struppyx | 11.02.2012 07:59 | Guten Morgen Arne,
nun habe ich alle Logs zusammen:
GMER: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-11 07:52:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST912082 rev.7.24
Running: 47crshwe.exe; Driver: C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\fftdqpog.sys
---- System - GMER 1.0.15 ----
SSDT spec.sys ZwCreateKey [0xB9EAB0E0]
SSDT spec.sys ZwEnumerateKey [0xB9EC8CA2]
SSDT spec.sys ZwEnumerateValueKey [0xB9EC9030]
SSDT spec.sys ZwOpenKey [0xB9EAB0C0]
SSDT spec.sys ZwQueryKey [0xB9EC9108]
SSDT spec.sys ZwQueryValueKey [0xB9EC8F88]
SSDT spec.sys ZwSetValueKey [0xB9EC919A]
INT 0x62 ? 8A685BF8
INT 0x73 ? 8A615BF8
INT 0x73 ? 8A684BF8
INT 0x73 ? 8A615BF8
INT 0xA4 ? 8A684BF8
---- Kernel code sections - GMER 1.0.15 ----
? spec.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B83B28AC 5 Bytes JMP 8A6841D8
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[288] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008E0001
.text C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[288] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[288] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[400] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BA0001
.text C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[400] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[400] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[416] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F10001
.text C:\Programme\Java\jre6\bin\jqs.exe[416] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[416] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Programme\Google\Update\GoogleUpdate.exe[484] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FA0001
.text C:\Programme\Google\Update\GoogleUpdate.exe[484] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A60F5A
.text C:\Programme\Google\Update\GoogleUpdate.exe[484] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[500] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CB0001
.text C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[500] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[500] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\Explorer.EXE[580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F00001
.text C:\WINDOWS\Explorer.EXE[580] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\Explorer.EXE[580] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[584] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AF0001
.text C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[584] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[584] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[616] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01310001
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[616] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A60F5A
.text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[616] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe[624] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DE0001
.text C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe[624] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe[624] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F50001
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01820001
.text C:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A60F5A
.text C:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01490001
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01340001
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A60F5A
.text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Programme\iTunes\iTunesHelper.exe[1008] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BB0001
.text C:\Programme\iTunes\iTunesHelper.exe[1008] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Programme\iTunes\iTunesHelper.exe[1008] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01FA0001
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E50001
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01010001
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\bgsvcgen.exe[1280] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010F0001
.text C:\WINDOWS\system32\bgsvcgen.exe[1280] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\WINDOWS\system32\bgsvcgen.exe[1280] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Programme\Bonjour\mDNSResponder.exe[1316] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CF0001
.text C:\Programme\Bonjour\mDNSResponder.exe[1316] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\Programme\Bonjour\mDNSResponder.exe[1316] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 052B0001
.text C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1356] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1356] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[1364] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F50001
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[1364] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[1364] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02650001
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D60001
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 07400001
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[1568] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010D0001
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[1568] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[1568] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BB0001
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe[1704] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B00001
.text C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe[1704] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe[1704] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DD0001
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DC0001
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1892] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 0A6D0001
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1892] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1892] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1992] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D90001
.text C:\WINDOWS\system32\spoolsv.exe[1992] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text C:\WINDOWS\system32\spoolsv.exe[1992] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2052] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E00001
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2052] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2052] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[2124] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01540001
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[2124] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[2124] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe[2172] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008D0001
.text C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe[2172] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe[2172] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Programme\Synology Data Replicator 3\SynoDrService.exe[2220] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00980001
.text C:\Programme\Synology Data Replicator 3\SynoDrService.exe[2220] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Programme\Synology Data Replicator 3\SynoDrService.exe[2220] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2268] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DA0001
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2268] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2268] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AD0F5A
.text E:\Temp\47crshwe.exe[2384] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001
.text E:\Temp\47crshwe.exe[2384] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text E:\Temp\47crshwe.exe[2384] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 011B0001
.text C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[2432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B80001
.text C:\WINDOWS\system32\igfxsrvc.exe[2432] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[2432] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[2520] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013C0001
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[2520] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[2520] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Programme\iPod\bin\iPodService.exe[2604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00980001
.text C:\Programme\iPod\bin\iPodService.exe[2604] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Programme\iPod\bin\iPodService.exe[2604] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe[2824] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001
.text C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe[2824] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe[2824] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\system32\igfxtray.exe[2868] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001
.text C:\WINDOWS\system32\igfxtray.exe[2868] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\igfxtray.exe[2868] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2908] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009D0001
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2908] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2908] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\system32\hkcmd.exe[2920] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001
.text C:\WINDOWS\system32\hkcmd.exe[2920] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\hkcmd.exe[2920] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\system32\igfxpers.exe[2956] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B70001
.text C:\WINDOWS\system32\igfxpers.exe[2956] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\igfxpers.exe[2956] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\System32\alg.exe[3008] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00940001
.text C:\WINDOWS\System32\alg.exe[3008] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\System32\alg.exe[3008] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3060] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A00001
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3060] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3060] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[3292] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C60001
.text C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[3292] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[3292] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Programme\Microsoft Security Client\msseces.exe[3660] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CD0001
.text C:\Programme\Microsoft Security Client\msseces.exe[3660] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Programme\Microsoft Security Client\msseces.exe[3660] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[3664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FC0001
.text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[3664] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A70F5A
.text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[3664] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3816] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DC0001
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3816] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3816] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3820] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B30001
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3820] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3820] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[3856] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D40001
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[3856] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A70F5A
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[3856] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[3976] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B60001
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[3976] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[3976] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EAC046] spec.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EAC142] spec.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EAC0C4] spec.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EAC7CE] spec.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EAC6A4] spec.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB7D7A] spec.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F12F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F12C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F12CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F12CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [011C2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [011C2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [011C2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [011C2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A6831F8
Device \Driver\usbuhci \Device\USBPDO-0 89B5B1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A6161F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A6161F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A6161F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A6161F8
Device \Driver\usbuhci \Device\USBPDO-1 89B5B1F8
Device \Driver\usbuhci \Device\USBPDO-2 89B5B1F8
Device \Driver\usbuhci \Device\USBPDO-3 89B5B1F8
Device \Driver\usbehci \Device\USBPDO-4 89B2E1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D96C6CDB-062D-46B2-B66F-FA4B9ECC5E51} 897BC500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6861F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6861F8
Device \Driver\Cdrom \Device\CdRom0 89B071F8
Device \Driver\iastor \Device\Ide\iaStor0 [B9D585D0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DE0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9DE0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 [B9D585D0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 897BC500
Device \Driver\NetBT \Device\NetbiosSmb 897BC500
Device \Driver\usbuhci \Device\USBFDO-0 89B5B1F8
Device \Driver\usbuhci \Device\USBFDO-1 89B5B1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8983B500
Device \Driver\usbuhci \Device\USBFDO-2 89B5B1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8983B500
Device \Driver\usbuhci \Device\USBFDO-3 89B5B1F8
Device \Driver\usbehci \Device\USBFDO-4 89B2E1F8
Device \Driver\Ftdisk \Device\FtControl 8A6861F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CEAE2D63-0D6E-426B-A352-BE5CF7D88C2A} 897BC500
Device \FileSystem\Cdfs \Cdfs 89A58500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- Files - GMER 1.0.15 ----
File C:\Dokumente und Einstellungen\tmondelli.NB-001\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4TFY2B41\integrity-local[1].txt 40 bytes
File C:\Dokumente und Einstellungen\tmondelli.NB-001\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4TFY2B41\integrity-local[2].txt 40 bytes
---- EOF - GMER 1.0.15 ---- OSAM: Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:08:52 on 10.02.2012
OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\WINDOWS\system32\sdnclean.exe
[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"Check for updates (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Refresh immunization (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDImmunize.exe
"Scan the system (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDScan.exe
"MP Scheduled Scan.job" - "Microsoft Corporation" - C:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe
"Synology Data Replicator 3-NB-001-tmondelli.job" - ? - C:\Programme\Synology Data Replicator 3\Backup.exe
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"ImageDrive.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\ImageDrive.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"HPWACpl" - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\HP Wireless Assistant\WACntlPnl.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"BlackBerry-Smartphone" (RimUsb) - ? - C:\WINDOWS\System32\Drivers\RimUsb.sys (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\catchme.sys (File not found)
"cercsr6" (cercsr6) - "Adaptec, Inc." - C:\WINDOWS\system32\drivers\cercsr6.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"fftdqpog" (fftdqpog) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\fftdqpog.sys (Hidden registry entry, rootkit activity | File not found)
"GEAR ASPI Filter Driver" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found)
"MpKsla4b0dc35" (MpKsla4b0dc35) - "Microsoft Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{126C6DA4-AF2A-4415-89FA-30A859E32C96}\MpKsla4b0dc35.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"SANDRA" (SANDRA) - ? - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\WNt500x86\Sandra.sys (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"Spybot-S&D 2 Hook Driver" (SDHookDriver) - ? - C:\Programme\Spybot - Search & Destroy 2\SDHookDrv32.sys (File found, but it contains no detailed information)
"tclondrv" (tclondrv) - ? - C:\WINDOWS\System32\DRIVERS\tclondrv.sys (File not found)
"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
"WinDriver6" (WinDriver6) - "Jungo" - C:\WINDOWS\System32\drivers\windrvr6.sys
[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{9C450606-ED24-4958-92BA-B8940C99D441} "PixiePack Codec Pack 1.1.400.0" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Programme\Pinnacle\VideoSpin\Programs\BlueShellExt.dll (File found, but it contains no detailed information)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll (File found, but it contains no detailed information)
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found)
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI239C~1\shellext.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{44176360-2BBF-4EC1-93CE-384B8681A0BC} "Spybot-S&D Explorer Integration" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDECon32.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? - (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx / hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10t.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} "StumbleUpon" - "StumbleUpon Inc." - C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUpon.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[Logon]
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\tmondelli.NB-001\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ISUSPM" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"IntelWireless" - "Intel Corporation" - "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
"IntelZeroConfig" - "Intel Corporation" - "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
"iSaverCtrl" - "infoMantis GmbH" - C:\Programme\iSaver\iSaverCtrl.exe --startup
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"MSC" - "Microsoft Corporation" - "C:\Programme\Microsoft Security Client\msseces.exe" -hide -runkey
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SDTray" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe"
"Spybot-S&D Cleaning" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Broadcom 802.11 Wireless LAN Adapter Logon Provider" - "Broadcom Corporation" - C:\WINDOWS\System32\BCMLogon.dll
"IntelNetProvCredMan" - "Intel Corporation" - c:\windows\system32\netprovcredman.dll
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDFCreator" - "internet-support foehr.com" - C:\WINDOWS\system32\pdfcmnnt.dll
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\WINDOWS\system32\bgsvcgen.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9cc19a2b7bc2e)" (gupdate1c9cc19a2b7bc2e) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"INTERMEDIATE enomic Intern Server" (crmsrv) - ? - "C:\Programme\Intermediate Intern Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf (File not found)
"Intermediate ENOMIC Server" (enomicsrv) - ? - "C:\Programme\Intermediate Demo Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf (File not found)
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LiveShare P2P Server 9" (RoxLiveShare9) - ? - "C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" (File not found)
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
"Spybot S&D 2 Live Protection Service" (SDHookService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe
"Spybot-S&D 2 Scanner Service" (SDScannerService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
"Spybot-S&D 2 Updating Service" (SDUpdateService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
"StumbleUpon Updater" (StumbleUponUpdater) - ? - C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe (File found, but it contains no detailed information)
"SynoDrService" (SynoDrService) - ? - C:\Programme\Synology Data Replicator 3\SynoDrService.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru aswMBR: Code:
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-10 21:19:13
-----------------------------
21:19:13.734 OS Version: Windows 5.1.2600 Service Pack 3
21:19:13.734 Number of processors: 2 586 0xF06
21:19:13.734 ComputerName: NB-001 UserName:
21:19:14.109 Initialize success
21:19:18.484 AVAST engine defs: 12021000
21:19:22.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:19:22.312 Disk 0 Vendor: ST912082 7.24 Size: 114473MB BusType: 3
21:19:22.468 Disk 0 MBR read successfully
21:19:22.468 Disk 0 MBR scan
21:19:22.500 Disk 0 Windows XP default MBR code
21:19:22.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 50011 MB offset 63
21:19:22.546 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 64459 MB offset 102422880
21:19:22.640 Disk 0 scanning sectors +234435600
21:19:22.859 Disk 0 scanning C:\WINDOWS\system32\drivers
21:19:57.281 Service scanning
21:19:57.609 Service MpKsla4b0dc35 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{126C6DA4-AF2A-4415-89FA-30A859E32C96}\MpKsla4b0dc35.sys **LOCKED** 32
21:19:57.656 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
21:19:58.187 Modules scanning
21:21:06.265 Disk 0 trace - called modules:
21:21:06.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spwf.sys >>UNKNOWN [0x8a636944]<<
21:21:06.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5889c0]
21:21:06.328 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000091[0x8a58aa28]
21:21:06.328 5 ACPI.sys[b9e69620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a589030]
21:21:06.703 AVAST engine scan C:\WINDOWS
21:21:38.187 AVAST engine scan C:\WINDOWS\system32
21:33:45.000 AVAST engine scan C:\WINDOWS\system32\drivers
21:34:46.140 AVAST engine scan C:\Dokumente und Einstellungen\tmondelli.NB-001
21:42:33.421 AVAST engine scan C:\Dokumente und Einstellungen\All Users
21:44:12.218 Scan finished successfully
21:51:55.406 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\MBR.dat"
21:51:55.421 The log file has been saved successfully to "C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\aswMBR.txt" Bin gespannt auf deine Einschätzung
Gruß Thomas |