Virus 'EXP/Pidief.crk.2' [exploit] und 'TR/Spy.Gen' [trojan] gefunden

TanjaK · 02.02.2011, 14:40

Hallo,

habe gestern mehrere Virenwarnungen erhalten, siehe Betreff. Ich habe dann Avira, CCCleaner und Malwarebytes durchlaufen lassen. Eben gerade noch Hyjack this. Bei letzterem gab es eine Fehlermeldung, letzendlich kam aber doch ein komplettes File heraus.

In Quarantäne hocken bei mir jetzt noch zwei Dinge (ein etwas älterer Fall, hab' ich irgendwie gar nicht mitbekommen und einer der neuerern):
Der neuere: Trat nach dem Screen mit CC-Cleaner auf:
AcrC.683.tmp
und
process.exe (von 2009)

Ich bin dann noch über den Explorer zu besagter Datei AcrC.683.tmp
gegangen, habe sie gelöscht und den Papierkorb gelehrt.

Ich hänge die beiden Files (hijack this-log und mbam-log) an und hoffe, Ihr könnt mir helfen!

Vielen Dank!!!

Tanja

cosinus · 02.02.2011, 22:15

Zitat:

Malwarebytes' Anti-Malware 1.36

Datenbank Version: 2108

Gnadenlos veraltet!! Das stammt aus grauer Urzeit!
Wir sind bei Version 1.50.1 un Signaturenversion 56xx!! Bitte updaten auf die Version und manuell noch danach die Sigs updaten, dann einen VOLLSCAN machen und Log posten.

TanjaK · 03.02.2011, 15:59

Hallo Arne,

danke, hoffe ich hab's richtig gemacht. Hier kommt's:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5666

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

03.02.2011 15:23:30
mbam-log-2011-02-03 (15-23-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 305762
Laufzeit: 1 Stunde(n), 21 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\syscheckrt\syscheckrt.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

Viele Grüße,

Tanja.

cosinus · 03.02.2011, 19:20

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.

TanjaK · 04.02.2011, 12:14

... Es gibt nur noch das Logfile, das ich mit der total veralteten Version gemacht habe (siehe erster Beitrag) und ansonsten welche von 2009. Aber die brauchst Du wohl nicht, oder? Kann ich sonst noch etwas tun?

Viele Grüße,

Tanja

cosinus · 04.02.2011, 15:11

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

TanjaK · 04.02.2011, 17:08

Ok, hier sind sie, viele Grüße, Tanja.OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 04.02.2011 16:44:47 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Tanja\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 15,03 Gb Free Space | 20,17% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 69,24 Gb Free Space | 94,77% Space Free | Partition Type: NTFS
Drive F: | 4,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: TANJA-PC | User Name: Tanja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E0E7D48-CD8D-4E34-B88F-FF01FF5112EA}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe | 
"{1EC1E9E1-E95F-4953-A8E8-68A262F53143}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe | 
"{21C49E01-AF8A-44D5-B493-F13617A003CE}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{303E6F4A-F978-4B90-9C2F-46C8119DA507}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{38F3FD6A-A6C0-4CA9-9976-8632A266ED13}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4BCC64ED-E087-46B0-B6C8-7E818223A812}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe | 
"{680ABB69-77E8-4B50-961E-C20490EA40B2}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{6DFB69A4-A305-4E43-9B45-46D5B12B3E24}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{76979406-92D0-49CD-9381-3419E65B3C52}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{80CD0DF2-08C0-4FB6-830E-2F715BA3F39D}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe | 
"{908BC0A7-2ADE-4B06-8EBC-99C60AE7B304}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{A5387EB0-2B86-4DC5-8988-600964CA6BB0}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe | 
"{B74B8DAE-8B2B-4082-877D-A757C4C928C1}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe | 
"{BA17AD06-EC79-4B53-983D-13891E82B15F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C1A115CA-C9C5-40D5-AF24-5A9438E5EC57}" = protocol=6 | dir=in | app=c:\program files\avira\antivir personaledition classic\avcenter.exe | 
"{DEF639CC-0260-4258-87CA-42D42592E3AC}" = protocol=17 | dir=in | app=c:\program files\avira\antivir personaledition classic\avcenter.exe | 
"{F1B4A485-349E-4E2D-9DD3-6B10EDC30DB0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{C4FEB3FF-059A-4282-ACC5-9752607E6576}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E76C35F5-E63B-43A8-BC40-F97DBC8BBDE1}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{31C377ED-F4ED-4B7C-8D56-4B0A34E8AD1E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{69FC2C70-2EF4-4438-97C4-ECFDC8EC9940}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{16899FB4-22B9-665D-5AD0-224457447195}" = Mozy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.2.2.1
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes
"{44061C54-0775-4AE1-B433-79BCC6431817}" = WISO Mein Geld 2009 Professional
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{58C6D230-DD51-4356-9C32-4C7F1544E62F}" = WLAN Monitor
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7DE75E67-1666-4BC2-A778-7D1DEECD90E8}" = Langenscheidt Vokabeltrainer 2.0 Spanisch
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0015-0000-0000-074957833700}" = ABBYY Screenshot Reader
"{FE99485A-31B7-4DB2-ABCD-FF62BCC919F8}" = tradesignal standard edition
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Any Video Converter_is1" = Any Video Converter 2.7.2
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"Citavi" = Citavi 2.5
"CopyTrans Suite" = CopyTrans Suite Remove Only
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"FEXtraderProDEMO" = FEXtrader Pro DEMO
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Slideshow Maker D" = MAGIX Slideshow Maker 1.0.1.3 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"myphotobook" = myphotobook 3.1
"Picasa2" = Picasa 2
"Scan2PDF_is1" = Scan2PDF 1.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.6.2056
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.02.2011 07:47:06 | Computer Name = Tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.02.2011 07:47:06 | Computer Name = Tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.02.2011 10:26:31 | Computer Name = Tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.02.2011 10:26:31 | Computer Name = Tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.02.2011 13:13:26 | Computer Name = Tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.02.2011 13:13:26 | Computer Name = Tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.02.2011 06:51:19 | Computer Name = Tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.02.2011 06:51:19 | Computer Name = Tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.02.2011 11:38:55 | Computer Name = Tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.02.2011 11:38:55 | Computer Name = Tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ OSession Events ]
Error - 15.11.2007 12:26:05 | Computer Name = Tanja-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 479
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 31.05.2010 17:20:21 | Computer Name = Tanja-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6866
 seconds with 2580 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.02.2011 13:13:33 | Computer Name = Tanja-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.02.2011 13:13:33 | Computer Name = Tanja-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 03.02.2011 13:13:33 | Computer Name = Tanja-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.02.2011 06:50:40 | Computer Name = Tanja-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse
 001B9E495021 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 04.02.2011 06:50:57 | Computer Name = Tanja-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.02.2011 06:50:57 | Computer Name = Tanja-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.02.2011 06:50:57 | Computer Name = Tanja-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.02.2011 11:38:42 | Computer Name = Tanja-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.02.2011 11:38:42 | Computer Name = Tanja-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.02.2011 11:38:42 | Computer Name = Tanja-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.02.2011 16:44:47 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Tanja\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 15,03 Gb Free Space | 20,17% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 69,24 Gb Free Space | 94,77% Space Free | Partition Type: NTFS
Drive F: | 4,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: TANJA-PC | User Name: Tanja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tanja\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Mozy\MozyHomeEuropestat.exe (Mozy)
PRC - C:\Programme\Mozy\MozyHomeEuropebackup.exe (Mozy)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\ABBYY Screenshot Reader\ScreenshotReader.exe (ABBYY)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\ABBYY Screenshot Reader\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (T-Mobile)
PRC - C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
PRC - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
PRC - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
PRC - C:\Programme\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Programme\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Programme\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Common Files\AccSys\accsvc.exe (AccSys GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Tanja\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozyHomeEuropebackup) -- C:\Program Files\Mozy\MozyHomeEuropebackup.exe (Mozy)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ABBYY.Licensing.FineReader.ScreenshotReader.9.0) -- C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe (ABBYY)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GtDetectSc) -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (AVG Anti-Spyware Guard) -- C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
SRV - (ASLDRService) -- C:\Programme\ATK Hotkey\ASLDRSrv.exe ()
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (accsvc) -- C:\Programme\Common Files\AccSys\accsvc.exe (AccSys GmbH)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MozyHomeEuropeFilter) -- C:\Windows\System32\drivers\MozyHomeEurope.sys (Mozy, Inc.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option NV)
DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AVG Anti-Spyware Driver) -- C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys ()
DRV - (AvgAsCln) -- C:\Windows\System32\drivers\AvgAsCln.sys (GRISOFT, s.r.o.)
DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex) -- C:\Windows\System32\drivers\s115obex.sys (MCCI Corporation)
DRV - (s115mdm) -- C:\Windows\System32\drivers\s115mdm.sys (MCCI Corporation)
DRV - (s115mdfl) -- C:\Windows\System32\drivers\s115mdfl.sys (MCCI Corporation)
DRV - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\Windows\System32\drivers\s115bus.sys (MCCI Corporation)
DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.handelsblatt.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.23 07:41:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2008.04.30 10:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tanja\AppData\Roaming\mozilla\Extensions
[2008.04.30 10:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tanja\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [ABBYY Screenshot Reader Retail] C:\Program Files\ABBYY Screenshot Reader\ScreenShotReader.exe (ABBYY)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ABBYY Screenshot Reader Retail] C:\Program Files\ABBYY Screenshot Reader\ScreenshotReader.exe (ABBYY)
O4 - HKCU..\Run: [EPSON Stylus D78 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - Startup: C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.fujidirekt.de/ips-opdata/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} hxxp://www.myheritage.de/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Tanja\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Tanja\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0ddfec3a-1683-11dd-8635-001d60f10c65}\Shell\AutoRun\command - "" = D:\InstallTomTomHOME.exe
O33 - MountPoints2\{25539c9f-3f89-11dd-b8c9-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{25539c9f-3f89-11dd-b8c9-001d60f10c65}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\{25539ccd-3f89-11dd-b8c9-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{25539ccd-3f89-11dd-b8c9-001d60f10c65}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\{33177da1-3fa1-11dd-a462-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{33177da1-3fa1-11dd-a462-001d60f10c65}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\{33177dae-3fa1-11dd-a462-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{33177dae-3fa1-11dd-a462-001d60f10c65}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\{37212c67-4089-11dd-9c02-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{37212c67-4089-11dd-9c02-001d60f10c65}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\{52eaa5b4-414b-11dd-ac09-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{52eaa5b4-414b-11dd-ac09-001d60f10c65}\Shell\AutoRun\command - "" = D:\setup.exe AUTORUN=1
O33 - MountPoints2\{8f793b50-3fa3-11dd-98a5-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{8f793b50-3fa3-11dd-98a5-001d60f10c65}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\{8f793b5d-3fa3-11dd-98a5-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{8f793b5d-3fa3-11dd-98a5-001d60f10c65}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\{ed5057b7-3f90-11dd-ae6e-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{ed5057b7-3f90-11dd-ae6e-001d60f10c65}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\{ed5057b8-3f90-11dd-ae6e-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{ed5057b8-3f90-11dd-ae6e-001d60f10c65}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.04 16:42:50 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Tanja\Desktop\OTL.exe
[2011.01.13 13:47:19 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.13 13:47:16 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2009.11.11 17:06:39 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe7638.dll
[2008.01.21 12:29:49 | 058,619,176 | ---- | C] (Apple Inc.) -- C:\Programme\iTunesSetup.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.04 16:43:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Tanja\Desktop\OTL.exe
[2011.02.04 16:38:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.04 16:38:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.04 16:38:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.04 16:38:12 | 2136,244,224 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.04 11:55:28 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7B2030B6-5A18-4D1B-89BE-00A8BF40BD96}.job
[2011.01.26 21:15:06 | 000,001,356 | ---- | M] () -- C:\Users\Tanja\AppData\Local\d3d9caps.dat
[2011.01.26 19:12:05 | 000,004,136 | ---- | M] () -- C:\Windows\MozyHomeEurope.blk
[2011.01.26 19:12:05 | 000,001,508 | ---- | M] () -- C:\Windows\MozyHomeEurope.flt
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.03 21:51:37 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.08.02 12:37:51 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.10.05 13:17:55 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2009.10.05 12:02:31 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2009.09.17 07:57:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.25 11:48:00 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.01.07 16:13:18 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.12.08 13:51:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.11.15 20:06:43 | 000,001,646 | ---- | C] () -- C:\Users\Tanja\AppData\Roaming\FexTrader pro Errors.log
[2008.11.15 20:05:30 | 000,000,142 | ---- | C] () -- C:\Users\Tanja\AppData\Roaming\FEXtrader Update Errors.log
[2008.07.23 09:50:26 | 000,000,016 | -H-- | C] () -- C:\Users\Tanja\AppData\Local\mxfilerelatedcache.mxc2
[2008.07.23 09:50:25 | 000,000,016 | -H-- | C] () -- C:\Users\Tanja\AppData\Roaming\mxfilerelatedcache.mxc2
[2008.02.14 14:40:47 | 000,013,824 | ---- | C] () -- C:\Users\Tanja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.01.02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.01.02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008.01.02 16:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007.11.19 22:32:04 | 000,001,356 | ---- | C] () -- C:\Users\Tanja\AppData\Local\d3d9caps.dat
[2007.09.30 12:47:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.08.13 13:20:38 | 000,007,103 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.08.13 12:52:05 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.08.13 12:52:05 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.08.13 12:52:05 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.08.13 12:52:05 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.08.13 12:52:05 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.08.13 12:52:05 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.08.13 12:44:38 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.08.13 12:30:56 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.08.13 12:30:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.08.13 12:30:56 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.08.13 12:30:56 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.08.13 11:06:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.08.13 11:06:09 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.08.13 11:06:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007.01.26 00:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2007.01.26 00:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

< End of report >

--- --- ---

cosinus · 04.02.2011, 20:21

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0ddfec3a-1683-11dd-8635-001d60f10c65}\Shell\AutoRun\command - "" = D:\InstallTomTomHOME.exe
O33 - MountPoints2\{25539c9f-3f89-11dd-b8c9-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{25539c9f-3f89-11dd-b8c9-001d60f10c65}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\{25539ccd-3f89-11dd-b8c9-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{25539ccd-3f89-11dd-b8c9-001d60f10c65}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\{33177da1-3fa1-11dd-a462-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{33177da1-3fa1-11dd-a462-001d60f10c65}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\{33177dae-3fa1-11dd-a462-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{33177dae-3fa1-11dd-a462-001d60f10c65}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\{37212c67-4089-11dd-9c02-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{37212c67-4089-11dd-9c02-001d60f10c65}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\{52eaa5b4-414b-11dd-ac09-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{52eaa5b4-414b-11dd-ac09-001d60f10c65}\Shell\AutoRun\command - "" = D:\setup.exe AUTORUN=1
O33 - MountPoints2\{8f793b50-3fa3-11dd-98a5-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{8f793b50-3fa3-11dd-98a5-001d60f10c65}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\{8f793b5d-3fa3-11dd-98a5-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{8f793b5d-3fa3-11dd-98a5-001d60f10c65}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\{ed5057b7-3f90-11dd-ae6e-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{ed5057b7-3f90-11dd-ae6e-001d60f10c65}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\{ed5057b8-3f90-11dd-ae6e-001d60f10c65}\Shell - "" = AutoRun
O33 - MountPoints2\{ed5057b8-3f90-11dd-ae6e-001d60f10c65}\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\VMC_PBStarter.exe
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

TanjaK · 04.02.2011, 21:27

Ok, done!

Hier kommt es:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ddfec3a-1683-11dd-8635-001d60f10c65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ddfec3a-1683-11dd-8635-001d60f10c65}\ not found.
File D:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25539c9f-3f89-11dd-b8c9-001d60f10c65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25539c9f-3f89-11dd-b8c9-001d60f10c65}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25539c9f-3f89-11dd-b8c9-001d60f10c65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25539c9f-3f89-11dd-b8c9-001d60f10c65}\ not found.
File D:\VMC_PBStarter.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25539ccd-3f89-11dd-b8c9-001d60f10c65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25539ccd-3f89-11dd-b8c9-001d60f10c65}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25539ccd-3f89-11dd-b8c9-001d60f10c65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25539ccd-3f89-11dd-b8c9-001d60f10c65}\ not found.
File D:\VMC_PBStarter.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33177da1-3fa1-11dd-a462-001d60f10c65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33177da1-3fa1-11dd-a462-001d60f10c65}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33177da1-3fa1-11dd-a462-001d60f10c65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33177da1-3fa1-11dd-a462-001d60f10c65}\ not found.
File D:\VMC_PBStarter.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33177dae-3fa1-11dd-a462-001d60f10c65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33177dae-3fa1-11dd-a462-001d60f10c65}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33177dae-3fa1-11dd-a462-001d60f10c65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33177dae-3fa1-11dd-a462-001d60f10c65}\ not found.
File D:\VMC_PBStarter.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37212c67-4089-11dd-9c02-001d60f10c65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37212c67-4089-11dd-9c02-001d60f10c65}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37212c67-4089-11dd-9c02-001d60f10c65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37212c67-4089-11dd-9c02-001d60f10c65}\ not found.
File D:\VMC_PBStarter.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52eaa5b4-414b-11dd-ac09-001d60f10c65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52eaa5b4-414b-11dd-ac09-001d60f10c65}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52eaa5b4-414b-11dd-ac09-001d60f10c65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52eaa5b4-414b-11dd-ac09-001d60f10c65}\ not found.
File D:\setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f793b50-3fa3-11dd-98a5-001d60f10c65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f793b50-3fa3-11dd-98a5-001d60f10c65}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f793b50-3fa3-11dd-98a5-001d60f10c65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f793b50-3fa3-11dd-98a5-001d60f10c65}\ not found.
File D:\VMC_PBStarter.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f793b5d-3fa3-11dd-98a5-001d60f10c65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f793b5d-3fa3-11dd-98a5-001d60f10c65}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f793b5d-3fa3-11dd-98a5-001d60f10c65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f793b5d-3fa3-11dd-98a5-001d60f10c65}\ not found.
File D:\VMC_PBStarter.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed5057b7-3f90-11dd-ae6e-001d60f10c65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed5057b7-3f90-11dd-ae6e-001d60f10c65}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed5057b7-3f90-11dd-ae6e-001d60f10c65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed5057b7-3f90-11dd-ae6e-001d60f10c65}\ not found.
File D:\VMC_PBStarter.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed5057b8-3f90-11dd-ae6e-001d60f10c65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed5057b8-3f90-11dd-ae6e-001d60f10c65}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed5057b8-3f90-11dd-ae6e-001d60f10c65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed5057b8-3f90-11dd-ae6e-001d60f10c65}\ not found.
File D:\VMC_PBStarter.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\VMC_PBStarter.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tanja
->Temp folder emptied: 967560 bytes
->Temporary Internet Files folder emptied: 59599273 bytes
->Java cache emptied: 53684343 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 9900 bytes

User: Tanja Administrator
->Temp folder emptied: 289508 bytes
->Temporary Internet Files folder emptied: 9772884 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 21164 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1263395 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 120,00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02042011_212031

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 04.02.2011, 21:45

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

TanjaK · 04.02.2011, 23:02

Puuh, da ist mir aber eben das Herz in die Hose gerutscht, als "cofi" fertig war (inkl. Neustart), das Logfile ausgespuckt hatte und ich dann kein einziges Programm öffnen konnte (Fehlermeldung). Auch nicht den Explorer. Nach nochmaligem Hoch- und Runterfahren gings dann.

Folgendes noch: Die neue CC-Cleaner-Version hatte eine etwas andere, erweiterte Aufteilung. Ich hab' die Häkchen so gelassen, wie sie waren, nur die Häkchen bei "Erweitert" rausgenommen. Hoffe, das war richtig so.

Falls es das jetzt war (was ich natürlich inständig hoffe), hätte ich noch ein zwei Fragen: Was ist denn das bloß für ein Mist, den ich mir da eingefangen habe? Kannst Du sagen ob das eine ältere Infektion ist oder wirklich erst die Tage aufgekreuzt? Was für Schäden richtet es an? Und habe ich mit Avira ausreichend Schutz, sprich fällt es wenigstens auf, wenn mein Rechner sich infiziert?

Vielen lieben Dank schon mal!

Hier das Logfile:

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-01-31.02 - Tanja 04.02.2011  22:12:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2038.1029 [GMT 1:00]
ausgeführt von:: c:\users\Tanja\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe7638.dll
c:\users\Tanja\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Tanja\FAVORI~1\mxfilerelatedcache.mxc2
c:\users\Tanja\Favorites\mxfilerelatedcache.mxc2
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
E:\install.exe

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


(((((((((((((((((((((((   Dateien erstellt von 2011-01-04 bis 2011-02-04  ))))))))))))))))))))))))))))))
.

2011-02-04 21:25 . 2011-02-04 21:25	--------	d-----w-	c:\users\Tanja Administrator\AppData\Local\temp
2011-02-04 21:25 . 2011-02-04 21:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-02-04 20:20 . 2011-02-04 20:20	--------	d-----w-	C:\_OTL
2011-02-04 10:59 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B05C9DE-8D2B-45BF-80BA-40129C0B9DF5}\mpengine.dll
2011-01-13 12:47 . 2010-12-28 15:55	413696	----a-w-	c:\windows\system32\odbc32.dll
2011-01-13 12:47 . 2010-12-28 15:53	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2011-01-13 12:47 . 2010-12-28 15:53	253952	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2011-01-13 12:47 . 2010-12-28 15:53	241664	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2011-01-13 12:47 . 2010-12-28 15:53	57344	----a-w-	c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-13 12:47 . 2010-12-28 15:53	180224	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2011-01-13 12:47 . 2010-12-14 14:49	1169408	----a-w-	c:\windows\system32\sdclt.exe

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2009-05-11 11:17	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-05-11 11:17	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2008-01-21 11:30 . 2008-01-21 11:29	58619176	----a-w-	c:\program files\iTunesSetup.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MozyHomeEurope]
@="{944bc754-3bde-46c6-7c52-974154f45e88}"
[HKEY_CLASSES_ROOT\CLSID\{944bc754-3bde-46c6-7c52-974154f45e88}]
2010-10-27 02:50	3414832	----a-w-	c:\program files\Mozy\MozyHomeEuropeshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MozyHomeEurope2]
@="{0be1f069-378d-5ddc-6158-d2dd69ef889b}"
[HKEY_CLASSES_ROOT\CLSID\{0be1f069-378d-5ddc-6158-d2dd69ef889b}]
2010-10-27 02:50	3414832	----a-w-	c:\program files\Mozy\MozyHomeEuropeshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MozyHomeEurope3]
@="{121ca94d-a542-2987-1237-c4026364e512}"
[HKEY_CLASSES_ROOT\CLSID\{121ca94d-a542-2987-1237-c4026364e512}]
2010-10-27 02:50	3414832	----a-w-	c:\program files\Mozy\MozyHomeEuropeshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-06-27 436088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"ABBYY Screenshot Reader Retail"="c:\program files\ABBYY Screenshot Reader\ScreenshotReader.exe" [2009-10-26 959752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-22 894248]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ABBYY Screenshot Reader Retail"="c:\program files\ABBYY Screenshot Reader\ScreenShotReader.exe" [2009-10-26 959752]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

c:\users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-12-9 1783128]
Mozy Status.lnk - c:\program files\Mozy\MozyHomeEuropestat.exe [2010-10-27 3514160]
web'n'walk Manager.lnk - c:\program files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe [2007-11-7 798720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-07-09 95744]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-06-26 51968]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-06-04 90408]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-06-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-06-04 122024]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-06-04 115368]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-06-04 25768]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-06-04 111784]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-06-04 117544]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MozyHomeEuropeFilter;MozyHomeEuropeFilter;c:\windows\system32\DRIVERS\MozyHomeEurope.sys [2010-10-27 54776]
S2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;c:\program files\ABBYY Screenshot Reader\NetworkLicenseServer.exe [2009-05-14 759048]
S2 accsvc;AccSys WiFi Component;c:\program files\Common Files\AccSys\accsvc.exe [2006-01-11 147456]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 GtDetectSc;GtDetectSc;c:\program files\T-Mobile\web'n'walk Manager\GtDetectSc.exe [2007-11-05 204915]
S2 MozyHomeEuropebackup;Mozy Backupdienst;c:\program files\Mozy\MozyHomeEuropebackup.exe [2010-10-27 49456]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 600912]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2011-02-04 c:\windows\Tasks\User_Feed_Synchronization-{7B2030B6-5A18-4D1B-89BE-00A8BF40BD96}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.handelsblatt.com/
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.fujidirekt.de/ips-opdata/objects/jordan.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.de/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

SafeBoot-AVG Anti-Spyware Driver



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-04 22:30
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3992)
c:\program files\Mozy\MozyHomeEuropeshell.dll
c:\program files\Mozy\LIBEAY32.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-04  22:37:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-02-04 21:36

Vor Suchlauf: 9 Verzeichnis(se), 16.045.461.504 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 15.684.427.776 Bytes frei

- - End Of File - - 7E2033E87FE53148A4C701FFEBE9E2D6

--- --- ---

cosinus · 05.02.2011, 13:50

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur einige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

TanjaK · 05.02.2011, 23:54

ok, hat alles funktioniert, hier kommt das txt-file:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: TOSHIBA
System Product Name: Satellite L40
Logical Drives Mask: 0x00000034

Kernel Drivers (total 145):
0x82440000 \SystemRoot\system32\ntkrnlpa.exe
0x8240D000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047B000 \SystemRoot\system32\PSHED.dll
0x8048C000 \SystemRoot\system32\BOOTVID.dll
0x80494000 \SystemRoot\system32\CLFS.SYS
0x804D5000 \SystemRoot\system32\CI.dll
0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80695000 \SystemRoot\system32\drivers\acpi.sys
0x806DB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E4000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EC000 \SystemRoot\system32\drivers\pci.sys
0x80713000 \SystemRoot\System32\drivers\partmgr.sys
0x80722000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80725000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072F000 \SystemRoot\system32\drivers\volmgr.sys
0x8073E000 \SystemRoot\System32\drivers\volmgrx.sys
0x80788000 \SystemRoot\system32\drivers\intelide.sys
0x8078F000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8079D000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x807C7000 \SystemRoot\System32\drivers\mountmgr.sys
0x82A04000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82ACB000 \SystemRoot\system32\drivers\atapi.sys
0x82AD3000 \SystemRoot\system32\drivers\ataport.SYS
0x82AF1000 \SystemRoot\system32\drivers\fltmgr.sys
0x82B23000 \SystemRoot\system32\drivers\fileinfo.sys
0x82B33000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82B3C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8820B000 \SystemRoot\system32\drivers\ndis.sys
0x88316000 \SystemRoot\system32\drivers\msrpc.sys
0x88341000 \SystemRoot\system32\drivers\NETIO.SYS
0x88401000 \SystemRoot\System32\drivers\tcpip.sys
0x884EB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88601000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88711000 \SystemRoot\system32\drivers\volsnap.sys
0x8874A000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x88795000 \SystemRoot\System32\Drivers\spldr.sys
0x8879D000 \SystemRoot\System32\Drivers\mup.sys
0x887AC000 \SystemRoot\System32\drivers\ecache.sys
0x887D3000 \SystemRoot\system32\drivers\disk.sys
0x88506000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x887E4000 \SystemRoot\system32\drivers\crcdisk.sys
0x885EE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8837C000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88385000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8D00E000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8D65B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D6FC000 \SystemRoot\System32\drivers\watchdog.sys
0x8D708000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8D713000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8D751000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8D760000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8DA05000 \SystemRoot\system32\DRIVERS\athr.sys
0x8DABE000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0x8DACF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8DAE2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8DAED000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8DB1A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8DB1C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8DB27000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x8DB2B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8DB43000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8DB46000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8DB4A000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x8DB52000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8DB81000 \SystemRoot\system32\DRIVERS\storport.sys
0x8DBC2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DBCD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DBE4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x88394000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8DBEF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x883B7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x883CB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D7ED000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D000000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x8DBFE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x82BAD000 \SystemRoot\system32\DRIVERS\ks.sys
0x883E0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x883EA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x805B5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x82BD7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DE0B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8DFCB000 \SystemRoot\system32\drivers\portcls.sys
0x807D7000 \SystemRoot\system32\drivers\drmk.sys
0x8E000000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8E11C000 \SystemRoot\system32\drivers\modem.sys
0x8E129000 \SystemRoot\system32\DRIVERS\MozyHomeEurope.sys
0x8E13C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E145000 \SystemRoot\System32\Drivers\Null.SYS
0x8E14C000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E153000 \SystemRoot\System32\DRIVERS\AvgAsCln.sys
0x8E154000 \SystemRoot\System32\drivers\vga.sys
0x8E160000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E181000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E189000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E191000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E19C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E1AA000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E1B3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E1C9000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E600000 \SystemRoot\system32\drivers\afd.sys
0x8E648000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E67A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E690000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E69E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E6B1000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8E6B7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E6F3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E6FD000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E714000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8E730000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8E732000 \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
0x8E733000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8E76E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x88527000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x96490000 \SystemRoot\System32\win32k.sys
0x8E77B000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E785000 \SystemRoot\system32\DRIVERS\monitor.sys
0x966B0000 \SystemRoot\System32\TSDDD.dll
0x966D0000 \SystemRoot\System32\cdd.dll
0x8E794000 \SystemRoot\system32\drivers\luafv.sys
0x8E7AF000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA900C000 \SystemRoot\system32\drivers\spsys.sys
0xA90BC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA90CC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA90F6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9100000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA9113000 \SystemRoot\system32\drivers\HTTP.sys
0xA9180000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA919D000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA91B6000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA91CB000 \SystemRoot\system32\drivers\mrxdav.sys
0x8E7CB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAA006000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAA03F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAA057000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAA07F000 \SystemRoot\System32\DRIVERS\srv.sys
0xAA0CD000 \SystemRoot\system32\drivers\peauth.sys
0xAA1AB000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAA1B5000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAA1C1000 \??\C:\Users\Tanja\AppData\Local\Temp\kwlcipow.sys
0xAA1D9000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77790000 \Windows\System32\ntdll.dll

Processes (total 91):
0 System Idle Process
4 System
460 C:\Windows\System32\smss.exe
592 csrss.exe
636 C:\Windows\System32\wininit.exe
648 csrss.exe
680 C:\Windows\System32\services.exe
692 C:\Windows\System32\lsass.exe
704 C:\Windows\System32\lsm.exe
784 C:\Windows\System32\winlogon.exe
888 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\audiodg.exe
1300 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\SLsvc.exe
1352 C:\Windows\System32\svchost.exe
1496 C:\Windows\System32\svchost.exe
1632 C:\Program Files\ATK Hotkey\ASLDRSrv.exe
1716 C:\Windows\System32\spoolsv.exe
1740 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1752 C:\Windows\System32\svchost.exe
1928 C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
1952 C:\Program Files\Common Files\AccSys\accsvc.exe
1968 C:\Windows\System32\agrsmsvc.exe
2000 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2012 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2028 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
224 C:\Program Files\Bonjour\mDNSResponder.exe
404 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
1508 C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
872 C:\Windows\System32\dwm.exe
1964 C:\Windows\explorer.exe
628 C:\Program Files\Mozy\MozyHomeEuropebackup.exe
1164 C:\Windows\System32\taskeng.exe
2140 C:\Program Files\ATK Hotkey\HControl.exe
2432 C:\Program Files\CDBurnerXP\NMSAccessU.exe
2460 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
2536 C:\Program Files\Mozy\MozyHomeEuropebackup.exe
2592 C:\Windows\System32\svchost.exe
2692 C:\Windows\System32\svchost.exe
2748 C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
2800 C:\Windows\System32\TODDSrv.exe
2836 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
2876 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2920 C:\Windows\System32\svchost.exe
2928 C:\Program Files\ATK Hotkey\ATKOSD.exe
2948 C:\Windows\System32\SearchIndexer.exe
3124 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3792 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3804 C:\Windows\RtHDVCpl.exe
3828 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
3868 C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
3900 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
3908 C:\Windows\System32\igfxtray.exe
3916 C:\Windows\System32\hkcmd.exe
3940 C:\Windows\System32\igfxpers.exe
3972 C:\Program Files\iTunes\iTunesHelper.exe
3992 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4020 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
4032 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4052 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
4064 C:\Windows\System32\igfxsrvc.exe
2128 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
1504 C:\Program Files\Picasa2\PicasaMediaDetector.exe
884 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
1204 C:\Program Files\ABBYY Screenshot Reader\ScreenshotReader.exe
1224 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
1088 C:\Program Files\Mozy\MozyHomeEuropestat.exe
880 C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
2892 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3612 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
4016 C:\Program Files\iPod\bin\iPodService.exe
1440 C:\Program Files\Common Files\Teleca Shared\Generic.exe
2760 C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
3096 C:\Windows\System32\taskeng.exe
3756 C:\Program Files\Internet Explorer\iexplore.exe
4512 C:\Program Files\Internet Explorer\iexplore.exe
4904 C:\Program Files\Internet Explorer\iexplore.exe
4996 taskeng.exe
5448 C:\Windows\System32\SearchProtocolHost.exe
5080 C:\Windows\System32\SearchFilterHost.exe
5704 C:\Windows\System32\SearchProtocolHost.exe
2184 C:\Program Files\Internet Explorer\iexplore.exe
4820 dllhost.exe
1408 dllhost.exe
5044 C:\Users\Tanja\Desktop\MBRCheck.exe
1364 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`ff600000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHW2160BHPL, Rev: 0040001D

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

cosinus · 06.02.2011, 20:49

Und die anderen Logs sind wo?

TanjaK · 06.02.2011, 23:38

Uppps!

Ähem, die sind dann also hier:

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-05 23:03:35
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0040
Running: GMER.exe; Driver: C:\Users\Tanja\AppData\Local\Temp\kwlcipow.sys


---- System - GMER 1.0.15 ----

SSDT            81075A54                                                                                                            ZwCreateThread
SSDT            81075A40                                                                                                            ZwOpenProcess
SSDT            81075A45                                                                                                            ZwOpenThread
SSDT            81075A4F                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 221                                                                                       824EC984 4 Bytes  [54, 5A, 07, 81]
.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                                       824ECB54 4 Bytes  [40, 5A, 07, 81]
.text           ntkrnlpa.exe!KeSetEvent + 40D                                                                                       824ECB70 4 Bytes  [45, 5A, 07, 81]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                       824ECD84 4 Bytes  [4F, 5A, 07, 81]
.text           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                           section is writeable [0x8874B000, 0x4036D, 0xE8000020]
.dsrt           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                           unknown last section [0x88794000, 0x510, 0x40000040]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[884] USER32.dll!InSendMessageEx + 4C9           7612E7C8 7 Bytes  JMP 10031D10 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text           C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[884] USER32.dll!CreateIconFromResourceEx + 340  76130E45 7 Bytes  JMP 10031C80 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text           C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[884] USER32.dll!DdeQueryStringW + 5CE           7614FA2D 7 Bytes  JMP 10031CF0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[1224] kernel32.dll!FindResourceA                             772D2653 5 Bytes  JMP 00429D00 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[1224] kernel32.dll!FindResourceW                             772F7FA1 5 Bytes  JMP 00429D40 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[1224] USER32.dll!LoadStringA                                 76126243 5 Bytes  JMP 00429FD0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[1224] USER32.dll!CreateDialogParamW                          761272A2 5 Bytes  JMP 00429DF0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[1224] USER32.dll!LoadMenuW                                   76131412 5 Bytes  JMP 00429EC0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[1224] USER32.dll!LoadStringW                                 76139CCB 5 Bytes  JMP 00429F20 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[1224] USER32.dll!CreateDialogParamA                          761417AA 5 Bytes  JMP 00429D80 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text           C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[1224] USER32.dll!LoadMenuA                                   76167C77 5 Bytes  JMP 00429E60 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              MozyHomeEurope.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xE2 0x63 0x26 0xF1 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x46 0x47 0x15 0xB0 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0xFF 0x7C 0x85 0xE0 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x3E 0x1E 0x9E 0xE0 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xCD 0x44 0xCD 0xB9 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xDF 0x20 0x58 0x62 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0xFB 0xA7 0x78 0xE6 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x01 0x3A 0x48 0xFC ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xF6 0x0F 0x4E 0x58 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x3D 0xCE 0xEA 0x26 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0x2A 0xB7 0xCC 0xB5 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:51:16 on 05.02.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\Windows\system32\javacpl.cpl
"TOSCDSPD.cpl" - "TOSHIBA" - C:\Windows\system32\TOSCDSPD.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AVG Anti-Spyware Clean Driver" (AvgAsCln) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\AvgAsCln.sys
"AVG Anti-Spyware Driver" (AVG Anti-Spyware Driver) - ? - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kwlcipow" (kwlcipow) - ? - C:\Users\Tanja\AppData\Local\Temp\kwlcipow.sys  (Hidden registry entry, rootkit activity | File not found)
"MozyHomeEuropeFilter" (MozyHomeEuropeFilter) - "Mozy, Inc." - C:\Windows\System32\DRIVERS\MozyHomeEurope.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
{B1759355-3EEC-4C1E-B0F1-B719FE26E377} "x-sdch" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "CShellExecuteHookImpl Object" - "GRISOFT s.r.o." - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Program Files\Pinnacle\VideoSpin\Programs\BlueShellExt.dll  (File found, but it contains no detailed information)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{2BB59FC0-31E8-42DA-9D3C-E9A52953853B} "ImageResizer Shell Extension" - "VSO Software SARL" - C:\PROGRA~1\VSO\IMAGER~1\RSZShell.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{f9dba42c-65ce-26b1-3c3d-f82c46fdf14b} "Mozy Remote Backup" - "Mozy" - C:\Program Files\Mozy\MozyHomeEuropeshell.dll
{944bc754-3bde-46c6-7c52-974154f45e88} "Mozy Remote Backup Shell-Erweiterungen" - "Mozy" - C:\Program Files\Mozy\MozyHomeEuropeshell.dll
{0be1f069-378d-5ddc-6158-d2dd69ef889b} "Mozy Remote Backup Shell-Erweiterungen Icon Overlay 2" - "Mozy" - C:\Program Files\Mozy\MozyHomeEuropeshell.dll
{121ca94d-a542-2987-1237-c4026364e512} "Mozy Remote Backup Shell-Erweiterungen Icon Overlay 3" - "Mozy" - C:\Program Files\Mozy\MozyHomeEuropeshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{888078C6-70B2-4F88-8EE7-1F50DDEA6120} "CeWe Color AG & Co. OHG Control" - "CeWe Color AG & Co. OHG" - C:\Windows\Downloaded Program Files\ImageUploader6.ocx / https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
{6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} "CSEQueryObject Object" - "MyHeritage Ltd." - C:\Windows\Downloaded Program Files\SearchEngineQuery.dll / hxxp://www.myheritage.de/Genoogle/Components/ActiveX/SearchEngineQuery.dll
{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} "EPUImageControl Class" - "eBay, Inc." - C:\Windows\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} "JordanUploader Class" - "IPLabs GmbH" - C:\Windows\Downloaded Program Files\JordanApplet.dll / hxxp://www.fujidirekt.de/ips-opdata/objects/jordan.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} "YInstStarter Class" - "Yahoo! Inc." - C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll / C:\Program Files\Yahoo!\Common\yinsthelper.dll
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Amazon.de" - ? - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home  (HTTP value)
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? -   (File not found | COM-object registry key not found)
"eBay - Der weltweite Online Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4  (HTTP value)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Mozy Status.lnk" - "Mozy" - C:\Program Files\Mozy\MozyHomeEuropestat.exe  (Shortcut exists | File exists)
"Audible Download Manager.lnk" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe  (Shortcut exists | File exists)
"web'n'walk Manager.lnk" - "T-Mobile" - C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ABBYY Screenshot Reader Retail" - "ABBYY" - "C:\Program Files\ABBYY Screenshot Reader\ScreenshotReader.exe" -autorun
"Picasa Media Detector" - "Google Inc." - C:\Program Files\Picasa2\PicasaMediaDetector.exe
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
"Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"SpybotSD TeaTimer" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"TomTomHOME.exe" - "TomTom" - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
"TOSCDSPD" - "TOSHIBA" - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"!AVG Anti-Spyware" - "GRISOFT s.r.o." - "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"ABBYY Screenshot Reader Retail" - "ABBYY" - "C:\Program Files\ABBYY Screenshot Reader\ScreenShotReader.exe" -autorun
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NDSTray.exe" - ? - NDSTray.exe  (File not found)
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Sony Ericsson PC Suite" - ? - "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"topi" - "TOSHIBA" - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
"Toshiba Registration" - "Toshiba" - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ABBYY.Licensing.FineReader.ScreenshotReader.9.0" (ABBYY.Licensing.FineReader.ScreenshotReader.9.0) - "ABBYY" - C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
"AccSys WiFi Component" (accsvc) - "AccSys GmbH" - C:\Program Files\Common Files\AccSys\accsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
"AVG Anti-Spyware Guard" (AVG Anti-Spyware Guard) - "GRISOFT s.r.o." - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"ConfigFree Service" (CFSvcs) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"GtDetectSc" (GtDetectSc) - "Option" - C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozy Backupdienst" (MozyHomeEuropebackup) - "Mozy" - C:\Program Files\Mozy\MozyHomeEuropebackup.exe
"NMSAccess" (NMSAccess) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
"TOSHIBA Navi Support Service" (TNaviSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe
"Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

03.02.2011, 19:20	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus 'EXP/Pidief.crk.2' [exploit] und 'TR/Spy.Gen' [trojan] gefunden Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes. __________________ Logfiles bitte immer in CODE-Tags posten

06.02.2011, 20:49	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus 'EXP/Pidief.crk.2' [exploit] und 'TR/Spy.Gen' [trojan] gefunden Und die anderen Logs sind wo? __________________ Logfiles bitte immer in CODE-Tags posten

Virus 'EXP/Pidief.crk.2' [exploit] und 'TR/Spy.Gen' [trojan] gefunden

Plagegeister aller Art und deren Bekämpfung: Virus 'EXP/Pidief.crk.2' [exploit] und 'TR/Spy.Gen' [trojan] gefunden