14:49:23 | 000,007,168 | ---- | C] () -- d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.13 16:56:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009.04.09 13:59:47 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.01.01 15:23:33 | 000,000,143 | ---- | C] () -- d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.12.25 13:53:59 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2008.10.24 15:42:00 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\STOFaxPort.dll
[2008.10.22 16:59:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.10.15 10:50:40 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.10.14 11:44:58 | 000,000,116 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2008.10.14 11:44:56 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008.10.14 11:44:12 | 000,950,585 | ---- | C] () -- C:\WINDOWS\System32\libiconv-2.dll
[2008.10.14 11:42:39 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2008.10.14 11:42:39 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sss1ml3.dll
[2008.10.14 11:40:40 | 000,265,216 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2008.10.14 11:40:40 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2008.10.14 11:40:40 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\Ssuiext.dll
[2008.10.14 11:40:40 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2008.10.14 11:40:40 | 000,087,040 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2008.10.14 11:36:46 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008.10.14 11:28:55 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.10.13 16:49:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.10.13 16:00:11 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.12.05 01:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.12.05 01:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.12.05 01:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.12.05 01:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.12.05 01:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2002.08.29 14:00:00 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\AIO-Auswahl.ini

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.10.2010 17:32:39 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = d:\Dokumente und Einstellungen\Konstantin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,12 Gb Total Space | 12,55 Gb Free Space | 16,06% Space Free | Partition Type: NTFS
Drive D: | 154,76 Gb Total Space | 144,46 Gb Free Space | 93,35% Space Free | Partition Type: NTFS
 
Computer Name: SCARTO | User Name: Konstantin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech)
"E:\NeroExpress\Installation\Setupx.exe" = E:\NeroExpress\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Programme\THQ\Titan Quest Immortal Throne\Tqit.exe" = C:\Programme\THQ\Titan Quest Immortal Throne\Tqit.exe:*:Enabled:Tqit -- ()
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics)
"C:\WINDOWS\twain_32\Samsung\SCX4x24\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\SCX4x24\Scan2Pc.exe:*:Enabled:ScanToPC -- ()
"C:\WINDOWS\twain_32\Samsung\SCX4x24\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\SCX4x24\Sscan2io.exe:*:Enabled:SScanToIO -- ()
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Sony\Station\Launchpad\LaunchPad.exe" = C:\Programme\Sony\Station\Launchpad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe" = C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ( )
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\LucasArts\Star Wars Battlefront\GameData\battlefront.exe" = C:\Programme\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:*:Enabled:Star Wars(TM): Battlefront(TM) -- ()
"C:\Programme\Steam\SteamApps\playa_da_pitbull\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\playa_da_pitbull\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe" = C:\Programme\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:*:Enabled:SWRepublicCommando -- ()
"C:\Programme\Wacraft III\Warcraft 3\war3.exe" = C:\Programme\Wacraft III\Warcraft 3\war3.exe:*:Enabled:Warcraft III -- (BoR0)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)
"C:\Programme\Cyanide\GameCenter\GameCenter.exe" = C:\Programme\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter -- (Cyanide)
"C:\Programme\Cyanide\Loki\Loki.exe" = C:\Programme\Cyanide\Loki\Loki.exe:*:Enabled:Loki -- (Cyanide)
"C:\Programme\Cyanide\Loki\Autorun\AutoRun.exe" = C:\Programme\Cyanide\Loki\Autorun\AutoRun.exe:*:Enabled:Loki - AutoRun -- (Cyanide)
"C:\Programme\Steam\SteamApps\zuck0r\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\zuck0r\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Steam\SteamApps\anti_egoshooter_gamer\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\anti_egoshooter_gamer\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Steam\SteamApps\brb_smoky\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\brb_smoky\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\THQ\Titan Quest\Titan Quest.exe" = C:\Programme\THQ\Titan Quest\Titan Quest.exe:*:Enabled:Titan Quest -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A4D15AE-98E5-499A-BB31-79CCA153A84A}_is1" = RAFOO - Unterwasserwelt & Fische
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BAA9BA8-0761-42EF-842A-23FAA5321031}" = Nero 7 Essentials
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{913D0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BC1E722-AE07-46A3-B7A6-556DBE18E22A}" = SmarThru Office
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software  1.12.29.2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeFlashFiles" = Adobe Flash Player
"Arktwend - Das vergessene Reich_is1" = ArktwendUninstaller
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DXAddon" = DirectX 9.0c Zusatzdateien
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Finale NotePad 2008" = Finale NotePad 2008
"GameCenter" = GameCenter
"HijackThis" = HijackThis 2.0.2
"ie7" = Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LogMeIn Hamachi" = LogMeIn Hamachi
"Loki" = Loki
"Loki_is1" = Loki
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Nehrim - Am Rande des Schicksals_is1" = NehrimUninstaller
"NVIDIA Drivers" = NVIDIA Drivers
"Runtimes" = Allgemeine Runtime Dateien
"Samsung SCX-4x24 Series" = Samsung SCX-4x24 Series
"SmarThru Office PC Fax" = SmarThru Office PC Fax
"Steam App 440" = Team Fortress 2
"TQVault_is1" = TQVault 2.11
"TuneUp Utilities" = TuneUp Utilities
"Unlocker" = Unlocker 1.8.9
"WinRAR archiver" = WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.08.2010 12:01:43 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung oblivion.exe, Version 1.2.0.416, fehlgeschlagenes
 Modul oblivion.exe, Version 1.2.0.416, Fehleradresse 0x00021390.
 
Error - 27.08.2010 14:20:32 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung assassinscreed_dx9.exe, Version 1.0.2.1,
 fehlgeschlagenes Modul assassinscreed_dx9.exe, Version 1.0.2.1, Fehleradresse 0x0042df49.
 
Error - 28.08.2010 08:31:47 | Computer Name = SCARTO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung ICQ.exe, Version 6.5.0.2024, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 29.08.2010 09:04:54 | Computer Name = SCARTO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung game.dat, Version 1.0.2194.40862, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.09.2010 09:02:59 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung icq.exe, Version 6.5.0.2024, fehlgeschlagenes
 Modul jscript.dll, Version 5.8.6001.22960, Fehleradresse 0x0001ede0.
 
Error - 16.10.2010 10:19:21 | Computer Name = SCARTO | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.
 
Error - 22.10.2010 04:32:34 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung swrepubliccommando.exe, Version 0.0.0.0,
 fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x6c707544.
 
Error - 22.10.2010 04:35:11 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung swrepubliccommando.exe, Version 0.0.0.0,
 fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x6c707544.
 
Error - 27.10.2010 10:39:15 | Computer Name = SCARTO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Stronghold Crusader.exe, Version 1.0.0.1, 
Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 27.10.2010 11:57:05 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung icq.exe, Version 6.5.0.2024, fehlgeschlagenes
 Modul mshtml.dll, Version 8.0.6001.18975, Fehleradresse 0x000da3af.
 
[ System Events ]
Error - 28.10.2010 08:02:59 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
 
Error - 28.10.2010 08:02:59 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
 
Error - 28.10.2010 08:03:03 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
 
Error - 28.10.2010 08:03:04 | Computer Name = SCARTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 28.10.2010 08:03:04 | Computer Name = SCARTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 28.10.2010 11:26:50 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
 
Error - 28.10.2010 11:26:51 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
 
Error - 28.10.2010 11:26:53 | Computer Name = SCARTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 28.10.2010 11:26:53 | Computer Name = SCARTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 28.10.2010 11:26:57 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
 
 
< End of report >
         
--- --- ---


Code:
ATTFilter
2010/10/28 17:35:07.0500	TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/28 17:35:07.0500	================================================================================
2010/10/28 17:35:07.0500	SystemInfo:
2010/10/28 17:35:07.0500	
2010/10/28 17:35:07.0500	OS Version: 5.1.2600 ServicePack: 3.0
2010/10/28 17:35:07.0500	Product type: Workstation
2010/10/28 17:35:07.0500	ComputerName: SCARTO
2010/10/28 17:35:07.0500	UserName: Konstantin
2010/10/28 17:35:07.0500	Windows directory: C:\WINDOWS
2010/10/28 17:35:07.0500	System windows directory: C:\WINDOWS
2010/10/28 17:35:07.0500	Processor architecture: Intel x86
2010/10/28 17:35:07.0500	Number of processors: 2
2010/10/28 17:35:07.0500	Page size: 0x1000
2010/10/28 17:35:07.0500	Boot type: Normal boot
2010/10/28 17:35:07.0500	================================================================================
2010/10/28 17:35:07.0828	Initialize success
2010/10/28 17:35:19.0062	================================================================================
2010/10/28 17:35:19.0062	Scan started
2010/10/28 17:35:19.0062	Mode: Manual; 
2010/10/28 17:35:19.0062	================================================================================
2010/10/28 17:35:19.0390	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/28 17:35:19.0421	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/28 17:35:19.0484	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/28 17:35:19.0531	AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/28 17:35:19.0734	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/28 17:35:19.0796	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/28 17:35:19.0859	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2010/10/28 17:35:19.0906	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/28 17:35:19.0937	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/28 17:35:20.0000	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2010/10/28 17:35:20.0078	avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/10/28 17:35:20.0109	avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/10/28 17:35:20.0187	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/28 17:35:20.0218	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/28 17:35:20.0265	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/28 17:35:20.0312	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/28 17:35:20.0359	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/28 17:35:20.0484	DgiVecp         (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
2010/10/28 17:35:20.0515	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/28 17:35:20.0562	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/28 17:35:20.0609	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/28 17:35:20.0640	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/28 17:35:20.0671	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/28 17:35:20.0703	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/28 17:35:20.0796	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/28 17:35:20.0828	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/28 17:35:20.0859	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/28 17:35:20.0890	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/28 17:35:20.0953	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/28 17:35:21.0000	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/28 17:35:21.0015	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/28 17:35:21.0062	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/28 17:35:21.0093	hamachi         (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/10/28 17:35:21.0140	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/28 17:35:21.0187	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/28 17:35:21.0250	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/28 17:35:21.0343	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/28 17:35:21.0406	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/28 17:35:21.0562	IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/28 17:35:21.0640	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/28 17:35:21.0687	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/28 17:35:21.0703	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/28 17:35:21.0734	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/28 17:35:21.0750	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/28 17:35:21.0781	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/28 17:35:21.0843	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/28 17:35:21.0875	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/28 17:35:21.0921	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/28 17:35:21.0937	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/28 17:35:21.0968	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/28 17:35:22.0000	L8042Kbd        (5a11400ea1f0a106fe7edb28c270f7b8) C:\WINDOWS\system32\Drivers\L8042Kbd.sys
2010/10/28 17:35:22.0031	L8042mou        (20c919b52897b72ebcb2ad2fc29d8ef0) C:\WINDOWS\system32\Drivers\L8042mou.sys
2010/10/28 17:35:22.0093	LHidKe          (31b582394da3290dff300f10952e9a4d) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
2010/10/28 17:35:22.0140	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2010/10/28 17:35:22.0171	LMouKE          (90a794d0a0bf3531c4ba1c0510449629) C:\WINDOWS\system32\Drivers\LMouKE.sys
2010/10/28 17:35:22.0218	MBAMProtector   (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
2010/10/28 17:35:22.0281	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/28 17:35:22.0312	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/28 17:35:22.0375	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/28 17:35:22.0390	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/28 17:35:22.0421	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/28 17:35:22.0468	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/28 17:35:22.0515	MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/28 17:35:22.0531	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/28 17:35:22.0578	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/28 17:35:22.0625	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/28 17:35:22.0640	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/28 17:35:22.0671	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/28 17:35:22.0687	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/28 17:35:22.0718	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/28 17:35:22.0750	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/28 17:35:22.0781	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/28 17:35:22.0796	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/28 17:35:22.0812	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/28 17:35:22.0828	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/28 17:35:22.0843	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/28 17:35:22.0937	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/28 17:35:22.0968	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/28 17:35:23.0015	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/28 17:35:23.0203	nv              (8c0456001b6900114bbb1c548bd8aaf5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/28 17:35:23.0375	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/28 17:35:23.0375	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/28 17:35:23.0421	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2010/10/28 17:35:23.0468	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/28 17:35:23.0515	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/28 17:35:23.0546	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/28 17:35:23.0578	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/28 17:35:23.0625	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/28 17:35:23.0765	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/28 17:35:23.0781	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/28 17:35:23.0796	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/28 17:35:23.0828	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/28 17:35:23.0953	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/28 17:35:24.0000	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/28 17:35:24.0015	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/28 17:35:24.0062	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/28 17:35:24.0093	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/28 17:35:24.0125	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/28 17:35:24.0156	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/28 17:35:24.0187	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/28 17:35:24.0218	RTLE8023xp      (36ada62330c31ad314e4a26b815fc485) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/10/28 17:35:24.0265	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/28 17:35:24.0312	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/28 17:35:24.0343	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/28 17:35:24.0390	sfdrv01         (b659e4af7534e3516ddc0b820db8f910) C:\WINDOWS\system32\drivers\sfdrv01.sys
2010/10/28 17:35:24.0406	sfhlp02         (64b9ab76f1b16eb059cb6cdd906c067a) C:\WINDOWS\system32\drivers\sfhlp02.sys
2010/10/28 17:35:24.0437	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/28 17:35:24.0484	sfsync02        (3fcb3fe43737b0ef6fe759fc0b886a69) C:\WINDOWS\system32\drivers\sfsync02.sys
2010/10/28 17:35:24.0531	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/28 17:35:24.0578	sptd            (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2010/10/28 17:35:24.0578	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/10/28 17:35:24.0593	sptd - detected Locked file (1)
2010/10/28 17:35:24.0609	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/28 17:35:24.0640	Srv             (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/28 17:35:24.0687	ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/10/28 17:35:24.0734	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/28 17:35:24.0750	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/28 17:35:24.0812	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/28 17:35:24.0859	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/28 17:35:24.0906	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/28 17:35:24.0921	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/28 17:35:24.0953	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/28 17:35:25.0078	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
2010/10/28 17:35:25.0171	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/28 17:35:25.0203	UnlockerDriver5 (d0cb75386d9e89c864d808d64ec9160f) C:\Programme\Unlocker\UnlockerDriver5.sys
2010/10/28 17:35:25.0250	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/28 17:35:25.0296	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/28 17:35:25.0312	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/28 17:35:25.0328	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/28 17:35:25.0359	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/28 17:35:25.0375	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/28 17:35:25.0421	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/28 17:35:25.0468	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/28 17:35:25.0500	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/28 17:35:25.0546	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/28 17:35:25.0625	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/10/28 17:35:25.0656	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/28 17:35:25.0703	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/28 17:35:25.0843	================================================================================
2010/10/28 17:35:25.0843	Scan finished
2010/10/28 17:35:25.0843	================================================================================
2010/10/28 17:35:25.0859	Detected object count: 1
2010/10/28 17:35:33.0406	Locked file(sptd) - User select action: Skip
         
__________________

Alt 28.10.2010, 16:36   #4
brbsmoky
 
Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! - Standard

Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!



Hallo,
habe alles abgearbeitet.
So wie ich das sehe, scheint alles in Ordnung zu sein??
Egal, ihr seid die Experten:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.10.2010 17:32:39 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = d:\Dokumente und Einstellungen\Konstantin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,12 Gb Total Space | 12,55 Gb Free Space | 16,06% Space Free | Partition Type: NTFS
Drive D: | 154,76 Gb Total Space | 144,46 Gb Free Space | 93,35% Space Free | Partition Type: NTFS
 
Computer Name: SCARTO | User Name: Konstantin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - d:\Dokumente und Einstellungen\Konstantin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE (Logitech Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - d:\Dokumente und Einstellungen\Konstantin\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Temp\IadHide5.dll (BackWeb)
MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva248) -- C:\WINDOWS\System32\XDva248.sys File not found
DRV - (SSPORT) -- C:\WINDOWS\System32\Drivers\SSPORT.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042MOU.SYS (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS (Logitech, Inc.)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.schuelervz.net/Start/tid/101"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.21 11:10:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.21 11:10:37 | 000,000,000 | ---D | M]
 
[2008.10.14 13:18:37 | 000,000,000 | ---D | M] -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Extensions
[2010.10.27 16:25:30 | 000,000,000 | ---D | M] -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions
[2010.05.07 14:35:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.26 13:44:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.05.03 10:53:55 | 000,000,000 | ---D | M] (Media Converter) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2010.08.19 16:06:03 | 000,000,000 | ---D | M] (Adblock Plus) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.21 13:56:24 | 000,000,000 | ---D | M] (Greasemonkey) -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Mozilla\Firefox\Profiles\2b0qd446.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.27 16:25:30 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.10.11 10:39:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.09.17 19:09:09 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.17 19:09:09 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.17 19:09:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.17 19:09:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.17 19:09:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.03.30 09:58:51 | 000,381,108 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 13126 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - Startup: d:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: d:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Als HTML speichern - C:\Programme\SmarThru Office\WEBCapture.dll1.htm ()
O8 - Extra context menu item: Auswahl erfassen - C:\Programme\SmarThru Office\WEBCapture.dll2.htm ()
O8 - Extra context menu item: Capture Selection - C:\Programme\SmarThru Office\WEBCapture.dll2.htm ()
O8 - Extra context menu item: Markierten Text speichern - C:\Programme\SmarThru Office\WEBCapture.dll.htm ()
O8 - Extra context menu item: Save as HTML - C:\Programme\SmarThru Office\WEBCapture.dll1.htm ()
O8 - Extra context menu item: Save Selected Text - C:\Programme\SmarThru Office\WEBCapture.dll.htm ()
O8 - Extra context menu item: Web Capture - C:\Programme\SmarThru Office\WebCapture.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281355840328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\bw+0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw+0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0 {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0s {b2322029-1f2d-457e-93fa-761a43a120c7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {B2322029-1F2D-457E-93FA-761A43A120C7} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.13 15:56:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0ddad734-1ed4-11df-bab2-0019dbcc4e28}\Shell - "" = AutoRun
O33 - MountPoints2\{0ddad734-1ed4-11df-bab2-0019dbcc4e28}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.28 17:31:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- d:\Dokumente und Einstellungen\Konstantin\Desktop\OTL.exe
[2010.10.27 17:18:59 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\Konstantin\Desktop\Neuer Ordner
[2010.10.26 18:02:42 | 000,000,000 | RH-D | C] -- d:\Dokumente und Einstellungen\Konstantin\Recent
[2010.10.21 11:10:49 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\Konstantin\Desktop\Sonstiges
[2010.10.15 10:36:42 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010.10.15 10:36:42 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010.10.15 10:36:42 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010.10.15 10:36:32 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010.10.11 10:44:24 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\skypePM
[2010.10.11 10:39:51 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\Konstantin\Anwendungsdaten\Skype
[2010.10.11 10:39:24 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.10.11 10:39:24 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2010.10.11 10:39:18 | 000,000,000 | ---D | C] -- d:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.28 17:33:41 | 001,207,026 | ---- | M] () -- d:\Dokumente und Einstellungen\Konstantin\Desktop\tdsskiller.zip
[2010.10.28 17:31:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- d:\Dokumente und Einstellungen\Konstantin\Desktop\OTL.exe
[2010.10.28 17:26:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.28 15:52:29 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2010.10.27 16:54:36 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010.10.22 11:48:00 | 000,000,107 | ---- | M] () -- d:\Dokumente und Einstellungen\Konstantin\default.pls
[2010.10.22 11:47:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.19 14:24:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.15 20:17:03 | 000,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.11 10:44:24 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.10.08 12:02:46 | 000,458,476 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.10.08 12:02:46 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.08 12:02:46 | 000,084,512 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.10.08 12:02:46 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.28 17:33:26 | 001,207,026 | ---- | C] () -- d:\Dokumente und Einstellungen\Konstantin\Desktop\tdsskiller.zip
[2010.10.11 10:44:24 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.03.21 18:29:34 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010.03.21 18:29:33 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.10.03 14:49:23 | 000,007,168 | ---- | C] () -- d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.13 16:56:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009.04.09 13:59:47 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.01.01 15:23:33 | 000,000,143 | ---- | C] () -- d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.12.25 13:53:59 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2008.10.24 15:42:00 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\STOFaxPort.dll
[2008.10.22 16:59:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.10.15 10:50:40 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.10.14 11:44:58 | 000,000,116 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2008.10.14 11:44:56 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008.10.14 11:44:12 | 000,950,585 | ---- | C] () -- C:\WINDOWS\System32\libiconv-2.dll
[2008.10.14 11:42:39 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2008.10.14 11:42:39 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sss1ml3.dll
[2008.10.14 11:40:40 | 000,265,216 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2008.10.14 11:40:40 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2008.10.14 11:40:40 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\Ssuiext.dll
[2008.10.14 11:40:40 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2008.10.14 11:40:40 | 000,087,040 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2008.10.14 11:36:46 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008.10.14 11:28:55 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.10.13 16:49:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.10.13 16:00:11 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.12.05 01:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.12.05 01:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.12.05 01:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.12.05 01:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.12.05 01:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2002.08.29 14:00:00 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\AIO-Auswahl.ini

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.10.2010 17:32:39 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = d:\Dokumente und Einstellungen\Konstantin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,12 Gb Total Space | 12,55 Gb Free Space | 16,06% Space Free | Partition Type: NTFS
Drive D: | 154,76 Gb Total Space | 144,46 Gb Free Space | 93,35% Space Free | Partition Type: NTFS
 
Computer Name: SCARTO | User Name: Konstantin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech)
"E:\NeroExpress\Installation\Setupx.exe" = E:\NeroExpress\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Programme\THQ\Titan Quest Immortal Throne\Tqit.exe" = C:\Programme\THQ\Titan Quest Immortal Throne\Tqit.exe:*:Enabled:Tqit -- ()
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics)
"C:\WINDOWS\twain_32\Samsung\SCX4x24\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\SCX4x24\Scan2Pc.exe:*:Enabled:ScanToPC -- ()
"C:\WINDOWS\twain_32\Samsung\SCX4x24\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\SCX4x24\Sscan2io.exe:*:Enabled:SScanToIO -- ()
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Sony\Station\Launchpad\LaunchPad.exe" = C:\Programme\Sony\Station\Launchpad\LaunchPad.exe:*:Enabled:LaunchPad -- ()
"C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe" = C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ( )
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\LucasArts\Star Wars Battlefront\GameData\battlefront.exe" = C:\Programme\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:*:Enabled:Star Wars(TM): Battlefront(TM) -- ()
"C:\Programme\Steam\SteamApps\playa_da_pitbull\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\playa_da_pitbull\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe" = C:\Programme\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:*:Enabled:SWRepublicCommando -- ()
"C:\Programme\Wacraft III\Warcraft 3\war3.exe" = C:\Programme\Wacraft III\Warcraft 3\war3.exe:*:Enabled:Warcraft III -- (BoR0)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Programme\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)
"C:\Programme\Cyanide\GameCenter\GameCenter.exe" = C:\Programme\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter -- (Cyanide)
"C:\Programme\Cyanide\Loki\Loki.exe" = C:\Programme\Cyanide\Loki\Loki.exe:*:Enabled:Loki -- (Cyanide)
"C:\Programme\Cyanide\Loki\Autorun\AutoRun.exe" = C:\Programme\Cyanide\Loki\Autorun\AutoRun.exe:*:Enabled:Loki - AutoRun -- (Cyanide)
"C:\Programme\Steam\SteamApps\zuck0r\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\zuck0r\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Steam\SteamApps\anti_egoshooter_gamer\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\anti_egoshooter_gamer\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Steam\SteamApps\brb_smoky\team fortress 2\hl2.exe" = C:\Programme\Steam\SteamApps\brb_smoky\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\THQ\Titan Quest\Titan Quest.exe" = C:\Programme\THQ\Titan Quest\Titan Quest.exe:*:Enabled:Titan Quest -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A4D15AE-98E5-499A-BB31-79CCA153A84A}_is1" = RAFOO - Unterwasserwelt & Fische
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BAA9BA8-0761-42EF-842A-23FAA5321031}" = Nero 7 Essentials
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{913D0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BC1E722-AE07-46A3-B7A6-556DBE18E22A}" = SmarThru Office
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software  1.12.29.2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeFlashFiles" = Adobe Flash Player
"Arktwend - Das vergessene Reich_is1" = ArktwendUninstaller
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DXAddon" = DirectX 9.0c Zusatzdateien
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Finale NotePad 2008" = Finale NotePad 2008
"GameCenter" = GameCenter
"HijackThis" = HijackThis 2.0.2
"ie7" = Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LogMeIn Hamachi" = LogMeIn Hamachi
"Loki" = Loki
"Loki_is1" = Loki
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Nehrim - Am Rande des Schicksals_is1" = NehrimUninstaller
"NVIDIA Drivers" = NVIDIA Drivers
"Runtimes" = Allgemeine Runtime Dateien
"Samsung SCX-4x24 Series" = Samsung SCX-4x24 Series
"SmarThru Office PC Fax" = SmarThru Office PC Fax
"Steam App 440" = Team Fortress 2
"TQVault_is1" = TQVault 2.11
"TuneUp Utilities" = TuneUp Utilities
"Unlocker" = Unlocker 1.8.9
"WinRAR archiver" = WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.08.2010 12:01:43 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung oblivion.exe, Version 1.2.0.416, fehlgeschlagenes
 Modul oblivion.exe, Version 1.2.0.416, Fehleradresse 0x00021390.
 
Error - 27.08.2010 14:20:32 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung assassinscreed_dx9.exe, Version 1.0.2.1,
 fehlgeschlagenes Modul assassinscreed_dx9.exe, Version 1.0.2.1, Fehleradresse 0x0042df49.
 
Error - 28.08.2010 08:31:47 | Computer Name = SCARTO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung ICQ.exe, Version 6.5.0.2024, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 29.08.2010 09:04:54 | Computer Name = SCARTO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung game.dat, Version 1.0.2194.40862, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.09.2010 09:02:59 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung icq.exe, Version 6.5.0.2024, fehlgeschlagenes
 Modul jscript.dll, Version 5.8.6001.22960, Fehleradresse 0x0001ede0.
 
Error - 16.10.2010 10:19:21 | Computer Name = SCARTO | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.
 
Error - 22.10.2010 04:32:34 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung swrepubliccommando.exe, Version 0.0.0.0,
 fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x6c707544.
 
Error - 22.10.2010 04:35:11 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung swrepubliccommando.exe, Version 0.0.0.0,
 fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x6c707544.
 
Error - 27.10.2010 10:39:15 | Computer Name = SCARTO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Stronghold Crusader.exe, Version 1.0.0.1, 
Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 27.10.2010 11:57:05 | Computer Name = SCARTO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung icq.exe, Version 6.5.0.2024, fehlgeschlagenes
 Modul mshtml.dll, Version 8.0.6001.18975, Fehleradresse 0x000da3af.
 
[ System Events ]
Error - 28.10.2010 08:02:59 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
 
Error - 28.10.2010 08:02:59 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
 
Error - 28.10.2010 08:03:03 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
 
Error - 28.10.2010 08:03:04 | Computer Name = SCARTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 28.10.2010 08:03:04 | Computer Name = SCARTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 28.10.2010 11:26:50 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
 
Error - 28.10.2010 11:26:51 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
 
Error - 28.10.2010 11:26:53 | Computer Name = SCARTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 28.10.2010 11:26:53 | Computer Name = SCARTO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 28.10.2010 11:26:57 | Computer Name = SCARTO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
 
 
< End of report >
         
--- --- ---


Code:
ATTFilter
2010/10/28 17:35:07.0500	TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/28 17:35:07.0500	================================================================================
2010/10/28 17:35:07.0500	SystemInfo:
2010/10/28 17:35:07.0500	
2010/10/28 17:35:07.0500	OS Version: 5.1.2600 ServicePack: 3.0
2010/10/28 17:35:07.0500	Product type: Workstation
2010/10/28 17:35:07.0500	ComputerName: SCARTO
2010/10/28 17:35:07.0500	UserName: Konstantin
2010/10/28 17:35:07.0500	Windows directory: C:\WINDOWS
2010/10/28 17:35:07.0500	System windows directory: C:\WINDOWS
2010/10/28 17:35:07.0500	Processor architecture: Intel x86
2010/10/28 17:35:07.0500	Number of processors: 2
2010/10/28 17:35:07.0500	Page size: 0x1000
2010/10/28 17:35:07.0500	Boot type: Normal boot
2010/10/28 17:35:07.0500	================================================================================
2010/10/28 17:35:07.0828	Initialize success
2010/10/28 17:35:19.0062	================================================================================
2010/10/28 17:35:19.0062	Scan started
2010/10/28 17:35:19.0062	Mode: Manual; 
2010/10/28 17:35:19.0062	================================================================================
2010/10/28 17:35:19.0390	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/28 17:35:19.0421	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/28 17:35:19.0484	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/28 17:35:19.0531	AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/28 17:35:19.0734	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/28 17:35:19.0796	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/28 17:35:19.0859	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2010/10/28 17:35:19.0906	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/28 17:35:19.0937	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/28 17:35:20.0000	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2010/10/28 17:35:20.0078	avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/10/28 17:35:20.0109	avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/10/28 17:35:20.0187	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/28 17:35:20.0218	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/28 17:35:20.0265	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/28 17:35:20.0312	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/28 17:35:20.0359	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/28 17:35:20.0484	DgiVecp         (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
2010/10/28 17:35:20.0515	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/28 17:35:20.0562	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/28 17:35:20.0609	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/28 17:35:20.0640	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/28 17:35:20.0671	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/28 17:35:20.0703	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/28 17:35:20.0796	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/28 17:35:20.0828	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/28 17:35:20.0859	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/28 17:35:20.0890	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/28 17:35:20.0953	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/28 17:35:21.0000	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/28 17:35:21.0015	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/28 17:35:21.0062	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/28 17:35:21.0093	hamachi         (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/10/28 17:35:21.0140	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/28 17:35:21.0187	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/28 17:35:21.0250	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/28 17:35:21.0343	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/28 17:35:21.0406	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/28 17:35:21.0562	IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/28 17:35:21.0640	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/28 17:35:21.0687	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/28 17:35:21.0703	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/28 17:35:21.0734	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/28 17:35:21.0750	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/28 17:35:21.0781	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/28 17:35:21.0843	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/28 17:35:21.0875	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/28 17:35:21.0921	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/28 17:35:21.0937	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/28 17:35:21.0968	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/28 17:35:22.0000	L8042Kbd        (5a11400ea1f0a106fe7edb28c270f7b8) C:\WINDOWS\system32\Drivers\L8042Kbd.sys
2010/10/28 17:35:22.0031	L8042mou        (20c919b52897b72ebcb2ad2fc29d8ef0) C:\WINDOWS\system32\Drivers\L8042mou.sys
2010/10/28 17:35:22.0093	LHidKe          (31b582394da3290dff300f10952e9a4d) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
2010/10/28 17:35:22.0140	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2010/10/28 17:35:22.0171	LMouKE          (90a794d0a0bf3531c4ba1c0510449629) C:\WINDOWS\system32\Drivers\LMouKE.sys
2010/10/28 17:35:22.0218	MBAMProtector   (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
2010/10/28 17:35:22.0281	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/28 17:35:22.0312	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/28 17:35:22.0375	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/28 17:35:22.0390	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/28 17:35:22.0421	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/28 17:35:22.0468	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/28 17:35:22.0515	MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/28 17:35:22.0531	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/28 17:35:22.0578	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/28 17:35:22.0625	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/28 17:35:22.0640	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/28 17:35:22.0671	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/28 17:35:22.0687	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/28 17:35:22.0718	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/28 17:35:22.0750	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/28 17:35:22.0781	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/28 17:35:22.0796	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/28 17:35:22.0812	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/28 17:35:22.0828	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/28 17:35:22.0843	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/28 17:35:22.0937	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/28 17:35:22.0968	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/28 17:35:23.0015	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/28 17:35:23.0203	nv              (8c0456001b6900114bbb1c548bd8aaf5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/28 17:35:23.0375	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/28 17:35:23.0375	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/28 17:35:23.0421	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2010/10/28 17:35:23.0468	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/28 17:35:23.0515	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/28 17:35:23.0546	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/28 17:35:23.0578	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/28 17:35:23.0625	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/28 17:35:23.0765	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/28 17:35:23.0781	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/28 17:35:23.0796	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/28 17:35:23.0828	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/28 17:35:23.0953	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/28 17:35:24.0000	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/28 17:35:24.0015	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/28 17:35:24.0062	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/28 17:35:24.0093	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/28 17:35:24.0125	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/28 17:35:24.0156	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/28 17:35:24.0187	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/28 17:35:24.0218	RTLE8023xp      (36ada62330c31ad314e4a26b815fc485) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/10/28 17:35:24.0265	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/28 17:35:24.0312	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/28 17:35:24.0343	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/28 17:35:24.0390	sfdrv01         (b659e4af7534e3516ddc0b820db8f910) C:\WINDOWS\system32\drivers\sfdrv01.sys
2010/10/28 17:35:24.0406	sfhlp02         (64b9ab76f1b16eb059cb6cdd906c067a) C:\WINDOWS\system32\drivers\sfhlp02.sys
2010/10/28 17:35:24.0437	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/28 17:35:24.0484	sfsync02        (3fcb3fe43737b0ef6fe759fc0b886a69) C:\WINDOWS\system32\drivers\sfsync02.sys
2010/10/28 17:35:24.0531	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/28 17:35:24.0578	sptd            (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2010/10/28 17:35:24.0578	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/10/28 17:35:24.0593	sptd - detected Locked file (1)
2010/10/28 17:35:24.0609	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/28 17:35:24.0640	Srv             (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/28 17:35:24.0687	ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/10/28 17:35:24.0734	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/28 17:35:24.0750	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/28 17:35:24.0812	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/28 17:35:24.0859	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/28 17:35:24.0906	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/28 17:35:24.0921	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/28 17:35:24.0953	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/28 17:35:25.0078	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
2010/10/28 17:35:25.0171	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/28 17:35:25.0203	UnlockerDriver5 (d0cb75386d9e89c864d808d64ec9160f) C:\Programme\Unlocker\UnlockerDriver5.sys
2010/10/28 17:35:25.0250	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/28 17:35:25.0296	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/28 17:35:25.0312	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/28 17:35:25.0328	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/28 17:35:25.0359	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/28 17:35:25.0375	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/28 17:35:25.0421	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/28 17:35:25.0468	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/28 17:35:25.0500	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/28 17:35:25.0546	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/28 17:35:25.0625	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/10/28 17:35:25.0656	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/28 17:35:25.0703	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/28 17:35:25.0843	================================================================================
2010/10/28 17:35:25.0843	Scan finished
2010/10/28 17:35:25.0843	================================================================================
2010/10/28 17:35:25.0859	Detected object count: 1
2010/10/28 17:35:33.0406	Locked file(sptd) - User select action: Skip
         

Alt 29.10.2010, 06:49   #5
Chris4You
 
Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! - Standard

Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!



Hi,

ja sieht soweit gut aus...


Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
d:\Dokumente und Einstellungen\Konstantin\Lokale Einstellungen\Temp\IadHide5.dlls
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren!

chris

__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 29.10.2010, 15:12   #6
brbsmoky
 
Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! - Standard

Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!



Code:
ATTFilter
File name:
IadHide5.dll
Submission date:
2010-10-29 14:10:09 (UTC)
Current status:
queued (#5) queued (#6) analysing finished
Result:
0/ 43 (0.0%)
	
VT Community

not reviewed
 Safety score: - 
Compact
Print results
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2010.10.29.00	2010.10.28	-
AntiVir	7.10.13.71	2010.10.29	-
Antiy-AVL	2.0.3.7	2010.10.29	-
Authentium	5.2.0.5	2010.10.29	-
Avast	4.8.1351.0	2010.10.29	-
Avast5	5.0.594.0	2010.10.29	-
AVG	9.0.0.851	2010.10.28	-
BitDefender	7.2	2010.10.29	-
CAT-QuickHeal	11.00	2010.10.26	-
ClamAV	0.96.2.0-git	2010.10.29	-
Comodo	6550	2010.10.29	-
DrWeb	5.0.2.03300	2010.10.29	-
Emsisoft	5.0.0.50	2010.10.29	-
eSafe	7.0.17.0	2010.10.28	-
eTrust-Vet	36.1.7942	2010.10.29	-
F-Prot	4.6.2.117	2010.10.29	-
F-Secure	9.0.16160.0	2010.10.29	-
Fortinet	4.2.249.0	2010.10.29	-
GData	21	2010.10.29	-
Ikarus	T3.1.1.90.0	2010.10.29	-
Jiangmin	13.0.900	2010.10.29	-
K7AntiVirus	9.67.2856	2010.10.28	-
Kaspersky	7.0.0.125	2010.10.29	-
McAfee	5.400.0.1158	2010.10.29	-
McAfee-GW-Edition	2010.1C	2010.10.29	-
Microsoft	1.6301	2010.10.29	-
NOD32	5575	2010.10.29	-
Norman	6.06.10	2010.10.29	-
nProtect	2010-10-29.01	2010.10.29	-
Panda	10.0.2.7	2010.10.29	-
PCTools	7.0.3.5	2010.10.29	-
Prevx	3.0	2010.10.29	-
Rising	22.71.03.02	2010.10.29	-
Sophos	4.59.0	2010.10.29	-
Sunbelt	7164	2010.10.29	-
SUPERAntiSpyware	4.40.0.1006	2010.10.29	-
Symantec	20101.2.0.161	2010.10.29	-
TheHacker	6.7.0.1.073	2010.10.29	-
TrendMicro	9.120.0.1004	2010.10.28	-
TrendMicro-HouseCall	9.120.0.1004	2010.10.29	-
VBA32	3.12.14.1	2010.10.29	-
ViRobot	2010.10.25.4110	2010.10.29	-
VirusBuster	12.70.11.0	2010.10.29	-
Additional information
Show all
MD5   : 65675bf408b12fdd5e73f0996f149778
SHA1  : 92f13914917013ea5ec0b3545d432c8ccc59e575
SHA256: f0660de91ac7819deecc447b8698c5d7986ac8c4617b2001cddac22ca441b5ef
ssdeep: 96:7jNTtLhG0iQHnEM8G/kkQdVXn/cyZvrYrw9Si11At1jjv9Kn0R1k8TcAedeK5OOC:5ZhGrQV
8v9MkQi01jD9u0zk85wpFERrF
File size : 24613 bytes
First seen: 2009-02-14 13:54:08
Last seen : 2010-10-29 14:10:09
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: BackWeb
copyright....: (c) 2004 BackWeb Technologies Ltd. All rights reserved.
product......: BackWeb IAdHide
description..: IAdHide
original name: IAdHide.dll
internal name: IAdHide
file version.: Version 7.2.0 (Build 137R)
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x10FB
timedatestamp....: 0x416BE197 (Tue Oct 12 13:52:23 2004)
machinetype......: 0x14c (I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xBFC, 0x1000, 5.04, e58c50102fa32eca5c8d9d7ea711a5a1
.rdata, 0x2000, 0x530, 0x1000, 2.14, ff364a21a06b78e9018c3b8e440368fe
.data, 0x3000, 0x384, 0x1000, 0.72, e632f31c43d3fce218fde96560e3e331
.rsrc, 0x4000, 0x4A8, 0x1000, 1.18, 08d8954c2bcbf7da6a8e417bbaa016af
.reloc, 0x5000, 0x1FC, 0x1000, 1.08, 6639423accdb1a8e26808083640710e3

[[ 3 import(s) ]]
KERNEL32.dll: GetCommandLineA, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, lstrcpynA, lstrlenA, DisableThreadLibraryCalls, CloseHandle, lstrcmpiA, GetTickCount, CreateEventA, GetModuleFileNameA, WaitForSingleObject, GlobalAddAtomA, GetCurrentProcessId, GlobalDeleteAtom, OpenEventA, GetLastError, SetEvent
USER32.dll: CallNextHookEx, UnhookWindowsHookEx, LoadStringA, SetWindowsHookExA, IsWindow, RegisterWindowMessageA, PostMessageA, wsprintfA
ADVAPI32.dll: SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegCloseKey, RegQueryValueExA, RegOpenKeyExA

[[ 10 export(s) ]]
GetLastEventTime, GetNKeys, SetEventNow, StartTrapping, StopTrapping, VerifyTrapping, _MyCBTProc@12, _MyKeyboardProc@12, _MyMouseProc@12, __DllMainCRTStartup@12
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 4096
Comments:
CompanyName: BackWeb
EntryPoint: 0x10fb
FileDescription: IAdHide
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 24 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: Version 7.2.0 (Build 137R)
FileVersionNumber: 7.2.0.137
ImageVersion: 0.0
InitializedDataSize: 16384
InternalName: IAdHide
LanguageCode: English (U.S.)
LegalCopyright: 2004 BackWeb Technologies Ltd. All rights reserved.
LegalTrademarks:
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Dynamic link library
OriginalFilename: IAdHide.dll
PEType: PE32
PrivateBuild: 5
ProductName: BackWeb IAdHide
ProductVersion: Version 7.2.0 (Build 137R)
ProductVersionNumber: 7.2.0.137
SpecialBuild:
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2004:10:12 15:52:23+02:00
UninitializedDataSize: 0

VT Community

0

    This file has never been reviewed by any VT Community member. Be the first one to comment on it!
         

Alt 29.10.2010, 15:16   #7
brbsmoky
 
Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! - Standard

Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!



Der GMER-Scan folgt, sobald er fertig ist.

Kann es vielleicht einfach sein,
dass der Virus/Trojaner/whatever einfach schon erfolgreich entfernt wurde,
aber irreparable Schäden am System zurückgelassen hat,
unter denen mein Freund jetzt zu leiden hat?


Ich habe keine Ahnung, ob sowas tatsächlich sein kann,
also bitte nicht lachen, sollte das eine doofe Frage sein.

Alt 29.10.2010, 18:58   #8
brbsmoky
 
Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! - Standard

Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!



GMER-Scan:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-10-29 19:58:40
Windows 5.1.2600 Service Pack 3
Running: 63udnswk.exe; Driver: d:\DOKUME~1\KONSTA~1\LOKALE~1\Temp\kwtdypob.sys


---- System - GMER 1.0.15 ----

SSDT      BA6F569E                                                                                                             ZwCreateKey
SSDT      BA6F5694                                                                                                             ZwCreateThread
SSDT      BA6F56A3                                                                                                             ZwDeleteKey
SSDT      BA6F56AD                                                                                                             ZwDeleteValueKey
SSDT      spzc.sys                                                                                                             ZwEnumerateKey [0xB9EC6CA2]
SSDT      spzc.sys                                                                                                             ZwEnumerateValueKey [0xB9EC7030]
SSDT      BA6F56B2                                                                                                             ZwLoadKey
SSDT      spzc.sys                                                                                                             ZwOpenKey [0xB9EA80C0]
SSDT      BA6F5680                                                                                                             ZwOpenProcess
SSDT      BA6F5685                                                                                                             ZwOpenThread
SSDT      spzc.sys                                                                                                             ZwQueryKey [0xB9EC7108]
SSDT      spzc.sys                                                                                                             ZwQueryValueKey [0xB9EC6F88]
SSDT      BA6F56BC                                                                                                             ZwReplaceKey
SSDT      BA6F56B7                                                                                                             ZwRestoreKey
SSDT      BA6F56A8                                                                                                             ZwSetValueKey
SSDT      BA6F568F                                                                                                             ZwTerminateProcess

INT 0x73  ?                                                                                                                    89BE0BF8
INT 0x83  ?                                                                                                                    89D5EBF8
INT 0xB4  ?                                                                                                                    89BE0BF8

---- Kernel code sections - GMER 1.0.15 ----

?         spzc.sys                                                                                                             Das System kann die angegebene Datei nicht finden. !
.text     USBPORT.SYS!DllUnload                                                                                                B9C838AC 5 Bytes  JMP 89BE01D8 
.text     C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                             section is writeable [0xB94EF380, 0x346307, 0xE8000020]
.text     awc4lqra.SYS                                                                                                         B94A5386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text     awc4lqra.SYS                                                                                                         B94A53AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text     awc4lqra.SYS                                                                                                         B94A53C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}
.text     awc4lqra.SYS                                                                                                         B94A53C9 1 Byte  [2E]
.text     awc4lqra.SYS                                                                                                         B94A53C9 11 Bytes  [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text     ...                                                                                                                  
.text     C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                               section is writeable [0xB6136300, 0x3B6D8, 0xE8000020]
.text     C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                               section is writeable [0xBA440300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text     C:\Programme\Mozilla Firefox\firefox.exe[2940] ntdll.dll!LdrLoadDll                                                  7C9263C3 5 Bytes  JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT       atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                   [B9EA9040] spzc.sys
IAT       atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                           [B9EA913C] spzc.sys
IAT       atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [B9EA90BE] spzc.sys
IAT       atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [B9EA97FC] spzc.sys
IAT       atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [B9EA96D2] spzc.sys
IAT       \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!KfAcquireSpinLock]                                                 4B8BDF8B
IAT       \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!READ_PORT_UCHAR]                                                   8D3F0304
IAT       \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!KeGetCurrentIrql]                                                  CB033043
IAT       \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!KfRaiseIrql]                                                       0673C13B
IAT       \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!KfLowerIrql]                                                       C13B0003
IAT       \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!HalGetInterruptVector]                                             8366FA72
IAT       \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!HalTranslateBusAddress]                                            75000E7B
IAT       \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!KeStallExecutionProcessor]                                         0B7D80E3
IAT       \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!KfReleaseSpinLock]                                                 307B8D00
IAT       \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                           00AA840F
IAT       \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!READ_PORT_USHORT]                                                  83660000
IAT       \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                          6A000E7A
IAT       \SystemRoot\System32\Drivers\awc4lqra.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                  C6647400
IAT       \SystemRoot\System32\Drivers\awc4lqra.SYS[WMILIB.SYS!WmiSystemControl]                                               4F8B0200
IAT       \SystemRoot\System32\Drivers\awc4lqra.SYS[WMILIB.SYS!WmiCompleteRequest]                                             968D5140

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                               89D5D1F8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{0C310733-63A5-4C93-B3F6-385CB8BC0E34}                                             8906B1F8
Device    \Driver\usbohci \Device\USBPDO-0                                                                                     89BCF1F8
Device    \Driver\usbehci \Device\USBPDO-1                                                                                     89C161F8
Device    \Driver\PCI_PNP1808 \Device\00000046                                                                                 spzc.sys
Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                               89DCF1F8
Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                               89DCF1F8
Device    \Driver\Cdrom \Device\CdRom0                                                                                         89BAB1F8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{B440808F-AC5F-4812-A82C-3583BA15074A}                                             8906B1F8
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                   [B9E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device    \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5                                                                          [B9E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5                                                                          sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                   [B9E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device    \Driver\atapi \Device\Ide\IdePort2                                                                                   [B9E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort2                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device    \Driver\atapi \Device\Ide\IdePort3                                                                                   [B9E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort3                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device    \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10                                                                         [B9E21B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10                                                                         sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device    \Driver\Cdrom \Device\CdRom1                                                                                         89BAB1F8
Device    \Driver\sptd \Device\71706808                                                                                        spzc.sys
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                              8906B1F8
Device    \Driver\NetBT \Device\NetbiosSmb                                                                                     8906B1F8
Device    \Driver\usbohci \Device\USBFDO-0                                                                                     89BCF1F8
Device    \Driver\usbehci \Device\USBFDO-1                                                                                     89C161F8
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    890681F8
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          890681F8
Device    \Driver\Ftdisk \Device\FtControl                                                                                     89DCF1F8
Device    \Driver\awc4lqra \Device\Scsi\awc4lqra1                                                                              89B251F8
Device    \Driver\awc4lqra \Device\Scsi\awc4lqra1                                                                              sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device    \Driver\awc4lqra \Device\Scsi\awc4lqra1Port4Path0Target0Lun0                                                         89B251F8
Device    \Driver\awc4lqra \Device\Scsi\awc4lqra1Port4Path0Target0Lun0                                                         sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device    \FileSystem\Cdfs \Cdfs                                                                                               8993C500

---- Registry - GMER 1.0.15 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   1
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0x05 0x46 0x41 0x62 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x54 0x47 0x51 0x4A ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x50 0x7B 0x8B 0xFF ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                      
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0x55 0x9D 0x23 0xAD ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x05 0x46 0x41 0x62 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x54 0x47 0x51 0x4A ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x50 0x7B 0x8B 0xFF ...
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x55 0x9D 0x23 0xAD ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Alt 30.10.2010, 15:02   #9
Chris4You
 
Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! - Standard

Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!



Hi,

daemontools und starforce kopierschutztreiber, da müssen wir erstma den defogger laufen lassen, und dann nochmal gmer...

Defogger
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick. Vista User: Bitte mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert nun zum Neustart auf. Bestätige dies mit OK.
  • DeFogger erstellt nun ein Logfile auf dem Desktop (defogger_disable).
Poste bitte den Inhalt der Logfile in Deiner nächsten Antwort. Wenn wir die Bereinigung beendet haben, starte bitte defogger erneut und klicke den Re-enable Button.

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren!

Malware pfuscht schon mal am Rechner rum, so dass "bleibende" Schäden zurückbleiben, auch wenn sie komplett entfert wurde...

Daher probieren wir das hier:
System Reparieren:
Lade Dir "Advanced Windowscare Professional" von folgender Adresse:
Advanced SystemCare Free Download Review for Windows XP/Vista/7 | IObit
Installieren auf Deutsch, Yahoo-Toolbar etc. abwählen.
Erstelle einen Systemwiederherstellungspunkt
(Start->Programme->Zubehör->Systemprogramme->Systemwiederherstellung->einen Wiederherstellungspunkt erstellen->weiter, Beschreibung ausdenken->Erstellen) oder lasse ihn automatisch erstellen.
Lasse dann das gesamte System scannen und Bereinigen sowie
Immunisieren.
Damit werden einige Einträge wieder gerade gebogen, die von
Trojaneren/Viren verbogen worden sind...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 31.10.2010, 13:40   #10
brbsmoky
 
Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! - Standard

Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!



Hallo,
danke für deine Hilfe.
Mit Defogger ließ sich nur Daemon Tools, nicht aber Starforce deaktivieren..

GMER läuft zur Zeit noch.
Advances Windowscare Professional hat auch nicht die gewünschte Verbesserung gebracht.
Es hat zwar einige Sachen bereinigt, doch das Problem besteht weiterhin.

Also, nur, damit es nicht in Vergessenheit gerät, folgendes Problem besteht :P :

- etliche exe-Anwendungen, darunter TuneUp Utilities und viele Spiele lassen sich nicht starten, da angeblich nicht über die benötigten Rechte verfügt werden würden.
- bei Doppelklick auf das Antivir Icon erscheint: onDblclick() failed.


Danke

Alt 31.10.2010, 15:55   #11
brbsmoky
 
Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! - Standard

Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!



Hier der erneute GMER-Scan.
Sieht eigentlich genauso aus wie der alte, hat Defogger überhaupt etwas bewirkt?

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-10-31 16:54:13
Windows 5.1.2600 Service Pack 3
Running: q4wd42t0.exe; Driver: d:\DOKUME~1\KONSTA~1\LOKALE~1\Temp\kwtdypob.sys


---- System - GMER 1.0.15 ----

SSDT    BA7C89AE                                                                                                             ZwCreateKey
SSDT    BA7C89A4                                                                                                             ZwCreateThread
SSDT    BA7C89B3                                                                                                             ZwDeleteKey
SSDT    BA7C89BD                                                                                                             ZwDeleteValueKey
SSDT    BA7C89C2                                                                                                             ZwLoadKey
SSDT    BA7C8990                                                                                                             ZwOpenProcess
SSDT    BA7C8995                                                                                                             ZwOpenThread
SSDT    BA7C89CC                                                                                                             ZwReplaceKey
SSDT    BA7C89C7                                                                                                             ZwRestoreKey
SSDT    BA7C89B8                                                                                                             ZwSetValueKey
SSDT    BA7C899F                                                                                                             ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text   C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                             section is writeable [0xB90F3380, 0x346307, 0xE8000020]
.text   C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                               section is writeable [0xB5A46300, 0x3B6D8, 0xE8000020]
.text   C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                               section is writeable [0xBA468300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text   C:\Programme\Mozilla Firefox\firefox.exe[1968] ntdll.dll!LdrLoadDll                                                  7C9263C3 5 Bytes  JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device  \Driver\atapi \Device\Ide\IdePort0                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device  \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5                                                                          sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device  \Driver\atapi \Device\Ide\IdePort1                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device  \Driver\atapi \Device\Ide\IdePort2                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device  \Driver\atapi \Device\Ide\IdePort3                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device  \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10                                                                         sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

---- Registry - GMER 1.0.15 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0x05 0x46 0x41 0x62 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x54 0x47 0x51 0x4A ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x50 0x7B 0x8B 0xFF ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                      
Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0x55 0x9D 0x23 0xAD ...
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x05 0x46 0x41 0x62 ...
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x54 0x47 0x51 0x4A ...
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x50 0x7B 0x8B 0xFF ...
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x55 0x9D 0x23 0xAD ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Alt 31.10.2010, 19:23   #12
Chris4You
 
Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! - Standard

Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!



Hi,

eigentlich hätte noch die sptd rausfliegen sollen...
Versuche mal die Rechte für eine Anwendung die nicht funktioniert zu übernehmen, wie folgt:
[url]http://www.winsupportforum.de/forum/faqs-facts-basics/13-besitz-von-dateien-und-ordnern-uebernehmen.html[url]

Berechtigung prüfen (ob Du noch Admin bist):
Zugriffs-Berechtigung prüfen:
Start->Ausführen->control userpasswords2

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 01.11.2010, 10:27   #13
brbsmoky
 
Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! - Standard

Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!



Hallo,
das Register "Sicherheit" gibt es garnicht auszuwählen?

Führe ich control userpasswords2 aus,
kommt die Fehlermeldung:

rundll32.exe
"Auf das angegebene Gerät bzw. Pfad oder Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichende Berechtigungen, um auf das Element zugreifen zu können"


Das ganze Fenster schließt sich nach ca. 5 Sekunden automatisch.
Also ist mein Freund garnicht mehr Admin???

Alt 01.11.2010, 19:21   #14
brbsmoky
 
Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! - Standard

Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!



Habe es eben im abgesicherten Modus probiert,
auch da kann ich control userpasswords2 nicht ausführen.

Alt 02.11.2010, 06:42   #15
Chris4You
 
Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! - Standard

Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!



Hi,

das sieht nicht gut aus..
Hast Du ein Backup von dem Rechner?
Sonst würde ich jetzt mal die Daten sichern, und dann:

Backup der Registry erstellen mit ERUNT:

* Lade Dir ERUNT von folgender Adresse: Favorite Freeware
* Wähle die Installationsversion von ERUNT und installiere es auf deutsch
* Nach der Installation startet er gleich, alle Auswahlen so lassen
* Backup durchführen

Dann das hier runterladen und ausführen...
http://go.microsoft.com/?linkid=9646979

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!
antivir, antivir guard, avira, bho, blockiert, desktop, einstellungen, excel, fehlermeldung, firefox, frage, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, logfile, neu aufgesetzt, object, problem, programm, rundll, skype.exe, software, starten, system, virus, windows xp, ältere spiele



Ähnliche Themen: Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!


  1. Fund von Win32: Rootkit-Gen von Avast und Trojan.Downloader von Malwarebytes!
    Plagegeister aller Art und deren Bekämpfung - 22.04.2015 (15)
  2. Trojan Downloader: Win 32/Dofoil/U und PWS.Win32/Zbot.gen!Y auf PC gefunden
    Log-Analyse und Auswertung - 02.06.2013 (1)
  3. Rootkit, Bootkit, Rootkit.win32.tdss.ld4 - ich weiss nicht weiter..
    Log-Analyse und Auswertung - 18.03.2013 (1)
  4. Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefunden
    Log-Analyse und Auswertung - 23.12.2012 (14)
  5. Kaspersky gefunden Trojan-Downloader.JS.Expack.xw
    Log-Analyse und Auswertung - 30.07.2012 (1)
  6. Automatische Updates diverser Anwendungen sind blockiert
    Log-Analyse und Auswertung - 14.02.2012 (30)
  7. Trojan.Banker & Rootkit gefunden. Wie werde ich die 100%ig wieder los?
    Log-Analyse und Auswertung - 17.08.2011 (1)
  8. Trojan-Downloader.JS.Agent.gff kann nicht gefunden werden
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (1)
  9. Starforce? Rootkit Rootkit.TDSS! Bluescreens und Mbr laufend beschädigt!
    Plagegeister aller Art und deren Bekämpfung - 02.03.2011 (9)
  10. Firefox langsam, u.a. Trojan.Inject und Trojan.Downloader gefunden
    Plagegeister aller Art und deren Bekämpfung - 07.02.2011 (15)
  11. Befall von Rootkit(TDSS.Gen), Trojan Fraudpack und Rogue Antivir
    Plagegeister aller Art und deren Bekämpfung - 29.06.2010 (8)
  12. Trojan.TDss!K - Packed.Win32.Tdss!IK - und wer weiß was noch alles!
    Plagegeister aller Art und deren Bekämpfung - 09.12.2009 (1)
  13. Trojan-Downloader.JS.Gumblar.a gefunden
    Plagegeister aller Art und deren Bekämpfung - 28.05.2009 (0)
  14. Trojan.downloader gefunden, nach löschen sauber?
    Log-Analyse und Auswertung - 28.04.2009 (0)
  15. Rootkit RKIT/TDss.G.22 Backdoorprogramm BDS/TDSS.adb und Trojaner TR/Proxy.GHY
    Log-Analyse und Auswertung - 21.12.2008 (28)
  16. 'TR/Rootkit.Gen' [trojan] gefunden - HJT- Log
    Log-Analyse und Auswertung - 13.08.2008 (2)
  17. Trojan.Downloader.Zlob.cmx gefunden!!!!
    Plagegeister aller Art und deren Bekämpfung - 22.10.2007 (1)

Zum Thema Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! - Hallo liebes Forum, nach langer Zeit muss ich mich (leider - nicht falsch verstehen) mal wieder hier melden. Vorab, das betreffend System ist nicht von mir, ich bin glücklicherweise seit - Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert!...
Archiv
Du betrachtest: Rootkit.TDSS/ Trojan.Downloader gefunden - .exe-Anwendungen sind blockiert! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.