Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   System Check Malware entfernt, aber immer noch Probleme (https://www.trojaner-board.de/109230-system-check-malware-entfernt-immer-noch-probleme.html)

struppyx 06.02.2012 17:04
System Check Malware entfernt, aber immer noch Probleme
 
Hallo,
ich hoffe ihr könnt mir weiter helfen. Vor ein paar Tagen habe ich mir die System Check Malware eingefangen. Zwar konnte ich sie mit diversen Tools (Trojan Remover, Malewarebytes, Kaspersky Internet Security) wieder entfernen, dennoch plagen mich seitdem noch ein paar Probleme. Hier im Einzelnen:

1. Falsche Weiterleitung bei Google
Rufe ich im Firefox Google auf und wähle einen Link aus dem Suchergebnis aus, werde ich in unregelmäßigen Abständen auf Werbeseiten weitergeleitet. Erst mit dem Zurück-Button komme ich auf die eigentlich gesuchte Seite.

2. Probleme beim Öffnen von Word 2003
Öffne ich Word über Start/ Alle Programme /Microsoft Office/ Winword öffnet sich zuerst der Windows Installer. Nach einiger Zeit erscheint die Meldung, dass die Windows-Registrierung festgestellt hat, dass eine oder mehrere benötigte Dateien beschädigt sind. Allerdings danach öffnet sich Word ohne Einschränkungen. Öffnen über Doppelklick auf eine Word-Dokument funktioniert.

3. Fehlende Einträge Unter Start / Alle Programme
Nach dem "System Check"-Angriff waren zuerst keine Programme mehr über den Aufruf "Start /Alle Programme" zu öffnen. Anschließend habe ich die wichtigsten Verknüpfungen wieder manuell hergestellt, aber vielleicht gibt es auch noch eine einfachere Methode, um die Verknüpfungen wieder herzustellen.

Hier noch ein paar Infos zu meinem System:
Windows XP Professional Edition Service Pack 3

Zur Zeit aktive Sicherheitssoftware:
- Kaspersky Internet Security 2012
- Microsoft Security Essentials
- Spybot 2

Ich freue mich auf Eure Unterstützung

Vielen Dank im Voraus

struppyx 06.02.2012 19:14
Malware "System Check" entfernt , aber immer noch Probleme
 
Hallo,
nachdem ich schon mal unter dem Plagegeister-Board gepostet habe, hier nochmal mein Problem inkl. OTL- und Malewarebytes-Auswertung.

Vor ein paar Tagen habe ich mir die "System Check" Malware eingefangen. Zwar konnte ich die Maleware mit diversen Tools (Trojan Remover, Malewarebytes, Kaspersky Internet Security) wieder entfernen, dennoch plagen mich seitdem noch ein paar Probleme. Hier im Einzelnen:

1. Falsche Weiterleitung bei Google
Rufe ich im Firefox Google auf und wähle einen Link aus dem Suchergebnis aus, werde ich in unregelmäßigen Abständen auf Werbeseiten weitergeleitet. Erst mit dem Zurück-Button komme ich auf die eigentlich gesuchte Seite.

2. Probleme beim Öffnen von Word 2003
Öffne ich Word über Start/ Alle Programme /Microsoft Office/ Winword öffnet sich zuerst der Windows Installer. Nach einiger Zeit erscheint die Meldung, dass die Windows-Registrierung festgestellt hat, dass eine oder mehrere benötigte Dateien beschädigt sind. Allerdings danach öffnet sich Word ohne Einschränkungen. Öffnen über Doppelklick auf eine Word-Dokument funktioniert.

3. Fehlende Einträge Unter Start / Alle Programme
Nach dem "System Check"-Angriff waren zuerst keine Programme mehr über den Aufruf "Start /Alle Programme" zu öffnen. Anschließend habe ich die wichtigsten Verknüpfungen wieder manuell hergestellt, aber vielleicht gibt es auch noch eine einfachere Methode, um die Verknüpfungen wieder herzustellen.

Ich freue mich auf Eure Unterstützung



Vielen Dank im Voraus

cosinus 06.02.2012 20:23
Edit:

Hab die Themen zusammengeführt, hab eben erst gesehen dass du 2x einen Strang eröffnet hast.
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

struppyx 06.02.2012 22:55
Hallo Arne,

ich habe mal alle verfügbaren Log-Dateien angehängt, wie du siehst war ich schon kräftig am Scannen. Ich hoffe du kannst damit etwas anfangen.

Gruß Thomas

cosinus 07.02.2012 09:16
Zitat:
C:\Dokumente und Einstellungen\tmondelli\Anwendungsdaten\Thinstall\CyberLink PowerDVD 8\4000001a00002i\OLRStateCheck.exe (Trojan.IRCBot)
Aus welcher Quelle stammt dein PowerDVD8? :wtf:

struppyx 07.02.2012 15:19
Power DVD? Oh das ist schon sehr lange her. Den hatte ich mal als Freeware oder Testversion drauf. Die Quelle war wahrscheinlich Chip.de, mit Gewissheit kann ich das aber nicht mehr sagen. Jedenfalls habe ich ihn wieder deinstalliert und auch in der Systemverwaltung unter Software taucht er nicht mehr auf.

Gruß Thomas

cosinus 07.02.2012 16:35
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


struppyx 07.02.2012 23:04
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f244a1adedb0e548996722e6be23e121
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-07 03:50:55
# local_time=2012-02-07 04:50:55 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 108081 108081 0 0
# compatibility_mode=1280 16777215 100 0 530445 530445 0 0
# compatibility_mode=5891 16776869 42 87 6843 25500694 0 0
# compatibility_mode=7937 16777214 0 25 351381 351381 0 0
# compatibility_mode=8192 67108863 100 0 3687 3687 0 0
# scanned=606
# found=0
# cleaned=0
# scan_time=32
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f244a1adedb0e548996722e6be23e121
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-07 03:52:27
# local_time=2012-02-07 04:52:27 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 108178 108178 0 0
# compatibility_mode=1280 16777215 100 0 530542 530542 0 0
# compatibility_mode=5891 16776869 42 87 6940 25500791 0 0
# compatibility_mode=7937 16777214 0 25 351478 351478 0 0
# compatibility_mode=8192 67108863 100 0 3784 3784 0 0
# scanned=603
# found=0
# cleaned=0
# scan_time=28
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f244a1adedb0e548996722e6be23e121
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-07 06:48:09
# local_time=2012-02-07 07:48:09 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 108331 108331 0 0
# compatibility_mode=1280 16777215 100 0 530695 530695 0 0
# compatibility_mode=5891 16776869 42 87 7093 25500944 0 0
# compatibility_mode=7937 16777214 0 25 351631 351631 0 0
# compatibility_mode=8192 67108863 100 0 3937 3937 0 0
# scanned=185912
# found=14
# cleaned=0
# scan_time=10416
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\31\4c85eb1f-7564988e Java/Agent.EA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P8NDW5F5\d70e4045217c66273d5781a34817ed11[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P8NDW5F5\mooneydesign_net[1].txt HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
E:\Temp\nl_setup_beta.exe probably a variant of Win32/Packed.Themida application (unable to clean) 00000000000000000000000000000000 I
E:\Temp\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
E:\Temp\SoftonicDownloader_fuer_excel-kassenbuch.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
E:\Temp\SoftonicDownloader_fuer_norton-ghost.exe Win32/SoftonicDownloader.C application (unable to clean) 00000000000000000000000000000000 I
E:\Temp\SoftonicDownloader_fuer_ratdvd.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
E:\Temp\unlocker1.9.0.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
E:\Tommythek\Cesar 3\clsc3trn.zip a variant of Win32/Packed.PECrypt32.A application (unable to clean) 00000000000000000000000000000000 I
E:\Tommythek\Fun\screens\MAEUSE.EXE Win16/Hoax.BadJoke.MouseShoot.A virus (unable to clean) 00000000000000000000000000000000 I
E:\Tommythek\Software-Tools HTPC\Setup_MoviesToDVD.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
E:\Tommythek\Software-Tools HTPC\SoftonicDownloader47467.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
E:\Tommythek\Tools\Setup_FreeVideoConverter.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I

cosinus 08.02.2012 09:46
Zitat:
E:\Temp\registrybooster.exe Win32/RegistryBooster application (unable to clean)
Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Zitat:
E:\Temp\SoftonicDownloader_fuer_excel-kassenbuch.exe a variant of Win32/SoftonicDownloader.A application (unable to clean)
Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

struppyx 08.02.2012 10:10
Vielen Dank für deine Ratschläge.

Die Softonic Downloads habe ich bereits von der Festplatte gelöscht und auch die anderen Files die Eset auf meiner D-Partition gefunden hat, werde ich umgehend löschen.
Was meinst du, wie ich ich mit den andern Auffälligkeiten umgehen soll, die sich auf meiner C-Platte befinden

Zitat:
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\31\4c85eb1f-7564988e Java/Agent.EA trojan (unable to clean) 00000000000000000000000000000000 I

C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P8NDW5F5\d70e4045217c66273d5781a34817ed11[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P8NDW5F5\mooneydesign_net[1].txt HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

Gruß Thomas

cosinus 08.02.2012 11:45
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

struppyx 08.02.2012 15:25
Code:
OTL logfile created on: 08.02.2012 14:52:29 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 57,67% Memory free
3,83 Gb Paging File | 2,84 Gb Available in Paging File | 74,18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 2046 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,84 Gb Total Space | 7,98 Gb Free Space | 16,33% Space Free | Partition Type: NTFS
Drive E: | 62,95 Gb Total Space | 5,54 Gb Free Space | 8,80% Space Free | Partition Type: NTFS
Drive M: | 1829,35 Gb Total Space | 817,36 Gb Free Space | 44,68% Space Free | Partition Type: NTFS
Drive N: | 1829,35 Gb Total Space | 817,36 Gb Free Space | 44,68% Space Free | Partition Type: NTFS
Drive P: | 1829,35 Gb Total Space | 817,36 Gb Free Space | 44,68% Space Free | Partition Type: NTFS
Drive T: | 1829,35 Gb Total Space | 817,36 Gb Free Space | 44,68% Space Free | Partition Type: NTFS
Drive U: | 1829,35 Gb Total Space | 817,36 Gb Free Space | 44,68% Space Free | Partition Type: NTFS
Drive V: | 1829,35 Gb Total Space | 817,36 Gb Free Space | 44,68% Space Free | Partition Type: NTFS
 
Computer Name: NB-001 | User Name: tmondelli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.06 15:58:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\OTL.exe
PRC - [2012.02.02 00:52:07 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Programme\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2011.11.22 09:59:30 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe
PRC - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.10.05 15:46:52 | 003,578,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011.10.05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011.10.05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011.10.05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2010.01.12 03:45:36 | 000,245,760 | ---- | M] () -- C:\Programme\Synology Data Replicator  3\SynoDrService.exe
PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.11.01 13:51:34 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007.11.01 13:47:08 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2007.03.16 10:45:30 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006.09.11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.22 09:59:30 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe
MOD - [2011.10.05 13:53:06 | 000,576,000 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011.04.20 12:39:12 | 000,565,827 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2010.01.12 03:45:36 | 000,245,760 | ---- | M] () -- C:\Programme\Synology Data Replicator  3\SynoDrService.exe
MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2007.11.01 13:36:58 | 000,245,760 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] --  -- (enomicsrv)
SRV - File not found [On_Demand | Stopped] --  -- (crmsrv)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Programme\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011.11.22 09:59:30 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe -- (StumbleUponUpdater)
SRV - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.10.05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)
SRV - [2011.10.05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
SRV - [2011.10.05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.01.12 03:45:36 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Programme\Synology Data Replicator  3\SynoDrService.exe -- (SynoDrService)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.01 14:29:14 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012.01.05 18:07:40 | 000,246,816 | ---- | M] (IObit) [File_System | Disabled | Stopped] -- C:\Programme\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.05 15:45:46 | 000,038,504 | ---- | M] () [Kernel | System | Running] -- C:\Programme\Spybot - Search & Destroy 2\SDHookDrv32.sys -- (SDHookDriver)
DRV - [2011.09.20 14:29:32 | 000,016,208 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Programme\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011.09.20 14:29:30 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Programme\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2011.03.10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2009.11.02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.10.26 11:55:24 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009.10.07 09:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009.10.07 09:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2009.10.07 09:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.03.24 18:42:51 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.12.17 07:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.11.17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008.04.14 00:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007.10.31 10:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007.08.27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005.08.05 11:33:56 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005.03.21 13:05:46 | 000,333,620 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2001.08.18 04:20:12 | 000,097,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-1177238915-789336058-1957994488-1112\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-1177238915-789336058-1957994488-1112\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1177238915-789336058-1957994488-1112\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mondelli.de/
IE - HKU\S-1-5-21-1177238915-789336058-1957994488-1112\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1177238915-789336058-1957994488-1112\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1177238915-789336058-1957994488-1112\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1177238915-789336058-1957994488-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-839522115-1682526488-2147230659-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-839522115-1682526488-2147230659-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/
IE - HKU\S-1-5-21-839522115-1682526488-2147230659-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.mondelli.de/ [binary data]
IE - HKU\S-1-5-21-839522115-1682526488-2147230659-1010\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-839522115-1682526488-2147230659-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mondelli.de/
IE - HKU\S-1-5-21-839522115-1682526488-2147230659-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839522115-1682526488-2147230659-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.mondelli.de"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7
FF - prefs.js..extensions.enabledItems: it-IT@dictionaries.addons.mozilla.org:3.3.1
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Programme\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Programme\Google\Google Gears\Firefox\ [2010.04.17 20:47:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.02.01 14:55:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.02.01 14:55:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\KavAntiBanner@Kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.02.01 14:55:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.03 00:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.11.10 15:49:14 | 000,000,000 | ---D | M]
 
[2011.04.03 20:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Mozilla\Extensions
[2011.04.03 20:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com
[2011.12.29 19:07:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Mozilla\Firefox\Profiles\u67unzlk.default\extensions
[2011.01.07 08:54:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Mozilla\Firefox\Profiles\u67unzlk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.26 16:18:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Mozilla\Firefox\Profiles\u67unzlk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.12.29 19:07:52 | 000,000,000 | ---D | M] ("SecretHelper") -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Mozilla\Firefox\Profiles\u67unzlk.default\extensions\{eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c58}
[2011.05.02 07:59:18 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Mozilla\Firefox\Profiles\u67unzlk.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011.01.17 10:43:15 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Mozilla\Firefox\Profiles\u67unzlk.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.01.19 17:35:39 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Mozilla\Firefox\Profiles\u67unzlk.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011.04.30 16:17:33 | 000,000,000 | ---D | M] (Dizionario italiano) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Mozilla\Firefox\Profiles\u67unzlk.default\extensions\it-IT@dictionaries.addons.mozilla.org
[2012.02.06 13:24:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.06 13:24:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012.02.03 00:04:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.06 13:21:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.04 20:42:46 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 20:42:46 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.04 20:42:46 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 20:42:46 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 20:42:46 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.04 20:42:46 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Programme\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Programme\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Programme\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1177238915-789336058-1957994488-1112\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-1177238915-789336058-1957994488-1112\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-839522115-1682526488-2147230659-1010\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-839522115-1682526488-2147230659-1010\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [iSaverCtrl] C:\Programme\iSaver\iSaverCtrl.exe (infoMantis GmbH)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SDTray] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\.DEFAULT..\Run: [EPSON SX100 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-18..\Run: [EPSON SX100 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1177238915-789336058-1957994488-1112..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1177238915-789336058-1957994488-1112..\Run: [tunebite.exe] C:\Programme\tunebite\tunebite.exe -hidden File not found
O4 - HKU\S-1-5-21-839522115-1682526488-2147230659-1003..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-21-839522115-1682526488-2147230659-1010..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-839522115-1682526488-2147230659-1010..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingE6993] C:\Programme\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1177238915-789336058-1957994488-1112\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1177238915-789336058-1957994488-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1177238915-789336058-1957994488-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1177238915-789336058-1957994488-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1682526488-2147230659-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-839522115-1682526488-2147230659-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1682526488-2147230659-1010\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-839522115-1682526488-2147230659-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-839522115-1682526488-2147230659-1011\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Programme\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232100633390 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intermediate.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEAE2D63-0D6E-426B-A352-BE5CF7D88C2A}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\tmondelli.NB-001\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\tmondelli.NB-001\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.16 09:09:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.12.27 13:07:45 | 000,000,000 | ---D | M] - N:\Automatisch zu iTunes hinzufügen -- [ NTFS ]
O33 - MountPoints2\{4770e470-ad79-11e0-9b7d-0017a4d57d48}\Shell - "" = AutoRun
O33 - MountPoints2\{4770e470-ad79-11e0-9b7d-0017a4d57d48}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4770e470-ad79-11e0-9b7d-0017a4d57d48}\Shell\AutoRun\command - "" = F:\KODAK_Software_Downloader.exe
O33 - MountPoints2\{7f5e9093-8997-11df-9b23-0017a4d57d48}\Shell - "" = AutoRun
O33 - MountPoints2\{7f5e9093-8997-11df-9b23-0017a4d57d48}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7f5e9093-8997-11df-9b23-0017a4d57d48}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{e1fcca23-0c02-11df-9b4e-0019d2579988}\Shell\AutoRun\command - "" = F:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Philips Device Listener - hkey= - key= - C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: IMFservice - C:\Programme\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{6F1A8016-065F-4C94-B87B-83776247315C} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mjpg - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.07 16:48:57 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.02.07 15:04:40 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2012.02.06 16:09:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\OTL.exe
[2012.02.06 13:57:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Eigene Dateien\Simply Super Software
[2012.02.06 13:56:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Trojan Remover
[2012.02.06 13:56:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2012.02.06 13:55:54 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2012.02.06 13:55:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Simply Super Software
[2012.02.06 13:55:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software
[2012.02.06 13:26:59 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.02.06 13:24:25 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.02.06 13:24:25 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.02.06 13:24:25 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.02.06 13:24:25 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.02.06 11:49:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Startmenü\Programme\HiJackThis
[2012.02.06 11:49:03 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2012.02.04 18:25:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Startmenü\Programme\SmartTools
[2012.02.04 18:25:17 | 000,000,000 | ---D | C] -- C:\Programme\SmartTools
[2012.02.03 14:41:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.02.03 14:03:32 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Terminator
[2012.02.03 13:41:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2012.02.03 13:37:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Lokale Einstellungen\Anwendungsdaten\PackageAware
[2012.02.03 12:53:35 | 000,407,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSHFLXGD.OCX
[2012.02.03 12:19:24 | 000,598,016 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\WINDOWS\System32\SYNSOPOS.exe
[2012.02.03 12:19:24 | 000,017,784 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\WINDOWS\System32\drivers\NSynas32.sys
[2012.02.03 12:05:10 | 000,000,000 | ---D | C] -- C:\ArCon
[2012.02.03 11:20:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Malwarebytes
[2012.02.03 11:19:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.02.03 11:19:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.02.03 11:19:14 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.02.03 11:19:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.02.03 08:09:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2012.02.03 08:07:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2
[2012.02.03 08:06:25 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2012.02.03 08:06:08 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2
[2012.02.03 06:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IObit Malware Fighter
[2012.02.03 06:30:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\IObit
[2012.02.03 06:30:37 | 000,000,000 | ---D | C] -- C:\Programme\IObit
[2012.02.03 00:02:38 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Recent
[2012.02.02 21:49:42 | 001,115,704 | ---- | C] (mb Software AG) -- C:\WINDOWS\System32\O2CPlayer.OCX
[2012.02.02 21:49:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Startmenü\Programme\Rondomedia
[2012.02.02 21:48:52 | 000,000,000 | ---D | C] -- C:\Programme\directx
[2012.02.02 21:43:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\mbgruppe
[2012.02.02 21:43:31 | 000,243,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar2232.dll
[2012.02.02 21:43:30 | 000,722,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB40032.DLL
[2012.02.02 21:43:28 | 000,977,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjt3032.dll
[2012.02.02 21:43:28 | 000,023,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjter32.dll
[2012.02.02 21:43:27 | 000,035,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjint32.dll
[2012.02.02 21:43:25 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dao350.dll
[2012.02.02 21:42:05 | 000,000,000 | ---D | C] -- C:\3DBauGarten
[2012.02.02 19:28:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\InstallShield
[2012.02.02 14:25:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\ElevatedDiagnostics
[2012.02.02 14:11:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows PowerShell 1.0
[2012.02.02 14:10:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012.02.02 13:46:03 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012.02.02 13:43:24 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[2012.02.01 23:57:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012.02.01 21:22:50 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.02.01 14:33:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data
[2012.02.01 14:32:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Kaspersky Internet Security 2012
[2012.02.01 14:29:39 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2012.02.01 14:29:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
[2012.02.01 14:29:14 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012.02.01 09:48:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
[2012.02.01 09:48:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun
[2012.02.01 09:26:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2012.02.01 09:26:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2012.01.28 11:40:42 | 000,000,000 | ---D | C] -- C:\Programme\Lame For Audacity
[2012.01.23 20:52:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2012.01.23 20:51:55 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2012.01.17 16:01:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Audacity
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\tmondelli.NB-001\*.tmp files -> C:\Dokumente und Einstellungen\tmondelli.NB-001\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.08 14:57:02 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.08 14:41:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012.02.07 16:34:51 | 000,000,352 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012.02.07 15:04:24 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2012.02.07 15:02:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.07 15:01:58 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012.02.07 15:01:50 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.07 15:00:55 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012.02.07 14:55:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.07 14:55:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012.02.06 15:58:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\OTL.exe
[2012.02.06 13:51:02 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012.02.06 13:36:08 | 000,002,453 | ---- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\HiJackThis.lnk
[2012.02.06 13:21:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012.02.06 13:21:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.02.06 13:21:23 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.02.06 13:21:23 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.02.06 13:21:23 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.02.06 12:22:39 | 000,521,214 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.02.06 12:22:39 | 000,497,246 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.02.06 12:22:39 | 000,102,840 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.02.06 12:22:39 | 000,085,730 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.02.06 00:13:21 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\Synology Data Replicator 3-NB-001-tmondelli.job
[2012.02.03 13:13:40 | 000,000,000 | R--- | M] () -- C:\WINDOWS\hosts.20120203-133051.backup
[2012.02.03 08:09:23 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012.02.03 08:09:20 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.02.03 08:07:26 | 000,001,806 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012.02.02 21:50:03 | 000,008,192 | -HS- | M] () -- C:\WINDOWS\o2cLicStore.bin
[2012.02.02 21:49:42 | 001,115,704 | ---- | M] (mb Software AG) -- C:\WINDOWS\System32\O2CPlayer.OCX
[2012.02.02 21:49:02 | 000,000,503 | ---- | M] () -- C:\WINDOWS\System32\FeMakro.ini
[2012.02.02 21:49:02 | 000,000,497 | ---- | M] () -- C:\WINDOWS\System32\FeAnim.ini
[2012.02.02 21:48:43 | 000,008,184 | ---- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Eigene Dateien\cc_20120202_214757.reg
[2012.02.02 19:22:15 | 000,013,626 | ---- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Eigene Dateien\cc_20120202_192134.reg
[2012.02.02 15:09:29 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.02.02 14:26:27 | 000,026,844 | ---- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Eigene Dateien\cc_20120202_142620.reg
[2012.02.02 14:24:19 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.02.02 13:45:12 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012.02.02 00:54:59 | 000,001,149 | ---- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\Verknüpfung mit WINWORD.EXE.lnk
[2012.02.01 21:22:55 | 000,000,079 | ---- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop anzeigen.scf
[2012.02.01 20:51:02 | 000,000,779 | ---- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\Verknüpfung mit Picasa3.exe.lnk
[2012.02.01 20:50:47 | 000,000,931 | ---- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\Verknüpfung mit googleearth.exe.lnk
[2012.02.01 20:50:06 | 000,000,674 | ---- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\iTunes.exe.lnk
[2012.02.01 20:49:25 | 000,000,727 | ---- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\Verknüpfung mit SKAT.EXE.lnk
[2012.02.01 20:47:22 | 000,000,744 | ---- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\firefox.exe.lnk
[2012.02.01 15:05:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.02.01 14:36:36 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2012.02.01 14:32:13 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012.02.01 14:32:13 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012.02.01 14:29:14 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012.02.01 09:21:41 | 000,000,288 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~dtpyrL2JcNeZgp
[2012.02.01 09:21:41 | 000,000,200 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~dtpyrL2JcNeZgpr
[2012.02.01 09:21:37 | 000,000,336 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dtpyrL2JcNeZgp
[2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\tmondelli.NB-001\*.tmp files -> C:\Dokumente und Einstellungen\tmondelli.NB-001\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.06 13:56:09 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2012.02.06 13:56:09 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2012.02.06 13:56:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2012.02.06 13:56:09 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2012.02.06 11:49:05 | 000,002,453 | ---- | C] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\HiJackThis.lnk
[2012.02.03 14:14:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2012.02.03 13:30:51 | 000,000,000 | R--- | C] () -- C:\WINDOWS\hosts.20120203-133051.backup
[2012.02.03 12:19:24 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC.dll
[2012.02.03 12:19:24 | 000,038,958 | ---- | C] () -- C:\WINDOWS\System32\Syncrosoft.pkg
[2012.02.03 12:19:24 | 000,012,770 | R--- | C] () -- C:\WINDOWS\System32\MBSoft.pkg
[2012.02.03 12:19:24 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\synsopos.ini
[2012.02.03 09:54:37 | 000,000,352 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012.02.03 08:09:23 | 000,000,318 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2012.02.03 08:09:20 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.02.03 08:09:18 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2012.02.03 08:07:27 | 000,001,812 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk
[2012.02.03 08:07:26 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012.02.02 21:50:03 | 000,008,192 | -HS- | C] () -- C:\WINDOWS\o2cLicStore.bin
[2012.02.02 21:49:02 | 000,000,503 | ---- | C] () -- C:\WINDOWS\System32\FeMakro.ini
[2012.02.02 21:49:02 | 000,000,497 | ---- | C] () -- C:\WINDOWS\System32\FeAnim.ini
[2012.02.02 21:47:59 | 000,008,184 | ---- | C] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Eigene Dateien\cc_20120202_214757.reg
[2012.02.02 21:43:25 | 000,073,184 | ---- | C] () -- C:\WINDOWS\System32\dao2535.tlb
[2012.02.02 19:21:37 | 000,013,626 | ---- | C] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Eigene Dateien\cc_20120202_192134.reg
[2012.02.02 14:26:23 | 000,026,844 | ---- | C] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Eigene Dateien\cc_20120202_142620.reg
[2012.02.02 14:24:19 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.02.02 13:50:04 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012.02.02 13:45:12 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012.02.02 13:43:39 | 000,001,658 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Security Essentials.lnk
[2012.02.02 00:54:59 | 000,001,149 | ---- | C] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\Verknüpfung mit WINWORD.EXE.lnk
[2012.02.01 21:22:55 | 000,000,079 | ---- | C] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop anzeigen.scf
[2012.02.01 20:51:02 | 000,000,779 | ---- | C] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\Verknüpfung mit Picasa3.exe.lnk
[2012.02.01 20:50:47 | 000,000,931 | ---- | C] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\Verknüpfung mit googleearth.exe.lnk
[2012.02.01 20:50:06 | 000,000,674 | ---- | C] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\iTunes.exe.lnk
[2012.02.01 20:49:25 | 000,000,727 | ---- | C] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\Verknüpfung mit SKAT.EXE.lnk
[2012.02.01 20:47:22 | 000,000,744 | ---- | C] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\firefox.exe.lnk
[2012.02.01 14:36:30 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2012.02.01 14:32:13 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012.02.01 14:32:13 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012.02.01 09:21:41 | 000,000,288 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~dtpyrL2JcNeZgp
[2012.02.01 09:21:41 | 000,000,200 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~dtpyrL2JcNeZgpr
[2012.02.01 09:21:37 | 000,000,336 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dtpyrL2JcNeZgp
[2011.11.30 08:54:37 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2011.11.30 08:54:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2011.05.28 01:34:29 | 000,000,089 | ---- | C] () -- C:\WINDOWS\System32\MSBII.dll
[2011.05.28 01:28:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\WKAuxil.dll
[2011.05.28 01:28:17 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2011.05.28 01:28:17 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2011.05.28 01:28:10 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2011.05.28 01:28:09 | 003,782,416 | ---- | C] () -- C:\WINDOWS\System32\mso97.dll
[2011.04.17 08:37:09 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\rockusbCoInstaller.dll
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2011.02.01 20:51:21 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Lokale Einstellungen\Anwendungsdaten\rx_image.Cache
[2011.01.06 10:21:06 | 000,026,112 | ---- | C] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.13 13:39:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2010.03.20 10:58:11 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010.03.20 10:58:11 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010.03.20 10:58:11 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010.03.20 10:58:11 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010.03.20 10:58:11 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010.03.20 10:58:11 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010.03.20 10:58:11 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010.03.20 10:58:11 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010.03.20 10:58:11 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010.03.20 10:58:11 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010.03.20 10:58:11 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010.03.20 10:58:11 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010.03.20 10:58:11 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010.03.20 10:58:11 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010.03.20 10:58:11 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010.03.20 10:58:11 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010.03.20 10:58:11 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010.03.20 10:58:11 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010.03.20 10:58:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010.03.20 10:53:49 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDESX100DEFGIPS.ini
[2010.02.03 15:25:54 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2009.12.06 23:59:51 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2009.12.01 13:58:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.11.30 09:46:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009.10.29 18:17:21 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009.09.25 17:50:43 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.07.23 08:17:03 | 000,085,928 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.06.11 11:42:52 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009.03.25 18:42:15 | 000,115,020 | ---- | C] () -- C:\WINDOWS\GXTranscoder v2 Uninstaller.exe
[2009.03.12 22:01:33 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.03.09 13:16:51 | 000,014,852 | ---- | C] () -- C:\Programme\settings.dat
[2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.02.23 11:05:25 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.02.23 11:05:25 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.02.22 19:53:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.01.30 14:26:27 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.01.27 15:25:36 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\winitn.dll
[2009.01.27 15:25:31 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009.01.17 15:51:59 | 000,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI
[2009.01.16 20:45:28 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009.01.16 17:51:26 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.01.16 14:37:40 | 000,040,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2009.01.16 14:09:04 | 000,004,550 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2009.01.16 10:21:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.01.16 09:29:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.01.16 09:12:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.01.16 09:06:41 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.01.16 09:00:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.01.16 08:59:42 | 000,462,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2007.01.26 01:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007.01.26 01:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2005.03.29 16:54:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005.03.29 16:54:44 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.04 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 11:00:00 | 000,521,214 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 11:00:00 | 000,497,246 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 11:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 11:00:00 | 000,102,840 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 11:00:00 | 000,085,730 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 11:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2012.02.01 14:33:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Kaspersky Lab
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.27 12:14:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Adobe
[2011.11.23 15:46:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Apple Computer
[2011.11.30 15:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Ashampoo
[2012.01.28 18:04:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Audacity
[2011.03.07 18:02:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\avidemux
[2011.03.07 17:52:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\AVS4YOU
[2011.10.27 17:31:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\DAEMON Tools Lite
[2011.11.29 20:13:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\DivX
[2011.12.08 16:08:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\DVD Flick
[2012.01.27 09:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\dvdcss
[2012.02.02 14:25:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\ElevatedDiagnostics
[2011.03.16 08:34:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\elsterformular
[2011.07.11 14:33:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\EPSON
[2011.03.16 10:18:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Freeze Tag
[2011.05.15 14:38:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Google
[2011.09.10 06:38:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\gtk-2.0
[2011.01.05 16:19:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\HCM Updater
[2011.01.12 16:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Help
[2010.01.28 12:46:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Identities
[2011.07.19 18:34:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Imaxel
[2012.02.02 19:28:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\InstallShield
[2009.01.17 13:36:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Intel
[2012.02.03 06:30:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\IObit
[2011.01.05 16:28:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Leadertech
[2011.05.02 14:33:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Macromedia
[2011.11.30 06:55:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\MAGIX
[2012.02.03 11:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Malwarebytes
[2011.05.12 16:02:45 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Microsoft
[2011.05.20 20:37:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\mkvtoolnix
[2011.01.05 16:47:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Mozilla
[2011.02.02 13:06:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Mp3tag
[2011.02.03 16:05:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Notepad++
[2011.05.03 16:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\OpenOffice.org
[2011.04.04 06:15:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Philips
[2011.04.03 20:29:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Philips-Songbird
[2011.02.04 10:47:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\QuickStoresToolbar
[2011.02.01 20:51:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Roxio
[2011.05.07 10:27:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\ScreeNet iSaver
[2012.02.06 13:55:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Simply Super Software
[2011.07.31 14:31:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Skype
[2011.04.17 08:15:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Songbird2
[2011.11.29 20:10:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon
[2011.01.05 17:31:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Sun
[2011.07.07 09:07:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\TuneAid
[2011.05.20 19:54:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\uTorrent
[2011.10.16 15:50:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Video DVD Maker FREE
[2012.01.20 19:19:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\vlc
[2011.07.21 09:25:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\WindSolutions
[2011.01.14 17:24:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Yahoo!
 
< %APPDATA%\*.exe /s >
[2011.11.29 19:57:12 | 000,029,184 | R--- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Microsoft\Installer\{106F886B-A874-43DF-BCC4-01DB57E1F3C6}\IconTmpl5.26D6FF13_F77C_402E_8E96_9E49DFBBAF31.exe
[2012.02.06 11:49:07 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2011.01.05 18:33:33 | 000,004,846 | R--- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Microsoft\Installer\{B1E9B7ED-8187-433a-9EAE-20DF1A8968B1}\_5ef25dbe.exe
[2011.12.20 10:22:52 | 000,118,744 | ---- | M] (INDIAPPS) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Mozilla\Firefox\Profiles\u67unzlk.default\extensions\{eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c58}\libraries32\SeHExeComServer.exe
[2011.12.20 10:22:52 | 000,138,712 | ---- | M] (INDIAPPS) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Mozilla\Firefox\Profiles\u67unzlk.default\extensions\{eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c58}\libraries64\SeHExeComServer.exe
[2010.05.28 10:22:44 | 000,375,296 | ---- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Philips-Songbird\Profiles\yvqdztj4.default\extensions\philips-branding@philips.com\chrome\content\autolauncher\PhilipsDeviceListener.exe
[2010.05.28 10:22:44 | 000,062,464 | ---- | M] (Philips) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Philips-Songbird\Profiles\yvqdztj4.default\extensions\philips-branding@philips.com\chrome\content\autolauncher\RunNonElevated32.exe
[2010.05.28 10:22:44 | 000,063,488 | ---- | M] (Philips) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Philips-Songbird\Profiles\yvqdztj4.default\extensions\philips-branding@philips.com\chrome\content\autolauncher\RunNonElevated64.exe
[2010.05.10 01:27:46 | 000,102,400 | ---- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Philips-Songbird\Profiles\yvqdztj4.default\extensions\philips-branding@philips.com\payload\gogear@songbirdnest.com\platform\WINNT_x86-msvc\lib\sbACMEFirmwareRPCServer.exe
[2011.02.03 23:00:43 | 000,704,248 | ---- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\QuickStoresToolbar\unins000.exe
[2010.03.31 12:17:06 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\QuickStoresToolbar\Update.exe
[2010.07.05 14:30:36 | 003,687,344 | ---- | M] (Simply Super Software) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Simply Super Software\Trojan Remover\ier8.exe
[2010.07.05 14:30:36 | 003,687,344 | ---- | M] (Simply Super Software) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\Simply Super Software\Trojan Remover\jcq63.exe
[2011.11.22 09:59:30 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe
[2011.07.21 09:26:28 | 002,500,632 | ---- | M] (WindSolutions) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\WindSolutions\CopyTransControlCenter\Applications\CopyTrans.exe
[2011.07.21 09:26:41 | 003,461,672 | ---- | M] (WindSolutions) -- C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 11:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 11:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 11:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2010.03.05 10:25:58 | 000,043,520 | ---- | M] (Panasonic Corporation) MD5=5DC962B15A2057814728D2BDE118BE07 -- C:\Programme\Panasonic\PHOTOfunSTUDIO 5.1 HD\Core\EventLog\EventLog.dll
[2010.03.05 10:25:58 | 000,043,520 | ---- | M] (Panasonic Corporation) MD5=5DC962B15A2057814728D2BDE118BE07 -- C:\Programme\Panasonic\PHOTOfunSTUDIO 5.1 HD\Core\Spec\AVCHD\BDCore\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2006.05.11 17:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys
[2006.05.11 17:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2006.03.17 01:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 11:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 11:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.03.24 18:42:51 | 000,715,248 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2009.01.16 09:59:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.01.16 09:59:07 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.01.16 09:59:07 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB21358$] -> Error: Cannot create file handle -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 141 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:0B174FAE
@Alternate Data Stream - 102 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:CB0AACC9

< End of report >
Gruß Thomas

cosinus 08.02.2012 15:28
Zitat:
[C:\WINDOWS\$NtUninstallKB21358$] -> Error: Cannot create file handle -> Unknown point type
Du hast offensichtlich einen ZeroAccess drauf, der ist immer ungemütlich. :(
Ich würde dir erstmal für den Fall der Fälle eine Datensicherung empfehlen und dich darauf vorzubereiten, eine komplette Neuinstallation von Windows durchzuführen, den ZA kann man nämlich nicht immer per Bereinigung entfernen!

Zum Thema Datensicherung von infizierten Systemen; mach das über ne Live-CD wie Knoppix, Ubuntu (zweiter Link in meiner Signatur) oder über PartedMagic. Grund: Bei einem Live-System sind keine Schädlinge des infizierten Windows-Systems aktiv, damit ist dann auch eine negative Beeinflussung des Backups durch Schädlinge ausgeschlossen.

Du brauchst natürlich auch ein Sicherungsmedium, am besten dürfte eine externe Platte sein. Sofern du nicht allzuviel sichern musst, kann auch ein USB-Stick ausreichen.

Hier eine kurze Anleitung zu PartedMagic, funktioniert prinzipell so aber fast genauso mit allen anderen Live-Systemen auch.

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein
2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows
3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist

http://partedmagic.com/lib/exe/fetch...ia=desktop.png

4. Du müsstest ein Symbol "Mount Devices" finden, das doppelklicken
5. Mounte die Partitionen wo Windows installiert ist, meistens isses /dev/sda1 und natürlich noch etwaige andere Partitionen, wo noch Daten liegen und die gesichert werden müssen - natürlich auch die der externen Platte (du bekommmst nur Lese- und Schreibzugriffe auf die Dateisysteme, wenn diese gemountet sind)
6. Kopiere die Daten der internen Platte auf die externe Platte - kopiere nur persönliche Dateien, Musik, Videos, etc. auf die Backupplatte, KEINE ausführbaren Dateien wie Programme/Spiele/Setups!!
7. Wenn fertig, starte den Rechner neu, schalte die ext. Platte ab und boote von der Windows-DVD zur Neuinstallation (Anleitung beachten)


Wenn du dir sicher bist, dass du auch Daten unter Linux gesichert hast, führst du mal Combofix aus:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

struppyx 08.02.2012 18:06
So ComboFix ist durch und hier das Resultat:
Code:
ComboFix 12-02-08.01 - tmondelli 08.02.2012  17:31:35.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2039.1328 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\tmondelli.NB-001\Desktop\Tahoma.exe
AV: G DATA AVK Client *Enabled/Outdated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\~dtpyrL2JcNeZgp
c:\dokumente und einstellungen\All Users\Anwendungsdaten\~dtpyrL2JcNeZgpr
c:\dokumente und einstellungen\All Users\Anwendungsdaten\dtpyrL2JcNeZgp
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
c:\dokumente und einstellungen\tmondelli.NB-001\WINDOWS
c:\dokumente und einstellungen\tmondelli\WINDOWS
c:\windows\$NtUninstallKB21358$
c:\windows\$NtUninstallKB21358$\2264678617
c:\windows\$NtUninstallKB21358$\547713995\@
c:\windows\$NtUninstallKB21358$\547713995\cfg.ini
c:\windows\$NtUninstallKB21358$\547713995\Desktop.ini
c:\windows\$NtUninstallKB21358$\547713995\L\tkmqbzom
c:\windows\$NtUninstallKB21358$\547713995\U\00000001.@
c:\windows\$NtUninstallKB21358$\547713995\U\00000002.@
c:\windows\$NtUninstallKB21358$\547713995\U\00000004.@
c:\windows\$NtUninstallKB21358$\547713995\U\80000000.@
c:\windows\$NtUninstallKB21358$\547713995\U\80000004.@
c:\windows\$NtUninstallKB21358$\547713995\U\80000032.@
c:\windows\$NtUninstallKB21358$\547713995\version
c:\windows\IsUn0407.exe
c:\windows\system32\SET212.tmp
c:\windows\system32\SET21E.tmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSERVICE
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-08 bis 2012-02-08  ))))))))))))))))))))))))))))))
.
.
2012-02-08 07:25 . 2012-01-05 19:19        6557240        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{641BF9A3-E6B2-4B9F-AF92-F8312D64D49B}\mpengine.dll
2012-02-07 15:48 . 2012-02-07 15:48        --------        d-----w-        c:\programme\ESET
2012-02-07 14:04 . 2012-02-07 14:04        --------        d-----w-        C:\ProcAlyzer Dumps
2012-02-06 12:56 . 2006-06-19 12:01        69632        ----a-w-        c:\windows\system32\ztvcabinet.dll
2012-02-06 12:56 . 2006-05-25 14:52        162304        ----a-w-        c:\windows\system32\ztvunrar36.dll
2012-02-06 12:56 . 2005-08-26 00:50        77312        ----a-w-        c:\windows\system32\ztvunace26.dll
2012-02-06 12:56 . 2003-02-02 19:06        153088        ----a-w-        c:\windows\system32\UNRAR3.dll
2012-02-06 12:56 . 2002-03-06 00:00        75264        ----a-w-        c:\windows\system32\unacev2.dll
2012-02-06 12:55 . 2012-02-06 12:59        --------        d-----w-        c:\programme\Trojan Remover
2012-02-06 12:55 . 2012-02-06 12:55        --------        d-----w-        c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Simply Super Software
2012-02-06 12:55 . 2012-02-06 12:55        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Simply Super Software
2012-02-06 12:26 . 2012-02-06 12:26        --------        d-----w-        c:\programme\Gemeinsame Dateien\Java
2012-02-06 12:24 . 2012-02-06 12:21        73728        ----a-w-        c:\windows\system32\javacpl.cpl
2012-02-06 10:49 . 2012-02-06 10:49        388096        ----a-r-        c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-06 10:49 . 2012-02-06 10:49        --------        d-----w-        c:\programme\Trend Micro
2012-02-04 17:25 . 2012-02-04 17:25        --------        d-----w-        c:\programme\SmartTools
2012-02-03 13:41 . 2012-02-03 13:41        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-03 13:31 . 2012-01-05 19:19        6557240        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-03 13:14 . 2011-06-21 10:24        32768        ----a-w-        c:\windows\system32\drivers\sp_rsdrv2.sys
2012-02-03 13:03 . 2012-02-03 15:14        --------        d-----w-        c:\programme\Spyware Terminator
2012-02-03 12:41 . 2012-02-03 12:41        --------        d-----w-        c:\windows\Logs
2012-02-03 12:37 . 2012-02-03 12:37        --------        d-----w-        c:\dokumente und einstellungen\tmondelli.NB-001\Lokale Einstellungen\Anwendungsdaten\PackageAware
2012-02-03 11:53 . 1998-06-23 23:00        407104        ----a-w-        c:\windows\system32\MSHFLXGD.OCX
2012-02-03 11:19 . 2002-06-02 15:29        73216        ----a-w-        c:\windows\system32\SYNSOACC.dll
2012-02-03 11:19 . 2002-02-13 12:23        598016        ----a-w-        c:\windows\system32\SYNSOPOS.exe
2012-02-03 11:19 . 2001-04-09 19:03        17784        ----a-w-        c:\windows\system32\drivers\NSynas32.sys
2012-02-03 11:05 . 2012-02-03 13:33        --------        d-----w-        C:\ArCon
2012-02-03 10:20 . 2012-02-03 10:20        --------        d-----w-        c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Malwarebytes
2012-02-03 10:19 . 2012-02-03 10:19        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-02-03 10:19 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-03 10:19 . 2012-02-03 10:19        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-02-03 07:09 . 2012-02-08 16:26        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2012-02-03 07:06 . 2009-01-25 12:14        15224        ----a-w-        c:\windows\system32\sdnclean.exe
2012-02-03 07:06 . 2012-02-03 11:50        --------        d-----w-        c:\programme\Spybot - Search & Destroy 2
2012-02-03 05:30 . 2012-02-03 05:30        --------        d-----w-        c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\IObit
2012-02-03 05:30 . 2012-02-03 05:30        --------        d-----w-        c:\programme\IObit
2012-02-02 20:50 . 2012-02-02 20:50        8192        --sha-w-        c:\windows\o2cLicStore.bin
2012-02-02 20:49 . 2012-02-02 20:49        1115704        ----a-w-        c:\windows\system32\O2CPlayer.OCX
2012-02-02 20:48 . 2012-02-02 20:48        --------        d-----w-        c:\programme\directx
2012-02-02 20:43 . 2012-02-02 20:43        --------        d-----w-        c:\windows\mbgruppe
2012-02-02 20:43 . 1995-09-24 11:02        243472        ------w-        c:\windows\system32\vbar2232.dll
2012-02-02 20:43 . 1996-01-12 00:00        722192        ------w-        c:\windows\system32\VB40032.DLL
2012-02-02 20:43 . 1995-09-20 16:16        23824        ------w-        c:\windows\system32\msjter32.dll
2012-02-02 20:43 . 1995-09-20 16:13        977680        ------w-        c:\windows\system32\msjt3032.dll
2012-02-02 20:43 . 1995-09-20 16:16        35088        ------w-        c:\windows\system32\msjint32.dll
2012-02-02 20:43 . 1996-12-02 18:44        582144        ------w-        c:\windows\system32\dao350.dll
2012-02-02 20:42 . 2012-02-03 12:33        --------        d-----w-        C:\3DBauGarten
2012-02-02 18:28 . 2012-02-02 18:28        --------        d-----w-        c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\InstallShield
2012-02-02 13:25 . 2012-02-02 13:25        --------        d-----w-        c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\ElevatedDiagnostics
2012-02-02 12:46 . 2012-01-26 23:21        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-02 12:43 . 2012-02-02 12:45        --------        d-----w-        c:\programme\Microsoft Security Client
2012-02-01 23:02 . 2012-02-01 23:02        --------        d--h--w-        c:\windows\msdownld.tmp
2012-02-01 22:57 . 2012-02-01 22:59        --------        dc-h--w-        c:\windows\ie8
2012-02-01 13:32 . 2012-02-01 13:32        97961        ----a-w-        c:\windows\system32\drivers\klick.dat
2012-02-01 13:32 . 2012-02-01 13:32        115369        ----a-w-        c:\windows\system32\drivers\klin.dat
2012-02-01 13:29 . 2012-02-08 16:47        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2012-02-01 13:29 . 2012-02-01 13:29        --------        d-----w-        c:\programme\Kaspersky Lab
2012-02-01 13:23 . 2012-02-01 13:24        --------        d-----w-        C:\kleaner.tmp
2012-02-01 09:31 . 2012-02-01 09:31        --------        d-----r-        c:\dokumente und einstellungen\NetworkService\Favoriten
2012-02-01 08:48 . 2012-02-01 08:48        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
2012-01-28 10:40 . 2012-01-28 10:40        --------        d-----w-        c:\programme\Lame For Audacity
2012-01-23 19:51 . 2012-01-23 19:51        --------        d-----w-        c:\programme\iPod
2012-01-17 15:01 . 2012-01-28 17:04        --------        d-----w-        c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Audacity
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-06 12:21 . 2011-02-28 16:44        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-12-05 12:31 . 2011-06-06 13:21        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-29 18:57 . 2011-11-29 18:57        29184        ----a-r-        c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Microsoft\Installer\{106F886B-A874-43DF-BCC4-01DB57E1F3C6}\IconTmpl5.26D6FF13_F77C_402E_8E96_9E49DFBBAF31.exe
2011-11-25 21:57 . 2004-08-04 10:00        293888        ----a-w-        c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-04 10:00        1859712        ----a-w-        c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-04 10:00        61952        ----a-w-        c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-04 10:00        354816        ----a-w-        c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-04 10:00        152064        ----a-w-        c:\windows\system32\schannel.dll
2012-02-02 23:04 . 2011-04-30 19:32        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}]
2011-11-22 08:59        269824        ----a-w-        c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUpon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]
"ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"hpWirelessAssistant"="c:\programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iSaverCtrl"="c:\programme\iSaver\iSaverCtrl.exe" [2009-06-08 1160192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"LogitechQuickCamRibbon"="c:\programme\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"AVP"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"MSC"="c:\programme\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SDTray"="c:\programme\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
"Spybot-S&D Cleaning"="c:\programme\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-10-05 3025304]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TrojanScanner"="c:\programme\Trojan Remover\Trjscan.exe" [2010-07-05 1167296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-16 09:45        63712        ----a-w-        c:\programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Device Listener]
2011-01-25 08:48        380416        ----a-w-        c:\programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programme\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Programme\\Synology\\Assistant\\DSAssistant.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Programme\\Synology Data Replicator  3\\Backup.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Programme\\Synology Download Redirector\\Redirector.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.03.2009 18:42 715248]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04.03.2011 13:23 11352]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\programme\Spybot - Search & Destroy 2\SDHookDrv32.sys [03.02.2012 08:06 38504]
R2 IMFservice;IMF Service;c:\programme\IObit\IObit Malware Fighter\IMFsrv.exe [03.02.2012 06:30 821592]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [03.02.2012 11:19 652360]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\programme\Spybot - Search & Destroy 2\SDHookSvc.exe [03.02.2012 08:06 130976]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [03.02.2012 08:06 955816]
R2 StumbleUponUpdater;StumbleUpon Updater;c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe [22.11.2011 09:59 18432]
R2 SynoDrService;SynoDrService;c:\programme\Synology Data Replicator  3\SynoDrService.exe [12.01.2010 03:45 245760]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10.03.2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02.11.2009 20:27 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03.02.2012 11:19 20464]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 12:16 130384]
S2 gupdate1c9cc19a2b7bc2e;Google Update Service (gupdate1c9cc19a2b7bc2e);c:\programme\Google\Update\GoogleUpdate.exe [03.05.2009 19:04 133104]
S3 crmsrv;INTERMEDIATE enomic Intern Server;"c:\programme\Intermediate Intern Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf --> c:\programme\Intermediate Intern Server\enomic-server\Wrapper.exe [?]
S3 enomicsrv;Intermediate ENOMIC Server;"c:\programme\Intermediate Demo Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf --> c:\programme\Intermediate Demo Server\enomic-server\Wrapper.exe [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [03.05.2009 19:04 133104]
S3 RegFilter;RegFilter;c:\programme\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [03.02.2012 06:30 30368]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programme\Spybot - Search & Destroy 2\SDFSSvc.exe [03.02.2012 08:06 892336]
S3 UrlFilter;UrlFilter;c:\programme\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [03.02.2012 06:30 16208]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 12:16 753504]
S4 FileMonitor;FileMonitor;c:\programme\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [03.02.2012 06:30 246816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32        8192        ----a-w-        c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-02-08 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDUpdate.exe [2012-02-03 14:46]
.
2012-02-06 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-16 13:26]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-05-03 18:04]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-05-03 18:04]
.
2012-02-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
2012-02-03 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDImmunize.exe [2012-02-03 14:46]
.
2012-02-03 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDScan.exe [2012-02-03 14:46]
.
2012-02-05 c:\windows\Tasks\Synology Data Replicator 3-NB-001-tmondelli.job
- c:\programme\Synology Data Replicator  3\Backup.exe [2010-09-15 09:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.mondelli.de/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Hinzufügen zu Anti-Banner - c:\programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Mozilla\Firefox\Profiles\u67unzlk.default\
FF - prefs.js: browser.startup.homepage - www.mondelli.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Ulead PhotoImpact 5.0 - c:\windows\ISUn0407.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-08 17:48
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"7040111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1496)
c:\programme\Spybot - Search & Destroy 2\SDHook32.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\MPRUI.dll
c:\windows\system32\netmsg.dll
.
- - - - - - - > 'lsass.exe'(1552)
c:\programme\Spybot - Search & Destroy 2\SDHook32.dll
.
- - - - - - - > 'explorer.exe'(2596)
c:\programme\Spybot - Search & Destroy 2\SDHook32.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\igfxsrvc.exe
c:\programme\Hewlett-Packard\Shared\HpqToaster.exe
c:\programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
c:\programme\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-08  17:53:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-08 16:53
.
Vor Suchlauf: 8.406.245.376 Bytes frei
Nach Suchlauf: 8.927.399.936 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - 17C8B1E275A1832F07F0DB501B839495
Was meist du, konnten wir den Übeltäter über Bord werfen?

Gruß Thomas

cosinus 09.02.2012 11:29
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Dirlook::
c:\windows\mbgruppe

Filelook::
c:\windows\system32\drivers\NSynas32.sys

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"86:TCP"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"=-
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

struppyx 09.02.2012 20:04
Hallo Arne,

erst einmal vielen Dank für deine Bemühungen und das Bearbeiten der ganzen Logs. Ich finde es klasse, wir Ihr Euer Wissen und Eure Zeit für uns zur Verfügung stellt. :daumenhoc

Hier nun das Log:

Code:
ComboFix 12-02-08.01 - tmondelli 09.02.2012  19:29:55.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2039.1304 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\tmondelli.NB-001\Desktop\Tahoma.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\tmondelli.NB-001\Desktop\CFScript.txt
AV: G DATA AVK Client *Enabled/Outdated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-09 bis 2012-02-09  ))))))))))))))))))))))))))))))
.
.
2012-02-09 11:05 . 2012-01-05 19:19        6557240        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{8A2714AE-C847-4906-B4B7-A19421E474BA}\mpengine.dll
2012-02-07 15:48 . 2012-02-07 15:48        --------        d-----w-        c:\programme\ESET
2012-02-07 14:04 . 2012-02-07 14:04        --------        d-----w-        C:\ProcAlyzer Dumps
2012-02-06 12:55 . 2012-02-06 12:55        --------        d-----w-        c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Simply Super Software
2012-02-06 12:26 . 2012-02-06 12:26        --------        d-----w-        c:\programme\Gemeinsame Dateien\Java
2012-02-06 12:24 . 2012-02-06 12:21        73728        ----a-w-        c:\windows\system32\javacpl.cpl
2012-02-06 10:49 . 2012-02-06 10:49        388096        ----a-r-        c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-06 10:49 . 2012-02-06 10:49        --------        d-----w-        c:\programme\Trend Micro
2012-02-04 17:25 . 2012-02-04 17:25        --------        d-----w-        c:\programme\SmartTools
2012-02-03 13:41 . 2012-02-03 13:41        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-03 13:31 . 2012-01-05 19:19        6557240        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-03 13:14 . 2011-06-21 10:24        32768        ----a-w-        c:\windows\system32\drivers\sp_rsdrv2.sys
2012-02-03 13:03 . 2012-02-03 15:14        --------        d-----w-        c:\programme\Spyware Terminator
2012-02-03 12:41 . 2012-02-03 12:41        --------        d-----w-        c:\windows\Logs
2012-02-03 12:37 . 2012-02-03 12:37        --------        d-----w-        c:\dokumente und einstellungen\tmondelli.NB-001\Lokale Einstellungen\Anwendungsdaten\PackageAware
2012-02-03 11:53 . 1998-06-23 23:00        407104        ----a-w-        c:\windows\system32\MSHFLXGD.OCX
2012-02-03 11:19 . 2002-06-02 15:29        73216        ----a-w-        c:\windows\system32\SYNSOACC.dll
2012-02-03 11:19 . 2002-02-13 12:23        598016        ----a-w-        c:\windows\system32\SYNSOPOS.exe
2012-02-03 11:19 . 2001-04-09 19:03        17784        ----a-w-        c:\windows\system32\drivers\NSynas32.sys
2012-02-03 11:05 . 2012-02-03 13:33        --------        d-----w-        C:\ArCon
2012-02-03 10:20 . 2012-02-03 10:20        --------        d-----w-        c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Malwarebytes
2012-02-03 10:19 . 2012-02-03 10:19        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-02-03 10:19 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-03 10:19 . 2012-02-03 10:19        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-02-03 07:09 . 2012-02-09 10:33        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2012-02-03 07:06 . 2009-01-25 12:14        15224        ----a-w-        c:\windows\system32\sdnclean.exe
2012-02-03 07:06 . 2012-02-03 11:50        --------        d-----w-        c:\programme\Spybot - Search & Destroy 2
2012-02-03 05:30 . 2012-02-03 05:30        --------        d-----w-        c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\IObit
2012-02-03 05:30 . 2012-02-03 05:30        --------        d-----w-        c:\programme\IObit
2012-02-02 20:50 . 2012-02-02 20:50        8192        --sha-w-        c:\windows\o2cLicStore.bin
2012-02-02 20:49 . 2012-02-02 20:49        1115704        ----a-w-        c:\windows\system32\O2CPlayer.OCX
2012-02-02 20:48 . 2012-02-02 20:48        --------        d-----w-        c:\programme\directx
2012-02-02 20:43 . 2012-02-02 20:43        --------        d-----w-        c:\windows\mbgruppe
2012-02-02 20:43 . 1995-09-24 11:02        243472        ------w-        c:\windows\system32\vbar2232.dll
2012-02-02 20:43 . 1996-01-12 00:00        722192        ------w-        c:\windows\system32\VB40032.DLL
2012-02-02 20:43 . 1995-09-20 16:16        23824        ------w-        c:\windows\system32\msjter32.dll
2012-02-02 20:43 . 1995-09-20 16:13        977680        ------w-        c:\windows\system32\msjt3032.dll
2012-02-02 20:43 . 1995-09-20 16:16        35088        ------w-        c:\windows\system32\msjint32.dll
2012-02-02 20:43 . 1996-12-02 18:44        582144        ------w-        c:\windows\system32\dao350.dll
2012-02-02 20:42 . 2012-02-03 12:33        --------        d-----w-        C:\3DBauGarten
2012-02-02 18:28 . 2012-02-02 18:28        --------        d-----w-        c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\InstallShield
2012-02-02 13:25 . 2012-02-02 13:25        --------        d-----w-        c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\ElevatedDiagnostics
2012-02-02 12:46 . 2012-01-26 23:21        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-02 12:43 . 2012-02-02 12:45        --------        d-----w-        c:\programme\Microsoft Security Client
2012-02-01 23:02 . 2012-02-01 23:02        --------        d--h--w-        c:\windows\msdownld.tmp
2012-02-01 22:57 . 2012-02-01 22:59        --------        dc-h--w-        c:\windows\ie8
2012-02-01 13:32 . 2012-02-01 13:32        97961        ----a-w-        c:\windows\system32\drivers\klick.dat
2012-02-01 13:32 . 2012-02-01 13:32        115369        ----a-w-        c:\windows\system32\drivers\klin.dat
2012-02-01 13:29 . 2012-02-09 18:45        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2012-02-01 13:29 . 2012-02-01 13:29        --------        d-----w-        c:\programme\Kaspersky Lab
2012-02-01 13:23 . 2012-02-01 13:24        --------        d-----w-        C:\kleaner.tmp
2012-02-01 09:31 . 2012-02-01 09:31        --------        d-----r-        c:\dokumente und einstellungen\NetworkService\Favoriten
2012-02-01 08:48 . 2012-02-01 08:48        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe
2012-01-28 10:40 . 2012-01-28 10:40        --------        d-----w-        c:\programme\Lame For Audacity
2012-01-23 19:51 . 2012-01-23 19:51        --------        d-----w-        c:\programme\iPod
2012-01-17 15:01 . 2012-01-28 17:04        --------        d-----w-        c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Audacity
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-06 12:21 . 2011-02-28 16:44        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-12-05 12:31 . 2011-06-06 13:21        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-29 18:57 . 2011-11-29 18:57        29184        ----a-r-        c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Microsoft\Installer\{106F886B-A874-43DF-BCC4-01DB57E1F3C6}\IconTmpl5.26D6FF13_F77C_402E_8E96_9E49DFBBAF31.exe
2011-11-25 21:57 . 2004-08-04 10:00        293888        ----a-w-        c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-04 10:00        1859712        ----a-w-        c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-04 10:00        61952        ----a-w-        c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-04 10:00        354816        ----a-w-        c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-04 10:00        152064        ----a-w-        c:\windows\system32\schannel.dll
2012-02-02 23:04 . 2011-04-30 19:32        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\NSynas32.sys ---
Company: Syncrosoft Hard- und Software GmbH
File Description: Internet Protection Hardware Driver
File Version: 1.108
Product Name: Internet Protection Hardware Driver
Copyright: © Syncrosoft Hard- und Software GmbH 1999
Original Filename: NSynas32.sys
File size: 17784
Created time: 2012-02-03 11:19
Modified time: 2001-04-09 19:03
MD5: 4B4A21E158C039EE0888741BFE1D24E0
SHA1: C58404C9C59D851C1239AFF58F45A70F952E8ABE
.
---- Directory of c:\windows\mbgruppe ----
.
2012-02-02 20:43 . 2002-05-02 16:36        126976        ----a-w-        c:\windows\mbgruppe\mbUtil.dll
2012-02-02 20:43 . 2002-04-05 12:33        45056        ----a-w-        c:\windows\mbgruppe\mbHLink.ocx
2012-02-02 20:43 . 2001-12-18 15:58        319488        ----a-w-        c:\windows\mbgruppe\mbdbjet.dll
2012-02-02 20:43 . 2000-10-31 11:11        90112        ----a-w-        c:\windows\mbgruppe\mbctrl.ocx
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}]
2011-11-22 08:59        269824        ----a-w-        c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUpon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]
"ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"hpWirelessAssistant"="c:\programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"iSaverCtrl"="c:\programme\iSaver\iSaverCtrl.exe" [2009-06-08 1160192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"LogitechQuickCamRibbon"="c:\programme\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"AVP"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"MSC"="c:\programme\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SDTray"="c:\programme\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
"Spybot-S&D Cleaning"="c:\programme\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-10-05 3025304]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"EPSON SX100 Series (Kopie 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE" [2008-02-05 188928]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-16 09:45        63712        ----a-w-        c:\programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Device Listener]
2011-01-25 08:48        380416        ----a-w-        c:\programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programme\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Programme\\Synology\\Assistant\\DSAssistant.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Programme\\Synology Data Replicator  3\\Backup.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Programme\\Synology Download Redirector\\Redirector.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.03.2009 18:42 715248]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04.03.2011 13:23 11352]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\programme\Spybot - Search & Destroy 2\SDHookDrv32.sys [03.02.2012 08:06 38504]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [03.02.2012 11:19 652360]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\programme\Spybot - Search & Destroy 2\SDHookSvc.exe [03.02.2012 08:06 130976]
R2 StumbleUponUpdater;StumbleUpon Updater;c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe [22.11.2011 09:59 18432]
R2 SynoDrService;SynoDrService;c:\programme\Synology Data Replicator  3\SynoDrService.exe [12.01.2010 03:45 245760]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10.03.2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02.11.2009 20:27 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03.02.2012 11:19 20464]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 12:16 130384]
S2 gupdate1c9cc19a2b7bc2e;Google Update Service (gupdate1c9cc19a2b7bc2e);c:\programme\Google\Update\GoogleUpdate.exe [03.05.2009 19:04 133104]
S3 crmsrv;INTERMEDIATE enomic Intern Server;"c:\programme\Intermediate Intern Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf --> c:\programme\Intermediate Intern Server\enomic-server\Wrapper.exe [?]
S3 enomicsrv;Intermediate ENOMIC Server;"c:\programme\Intermediate Demo Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf --> c:\programme\Intermediate Demo Server\enomic-server\Wrapper.exe [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [03.05.2009 19:04 133104]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programme\Spybot - Search & Destroy 2\SDFSSvc.exe [03.02.2012 08:06 892336]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [03.02.2012 08:06 955816]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 12:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32        8192        ----a-w-        c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-02-09 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDUpdate.exe [2012-02-03 14:46]
.
2012-02-06 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-16 13:26]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-05-03 18:04]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-05-03 18:04]
.
2012-02-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
2012-02-09 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDImmunize.exe [2012-02-03 14:46]
.
2012-02-09 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDScan.exe [2012-02-03 14:46]
.
2012-02-08 c:\windows\Tasks\Synology Data Replicator 3-NB-001-tmondelli.job
- c:\programme\Synology Data Replicator  3\Backup.exe [2010-09-15 09:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.mondelli.de/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Hinzufügen zu Anti-Banner - c:\programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Mozilla\Firefox\Profiles\u67unzlk.default\
FF - prefs.js: browser.startup.homepage - www.mondelli.de
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-09 19:45
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"7040111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1492)
c:\programme\Spybot - Search & Destroy 2\SDHook32.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\MPRUI.dll
c:\windows\system32\netmsg.dll
.
- - - - - - - > 'lsass.exe'(1548)
c:\programme\Spybot - Search & Destroy 2\SDHook32.dll
.
- - - - - - - > 'explorer.exe'(3120)
c:\programme\Spybot - Search & Destroy 2\SDHook32.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\MPR.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\igfxsrvc.exe
c:\programme\Hewlett-Packard\Shared\HpqToaster.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-09  19:50:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-09 18:50
ComboFix2.txt  2012-02-09 11:02
ComboFix3.txt  2012-02-08 16:53
.
Vor Suchlauf: 8.933.801.984 Bytes frei
Nach Suchlauf: 8.903.917.568 Bytes frei
.
- - End Of File - - B834760F299D2D6188B9202AC8B01AA1
ComboFix lief soweit problemlos durch. Allerdings hatte ComboFix am Anfang moniert, dass der G-Data AV-Client noch aktiv sei. Leider konnte ich nichts finden um ihn zu schließen, da alle Dateien im G-Data-Verzeichnis vom Virus gelöscht worden sind. Ich habe keine Ahnung welcher Prozess da im Hintergrund noch am laufen ist. Ich hoffe mal, dass dies kein schlechtes Zeichen ist.

Gruß Thomas

cosinus 09.02.2012 21:46
Sagmal ist das rein zufällig ein Büro- oder andersweitig hauptsächlich gewerblich eingesetzter Rechner?

struppyx 09.02.2012 22:32
Das war früher mein Home-Office-Rechner, den ich jetzt aber vorwiegend nur noch privat nutze.

cosinus 10.02.2012 12:12
Zitat:
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
Sind tatsächlich Kaspersky IS und MSE gleichzeitig installiert??
Wenn ja, sowas geht nicht, man sollte nie zwei Virenscanner dieser Art gleichzeitig nutzen. Eins umgehend deinstallieren!

struppyx 10.02.2012 14:37
Alles klar, werde einen wieder deaktivieren. Aus meiner Sicht funktionieren beide gleich gut, da der Kaspersky sowieso nur eine Test-Version ist, werde ich mit dem MSE weitermachen, oder hast du als Experten einen anderen Ratschlag?

Was mich noch unsicher macht, ist die Geschichte, mit dem nicht mehr vorhandenen G-Data Client, den ComboFix bemerkt hatte. Muss man da noch etwas tun oder kann man das ignorieren?

Gruß Thomas

cosinus 10.02.2012 16:08
Nein, nicht deaktivieren, sondern deinstallieren!

struppyx 10.02.2012 17:28
So, Kaspersky ist deinstalliert. Kann ich noch etwas tun?

Gruß Thomas

cosinus 10.02.2012 19:02
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

struppyx 10.02.2012 22:01
Hallo Arne,

hier die Osam-Log:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:08:52 on 10.02.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\WINDOWS\system32\sdnclean.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"Check for updates (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Refresh immunization (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDImmunize.exe
"Scan the system (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDScan.exe
"MP Scheduled Scan.job" - "Microsoft Corporation" - C:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe
"Synology Data Replicator 3-NB-001-tmondelli.job" - ? - C:\Programme\Synology Data Replicator  3\Backup.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"ImageDrive.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\ImageDrive.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"HPWACpl" - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\HP Wireless Assistant\WACntlPnl.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"BlackBerry-Smartphone" (RimUsb) - ? - C:\WINDOWS\System32\Drivers\RimUsb.sys  (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\catchme.sys  (File not found)
"cercsr6" (cercsr6) - "Adaptec, Inc." - C:\WINDOWS\system32\drivers\cercsr6.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"fftdqpog" (fftdqpog) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\fftdqpog.sys  (Hidden registry entry, rootkit activity | File not found)
"GEAR ASPI Filter Driver" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MpKsla4b0dc35" (MpKsla4b0dc35) - "Microsoft Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{126C6DA4-AF2A-4415-89FA-30A859E32C96}\MpKsla4b0dc35.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"SANDRA" (SANDRA) - ? - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\WNt500x86\Sandra.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"Spybot-S&D 2 Hook Driver" (SDHookDriver) - ? - C:\Programme\Spybot - Search & Destroy 2\SDHookDrv32.sys  (File found, but it contains no detailed information)
"tclondrv" (tclondrv) - ? - C:\WINDOWS\System32\DRIVERS\tclondrv.sys  (File not found)
"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WinDriver6" (WinDriver6) - "Jungo" - C:\WINDOWS\System32\drivers\windrvr6.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{9C450606-ED24-4958-92BA-B8940C99D441} "PixiePack Codec Pack 1.1.400.0" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Programme\Pinnacle\VideoSpin\Programs\BlueShellExt.dll  (File found, but it contains no detailed information)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll  (File found, but it contains no detailed information)
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI239C~1\shellext.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{44176360-2BBF-4EC1-93CE-384B8681A0BC} "Spybot-S&D Explorer Integration" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDECon32.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx / hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10t.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} "StumbleUpon" - "StumbleUpon Inc." - C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUpon.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\tmondelli.NB-001\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ISUSPM" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"IntelWireless" - "Intel Corporation" - "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
"IntelZeroConfig" - "Intel Corporation" - "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
"iSaverCtrl" - "infoMantis GmbH" - C:\Programme\iSaver\iSaverCtrl.exe --startup
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"MSC" - "Microsoft Corporation" - "C:\Programme\Microsoft Security Client\msseces.exe" -hide -runkey
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SDTray" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe"
"Spybot-S&D Cleaning" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Broadcom 802.11 Wireless LAN Adapter Logon Provider" - "Broadcom Corporation" - C:\WINDOWS\System32\BCMLogon.dll
"IntelNetProvCredMan" - "Intel Corporation" - c:\windows\system32\netprovcredman.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDFCreator" - "internet-support foehr.com" - C:\WINDOWS\system32\pdfcmnnt.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\WINDOWS\system32\bgsvcgen.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9cc19a2b7bc2e)" (gupdate1c9cc19a2b7bc2e) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"INTERMEDIATE enomic Intern Server" (crmsrv) - ? - "C:\Programme\Intermediate Intern Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf  (File not found)
"Intermediate ENOMIC Server" (enomicsrv) - ? - "C:\Programme\Intermediate Demo Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf  (File not found)
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LiveShare P2P Server 9" (RoxLiveShare9) - ? - "C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe"  (File not found)
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
"Spybot S&D 2 Live Protection Service" (SDHookService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe
"Spybot-S&D 2 Scanner Service" (SDScannerService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
"Spybot-S&D 2 Updating Service" (SDUpdateService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
"StumbleUpon Updater" (StumbleUponUpdater) - ? - C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe  (File found, but it contains no detailed information)
"SynoDrService" (SynoDrService) - ? - C:\Programme\Synology Data Replicator  3\SynoDrService.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Und die aswMBR.txt:
Code:
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-10 21:19:13
-----------------------------
21:19:13.734    OS Version: Windows 5.1.2600 Service Pack 3
21:19:13.734    Number of processors: 2 586 0xF06
21:19:13.734    ComputerName: NB-001  UserName:
21:19:14.109    Initialize success
21:19:18.484    AVAST engine defs: 12021000
21:19:22.312    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:19:22.312    Disk 0 Vendor: ST912082 7.24 Size: 114473MB BusType: 3
21:19:22.468    Disk 0 MBR read successfully
21:19:22.468    Disk 0 MBR scan
21:19:22.500    Disk 0 Windows XP default MBR code
21:19:22.500    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        50011 MB offset 63
21:19:22.546    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        64459 MB offset 102422880
21:19:22.640    Disk 0 scanning sectors +234435600
21:19:22.859    Disk 0 scanning C:\WINDOWS\system32\drivers
21:19:57.281    Service scanning
21:19:57.609    Service MpKsla4b0dc35 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{126C6DA4-AF2A-4415-89FA-30A859E32C96}\MpKsla4b0dc35.sys **LOCKED** 32
21:19:57.656    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
21:19:58.187    Modules scanning
21:21:06.265    Disk 0 trace - called modules:
21:21:06.328    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spwf.sys >>UNKNOWN [0x8a636944]<<
21:21:06.328    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5889c0]
21:21:06.328    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000091[0x8a58aa28]
21:21:06.328    5 ACPI.sys[b9e69620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a589030]
21:21:06.703    AVAST engine scan C:\WINDOWS
21:21:38.187    AVAST engine scan C:\WINDOWS\system32
21:33:45.000    AVAST engine scan C:\WINDOWS\system32\drivers
21:34:46.140    AVAST engine scan C:\Dokumente und Einstellungen\tmondelli.NB-001
21:42:33.421    AVAST engine scan C:\Dokumente und Einstellungen\All Users
21:44:12.218    Scan finished successfully
21:51:55.406    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\MBR.dat"
21:51:55.421    The log file has been saved successfully to "C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\aswMBR.txt"
Gruß Thomas

cosinus 10.02.2012 22:18
GMER fehlt. Warum packst du nicht alles als CODE hier in den Beitrag? war ein Log zu groß?

struppyx 10.02.2012 22:42
GMER läuft noch, sobald er durch ist poste ich dir nochmal alles zusammen.

cosinus 10.02.2012 22:57
Ist ok, nimm dir die Zeit! :daumenhoc

struppyx 11.02.2012 07:59
Guten Morgen Arne,

nun habe ich alle Logs zusammen:

GMER:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-11 07:52:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST912082 rev.7.24
Running: 47crshwe.exe; Driver: C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\fftdqpog.sys


---- System - GMER 1.0.15 ----

SSDT      spec.sys                                                                                                                                      ZwCreateKey [0xB9EAB0E0]
SSDT      spec.sys                                                                                                                                      ZwEnumerateKey [0xB9EC8CA2]
SSDT      spec.sys                                                                                                                                      ZwEnumerateValueKey [0xB9EC9030]
SSDT      spec.sys                                                                                                                                      ZwOpenKey [0xB9EAB0C0]
SSDT      spec.sys                                                                                                                                      ZwQueryKey [0xB9EC9108]
SSDT      spec.sys                                                                                                                                      ZwQueryValueKey [0xB9EC8F88]
SSDT      spec.sys                                                                                                                                      ZwSetValueKey [0xB9EC919A]

INT 0x62  ?                                                                                                                                            8A685BF8
INT 0x73  ?                                                                                                                                            8A615BF8
INT 0x73  ?                                                                                                                                            8A684BF8
INT 0x73  ?                                                                                                                                            8A615BF8
INT 0xA4  ?                                                                                                                                            8A684BF8

---- Kernel code sections - GMER 1.0.15 ----

?        spec.sys                                                                                                                                      Das System kann die angegebene Datei nicht finden. !
.text    USBPORT.SYS!DllUnload                                                                                                                        B83B28AC 5 Bytes  JMP 8A6841D8

---- User code sections - GMER 1.0.15 ----

.text    C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[288] kernel32.dll!LoadLibraryExW + C4                                                        7C801BB9 4 Bytes  CALL 008E0001
.text    C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[288] kernel32.dll!CreateProcessW                                                            7C802336 6 Bytes  JMP 71A90F5A
.text    C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[288] kernel32.dll!CreateProcessA                                                            7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[400] kernel32.dll!LoadLibraryExW + C4                                        7C801BB9 4 Bytes  CALL 00BA0001
.text    C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[400] kernel32.dll!CreateProcessW                                              7C802336 6 Bytes  JMP 71A90F5A
.text    C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[400] kernel32.dll!CreateProcessA                                              7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Programme\Java\jre6\bin\jqs.exe[416] kernel32.dll!LoadLibraryExW + C4                                                                      7C801BB9 4 Bytes  CALL 00F10001
.text    C:\Programme\Java\jre6\bin\jqs.exe[416] kernel32.dll!CreateProcessW                                                                          7C802336 6 Bytes  JMP 71A80F5A
.text    C:\Programme\Java\jre6\bin\jqs.exe[416] kernel32.dll!CreateProcessA                                                                          7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\Programme\Google\Update\GoogleUpdate.exe[484] kernel32.dll!LoadLibraryExW + C4                                                            7C801BB9 4 Bytes  CALL 00FA0001
.text    C:\Programme\Google\Update\GoogleUpdate.exe[484] kernel32.dll!CreateProcessW                                                                  7C802336 6 Bytes  JMP 71A60F5A
.text    C:\Programme\Google\Update\GoogleUpdate.exe[484] kernel32.dll!CreateProcessA                                                                  7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[500] kernel32.dll!LoadLibraryExW + C4                                7C801BB9 4 Bytes  CALL 00CB0001
.text    C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[500] kernel32.dll!CreateProcessW                                    7C802336 6 Bytes  JMP 71A90F5A
.text    C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[500] kernel32.dll!CreateProcessA                                    7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\WINDOWS\Explorer.EXE[580] kernel32.dll!LoadLibraryExW + C4                                                                                7C801BB9 4 Bytes  CALL 00F00001
.text    C:\WINDOWS\Explorer.EXE[580] kernel32.dll!CreateProcessW                                                                                      7C802336 6 Bytes  JMP 71A90F5A
.text    C:\WINDOWS\Explorer.EXE[580] kernel32.dll!CreateProcessA                                                                                      7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[584] kernel32.dll!LoadLibraryExW + C4                                            7C801BB9 4 Bytes  CALL 00AF0001
.text    C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[584] kernel32.dll!CreateProcessW                                                7C802336 6 Bytes  JMP 71A80F5A
.text    C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[584] kernel32.dll!CreateProcessA                                                7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[616] kernel32.dll!LoadLibraryExW + C4                                                7C801BB9 4 Bytes  CALL 01310001
.text    C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[616] kernel32.dll!CreateProcessW                                                      7C802336 6 Bytes  JMP 71A60F5A
.text    C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[616] kernel32.dll!CreateProcessA                                                      7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe[624] kernel32.dll!LoadLibraryExW + C4                                            7C801BB9 4 Bytes  CALL 00DE0001
.text    C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe[624] kernel32.dll!CreateProcessW                                                  7C802336 6 Bytes  JMP 71A80F5A
.text    C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe[624] kernel32.dll!CreateProcessA                                                  7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 00F50001
.text    C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateProcessW                                                                              7C802336 6 Bytes  JMP 71A80F5A
.text    C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateProcessA                                                                              7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 01820001
.text    C:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!CreateProcessW                                                                            7C802336 6 Bytes  JMP 71A60F5A
.text    C:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!CreateProcessA                                                                            7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 01490001
.text    C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessW                                                                            7C802336 6 Bytes  JMP 71A80F5A
.text    C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessA                                                                            7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryExW + C4                                                                          7C801BB9 4 Bytes  CALL 01340001
.text    C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessW                                                                                7C802336 6 Bytes  JMP 71A60F5A
.text    C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessA                                                                                7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\Programme\iTunes\iTunesHelper.exe[1008] kernel32.dll!LoadLibraryExW + C4                                                                  7C801BB9 4 Bytes  CALL 00BB0001
.text    C:\Programme\iTunes\iTunesHelper.exe[1008] kernel32.dll!CreateProcessW                                                                        7C802336 6 Bytes  JMP 71A90F5A
.text    C:\Programme\iTunes\iTunesHelper.exe[1008] kernel32.dll!CreateProcessA                                                                        7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] kernel32.dll!LoadLibraryExW + C4              7C801BB9 4 Bytes  CALL 01FA0001
.text    C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] kernel32.dll!CreateProcessW                    7C802336 6 Bytes  JMP 71A80F5A
.text    C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] kernel32.dll!CreateProcessA                    7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 00E50001
.text    C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessW                                                                            7C802336 6 Bytes  JMP 71A80F5A
.text    C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessA                                                                            7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 01010001
.text    C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW                                                                            7C802336 6 Bytes  JMP 71A80F5A
.text    C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA                                                                            7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\WINDOWS\system32\bgsvcgen.exe[1280] kernel32.dll!LoadLibraryExW + C4                                                                      7C801BB9 4 Bytes  CALL 010F0001
.text    C:\WINDOWS\system32\bgsvcgen.exe[1280] kernel32.dll!CreateProcessW                                                                            7C802336 6 Bytes  JMP 71A80F5A
.text    C:\WINDOWS\system32\bgsvcgen.exe[1280] kernel32.dll!CreateProcessA                                                                            7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\Programme\Bonjour\mDNSResponder.exe[1316] kernel32.dll!LoadLibraryExW + C4                                                                7C801BB9 4 Bytes  CALL 00CF0001
.text    C:\Programme\Bonjour\mDNSResponder.exe[1316] kernel32.dll!CreateProcessW                                                                      7C802336 6 Bytes  JMP 71A80F5A
.text    C:\Programme\Bonjour\mDNSResponder.exe[1316] kernel32.dll!CreateProcessA                                                                      7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1356] kernel32.dll!LoadLibraryExW + C4                                        7C801BB9 4 Bytes  CALL 052B0001
.text    C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1356] kernel32.dll!CreateProcessW                                              7C802336 6 Bytes  JMP 71A80F5A
.text    C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1356] kernel32.dll!CreateProcessA                                              7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[1364] kernel32.dll!LoadLibraryExW + C4                                            7C801BB9 4 Bytes  CALL 00F50001
.text    C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[1364] kernel32.dll!CreateProcessW                                                  7C802336 6 Bytes  JMP 71A90F5A
.text    C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[1364] kernel32.dll!CreateProcessA                                                  7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 02650001
.text    C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!CreateProcessW                                                                            7C802336 6 Bytes  JMP 71A80F5A
.text    C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!CreateProcessA                                                                            7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 00D60001
.text    C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessW                                                                            7C802336 6 Bytes  JMP 71A80F5A
.text    C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessA                                                                            7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!LoadLibraryExW + C4                                                          7C801BB9 4 Bytes  CALL 07400001
.text    C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!CreateProcessW                                                                7C802336 6 Bytes  JMP 71A80F5A
.text    C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!CreateProcessA                                                                7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[1568] kernel32.dll!LoadLibraryExW + C4                                                            7C801BB9 4 Bytes  CALL 010D0001
.text    C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[1568] kernel32.dll!CreateProcessW                                                                7C802336 6 Bytes  JMP 71A80F5A
.text    C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[1568] kernel32.dll!CreateProcessA                                                                7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 00BB0001
.text    C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessW                                                                            7C802336 6 Bytes  JMP 71A80F5A
.text    C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessA                                                                            7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe[1704] kernel32.dll!LoadLibraryExW + C4                                                7C801BB9 4 Bytes  CALL 00B00001
.text    C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe[1704] kernel32.dll!CreateProcessW                                                      7C802336 6 Bytes  JMP 71A80F5A
.text    C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe[1704] kernel32.dll!CreateProcessA                                                      7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 00DD0001
.text    C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessW                                                                            7C802336 6 Bytes  JMP 71A80F5A
.text    C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessA                                                                            7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 00DC0001
.text    C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessW                                                                            7C802336 6 Bytes  JMP 71A80F5A
.text    C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessA                                                                            7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1892] kernel32.dll!LoadLibraryExW + C4                                                            7C801BB9 4 Bytes  CALL 0A6D0001
.text    C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1892] kernel32.dll!CreateProcessW                                                                  7C802336 6 Bytes  JMP 71A80F5A
.text    C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1892] kernel32.dll!CreateProcessA                                                                  7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\WINDOWS\system32\spoolsv.exe[1992] kernel32.dll!LoadLibraryExW + C4                                                                        7C801BB9 4 Bytes  CALL 00D90001
.text    C:\WINDOWS\system32\spoolsv.exe[1992] kernel32.dll!CreateProcessW                                                                            7C802336 6 Bytes  JMP 71A80F5A
.text    C:\WINDOWS\system32\spoolsv.exe[1992] kernel32.dll!CreateProcessA                                                                            7C80236B 6 Bytes  JMP 71AE0F5A
.text    C:\Programme\Analog Devices\Core\smax4pnp.exe[2052] kernel32.dll!LoadLibraryExW + C4                                                          7C801BB9 4 Bytes  CALL 00E00001
.text    C:\Programme\Analog Devices\Core\smax4pnp.exe[2052] kernel32.dll!CreateProcessW                                                              7C802336 6 Bytes  JMP 71A90F5A
.text    C:\Programme\Analog Devices\Core\smax4pnp.exe[2052] kernel32.dll!CreateProcessA                                                              7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[2124] kernel32.dll!LoadLibraryExW + C4                                                            7C801BB9 4 Bytes  CALL 01540001
.text    C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[2124] kernel32.dll!CreateProcessW                                                                7C802336 6 Bytes  JMP 71A90F5A
.text    C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[2124] kernel32.dll!CreateProcessA                                                                7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe[2172] kernel32.dll!LoadLibraryExW + C4  7C801BB9 4 Bytes  CALL 008D0001
.text    C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe[2172] kernel32.dll!CreateProcessW      7C802336 6 Bytes  JMP 71A90F5A
.text    C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe[2172] kernel32.dll!CreateProcessA      7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Programme\Synology Data Replicator  3\SynoDrService.exe[2220] kernel32.dll!LoadLibraryExW + C4                                            7C801BB9 4 Bytes  CALL 00980001
.text    C:\Programme\Synology Data Replicator  3\SynoDrService.exe[2220] kernel32.dll!CreateProcessW                                                  7C802336 6 Bytes  JMP 71A90F5A
.text    C:\Programme\Synology Data Replicator  3\SynoDrService.exe[2220] kernel32.dll!CreateProcessA                                                  7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2268] kernel32.dll!LoadLibraryExW + C4                                                  7C801BB9 4 Bytes  CALL 00DA0001
.text    C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2268] kernel32.dll!CreateProcessW                                                      7C802336 6 Bytes  JMP 71A50F5A
.text    C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2268] kernel32.dll!CreateProcessA                                                      7C80236B 6 Bytes  JMP 71AD0F5A
.text    E:\Temp\47crshwe.exe[2384] kernel32.dll!LoadLibraryExW + C4                                                                                  7C801BB9 4 Bytes  CALL 00C00001
.text    E:\Temp\47crshwe.exe[2384] kernel32.dll!CreateProcessW                                                                                        7C802336 6 Bytes  JMP 71A90F5A
.text    E:\Temp\47crshwe.exe[2384] kernel32.dll!CreateProcessA                                                                                        7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] kernel32.dll!LoadLibraryExW + C4                                                7C801BB9 4 Bytes  CALL 011B0001
.text    C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] kernel32.dll!CreateProcessW                                                      7C802336 6 Bytes  JMP 71A90F5A
.text    C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] kernel32.dll!CreateProcessA                                                      7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\WINDOWS\system32\igfxsrvc.exe[2432] kernel32.dll!LoadLibraryExW + C4                                                                      7C801BB9 4 Bytes  CALL 00B80001
.text    C:\WINDOWS\system32\igfxsrvc.exe[2432] kernel32.dll!CreateProcessW                                                                            7C802336 6 Bytes  JMP 71A90F5A
.text    C:\WINDOWS\system32\igfxsrvc.exe[2432] kernel32.dll!CreateProcessA                                                                            7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[2520] kernel32.dll!LoadLibraryExW + C4                                                          7C801BB9 4 Bytes  CALL 013C0001
.text    C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[2520] kernel32.dll!CreateProcessW                                                                7C802336 6 Bytes  JMP 71A90F5A
.text    C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[2520] kernel32.dll!CreateProcessA                                                                7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Programme\iPod\bin\iPodService.exe[2604] kernel32.dll!LoadLibraryExW + C4                                                                  7C801BB9 4 Bytes  CALL 00980001
.text    C:\Programme\iPod\bin\iPodService.exe[2604] kernel32.dll!CreateProcessW                                                                      7C802336 6 Bytes  JMP 71A90F5A
.text    C:\Programme\iPod\bin\iPodService.exe[2604] kernel32.dll!CreateProcessA                                                                      7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe[2824] kernel32.dll!LoadLibraryExW + C4                                                    7C801BB9 4 Bytes  CALL 00C00001
.text    C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe[2824] kernel32.dll!CreateProcessW                                                          7C802336 6 Bytes  JMP 71A90F5A
.text    C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe[2824] kernel32.dll!CreateProcessA                                                          7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\WINDOWS\system32\igfxtray.exe[2868] kernel32.dll!LoadLibraryExW + C4                                                                      7C801BB9 4 Bytes  CALL 00C00001
.text    C:\WINDOWS\system32\igfxtray.exe[2868] kernel32.dll!CreateProcessW                                                                            7C802336 6 Bytes  JMP 71A90F5A
.text    C:\WINDOWS\system32\igfxtray.exe[2868] kernel32.dll!CreateProcessA                                                                            7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\WINDOWS\system32\wbem\wmiapsrv.exe[2908] kernel32.dll!LoadLibraryExW + C4                                                                  7C801BB9 4 Bytes  CALL 009D0001
.text    C:\WINDOWS\system32\wbem\wmiapsrv.exe[2908] kernel32.dll!CreateProcessW                                                                      7C802336 6 Bytes  JMP 71A90F5A
.text    C:\WINDOWS\system32\wbem\wmiapsrv.exe[2908] kernel32.dll!CreateProcessA                                                                      7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\WINDOWS\system32\hkcmd.exe[2920] kernel32.dll!LoadLibraryExW + C4                                                                          7C801BB9 4 Bytes  CALL 00C00001
.text    C:\WINDOWS\system32\hkcmd.exe[2920] kernel32.dll!CreateProcessW                                                                              7C802336 6 Bytes  JMP 71A90F5A
.text    C:\WINDOWS\system32\hkcmd.exe[2920] kernel32.dll!CreateProcessA                                                                              7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\WINDOWS\system32\igfxpers.exe[2956] kernel32.dll!LoadLibraryExW + C4                                                                      7C801BB9 4 Bytes  CALL 00B70001
.text    C:\WINDOWS\system32\igfxpers.exe[2956] kernel32.dll!CreateProcessW                                                                            7C802336 6 Bytes  JMP 71A90F5A
.text    C:\WINDOWS\system32\igfxpers.exe[2956] kernel32.dll!CreateProcessA                                                                            7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\WINDOWS\System32\alg.exe[3008] kernel32.dll!LoadLibraryExW + C4                                                                            7C801BB9 4 Bytes  CALL 00940001
.text    C:\WINDOWS\System32\alg.exe[3008] kernel32.dll!CreateProcessW                                                                                7C802336 6 Bytes  JMP 71A90F5A
.text    C:\WINDOWS\System32\alg.exe[3008] kernel32.dll!CreateProcessA                                                                                7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3060] kernel32.dll!LoadLibraryExW + C4                                                                  7C801BB9 4 Bytes  CALL 00A00001
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3060] kernel32.dll!CreateProcessW                                                                      7C802336 6 Bytes  JMP 71A90F5A
.text    C:\WINDOWS\system32\wbem\wmiprvse.exe[3060] kernel32.dll!CreateProcessA                                                                      7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[3292] kernel32.dll!LoadLibraryExW + C4                                        7C801BB9 4 Bytes  CALL 00C60001
.text    C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[3292] kernel32.dll!CreateProcessW                                            7C802336 6 Bytes  JMP 71A90F5A
.text    C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[3292] kernel32.dll!CreateProcessA                                            7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Programme\Microsoft Security Client\msseces.exe[3660] kernel32.dll!LoadLibraryExW + C4                                                    7C801BB9 4 Bytes  CALL 00CD0001
.text    C:\Programme\Microsoft Security Client\msseces.exe[3660] kernel32.dll!CreateProcessW                                                          7C802336 6 Bytes  JMP 71A90F5A
.text    C:\Programme\Microsoft Security Client\msseces.exe[3660] kernel32.dll!CreateProcessA                                                          7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[3664] kernel32.dll!LoadLibraryExW + C4                                                    7C801BB9 4 Bytes  CALL 00FC0001
.text    C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[3664] kernel32.dll!CreateProcessW                                                        7C802336 6 Bytes  JMP 71A70F5A
.text    C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[3664] kernel32.dll!CreateProcessA                                                        7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3816] kernel32.dll!LoadLibraryExW + C4                                          7C801BB9 4 Bytes  CALL 00DC0001
.text    C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3816] kernel32.dll!CreateProcessW                                                7C802336 6 Bytes  JMP 71A90F5A
.text    C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3816] kernel32.dll!CreateProcessA                                                7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3820] kernel32.dll!LoadLibraryExW + C4                                    7C801BB9 4 Bytes  CALL 00B30001
.text    C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3820] kernel32.dll!CreateProcessW                                        7C802336 6 Bytes  JMP 71A90F5A
.text    C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3820] kernel32.dll!CreateProcessA                                        7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[3856] kernel32.dll!LoadLibraryExW + C4                                                  7C801BB9 4 Bytes  CALL 00D40001
.text    C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[3856] kernel32.dll!CreateProcessW                                                        7C802336 6 Bytes  JMP 71A70F5A
.text    C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[3856] kernel32.dll!CreateProcessA                                                        7C80236B 6 Bytes  JMP 71AF0F5A
.text    C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[3976] kernel32.dll!LoadLibraryExW + C4                                7C801BB9 4 Bytes  CALL 00B60001
.text    C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[3976] kernel32.dll!CreateProcessW                                      7C802336 6 Bytes  JMP 71A90F5A
.text    C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[3976] kernel32.dll!CreateProcessA                                      7C80236B 6 Bytes  JMP 71AF0F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT      atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                            [B9EAC046] spec.sys
IAT      atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                                    [B9EAC142] spec.sys
IAT      atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                                          [B9EAC0C4] spec.sys
IAT      atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                                  [B9EAC7CE] spec.sys
IAT      atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                                          [B9EAC6A4] spec.sys
IAT      \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                                            [B9EB7D7A] spec.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT      C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                                      [00F12F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT      C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                                            [00F12C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT      C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                                          [00F12CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT      C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                                                [00F12CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT      C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                      [011C2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT      C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]            [011C2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT      C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                          [011C2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT      C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                [011C2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                                                        8A6831F8
Device    \Driver\usbuhci \Device\USBPDO-0                                                                                                              89B5B1F8
Device    \Driver\dmio \Device\DmControl\DmIoDaemon                                                                                                    8A6161F8
Device    \Driver\dmio \Device\DmControl\DmConfig                                                                                                      8A6161F8
Device    \Driver\dmio \Device\DmControl\DmPnP                                                                                                          8A6161F8
Device    \Driver\dmio \Device\DmControl\DmInfo                                                                                                        8A6161F8
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                                              89B5B1F8
Device    \Driver\usbuhci \Device\USBPDO-2                                                                                                              89B5B1F8
Device    \Driver\usbuhci \Device\USBPDO-3                                                                                                              89B5B1F8
Device    \Driver\usbehci \Device\USBPDO-4                                                                                                              89B2E1F8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{D96C6CDB-062D-46B2-B66F-FA4B9ECC5E51}                                                                      897BC500
Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                        8A6861F8
Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                                                        8A6861F8
Device    \Driver\Cdrom \Device\CdRom0                                                                                                                  89B071F8
Device    \Driver\iastor \Device\Ide\iaStor0                                                                                                            [B9D585D0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                                                  [B9DE0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                                            [B9DE0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\iastor \Device\Ide\IAAStorageDevice-0                                                                                                [B9D585D0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                      897BC500
Device    \Driver\NetBT \Device\NetbiosSmb                                                                                                              897BC500
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                                              89B5B1F8
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                                              89B5B1F8
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                            8983B500
Device    \Driver\usbuhci \Device\USBFDO-2                                                                                                              89B5B1F8
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                                  8983B500
Device    \Driver\usbuhci \Device\USBFDO-3                                                                                                              89B5B1F8
Device    \Driver\usbehci \Device\USBFDO-4                                                                                                              89B2E1F8
Device    \Driver\Ftdisk \Device\FtControl                                                                                                              8A6861F8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{CEAE2D63-0D6E-426B-A352-BE5CF7D88C2A}                                                                      897BC500
Device    \FileSystem\Cdfs \Cdfs                                                                                                                        89A58500

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                            771343423
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                            285507792
Reg      HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                                           
Reg      HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                                              Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b                            0xC8 0x28 0x51 0xAF ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                                           
Reg      HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                                              Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b                            0x71 0x3B 0x04 0x66 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                                           
Reg      HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                                              Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016                            0x25 0xDA 0xEC 0x7E ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                                           
Reg      HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                                              Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48                            0x86 0x8C 0x21 0x01 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                                           
Reg      HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                                              Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472                            0xCD 0x44 0xCD 0xB9 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                                           
Reg      HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                                              Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d                            0xDF 0x20 0x58 0x62 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                                           
Reg      HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                                              Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b                            0x31 0x77 0xE1 0xBA ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                                           
Reg      HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                                              Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d                            0x83 0x6C 0x56 0x8B ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                                           
Reg      HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                                              Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3                            0x51 0xFA 0x6E 0x91 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                                           
Reg      HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                                              Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b                            0xB1 0xCD 0x45 0x5A ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                                           
Reg      HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                                              Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6                            0xE3 0x0E 0x66 0xD5 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                                           
Reg      HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                                              Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                                            C:\WINDOWS\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2                            0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File      C:\Dokumente und Einstellungen\tmondelli.NB-001\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4TFY2B41\integrity-local[1].txt    40 bytes
File      C:\Dokumente und Einstellungen\tmondelli.NB-001\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4TFY2B41\integrity-local[2].txt    40 bytes

---- EOF - GMER 1.0.15 ----
OSAM:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:08:52 on 10.02.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\WINDOWS\system32\sdnclean.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"Check for updates (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Refresh immunization (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDImmunize.exe
"Scan the system (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDScan.exe
"MP Scheduled Scan.job" - "Microsoft Corporation" - C:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe
"Synology Data Replicator 3-NB-001-tmondelli.job" - ? - C:\Programme\Synology Data Replicator  3\Backup.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"ImageDrive.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\ImageDrive.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"HPWACpl" - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\HP Wireless Assistant\WACntlPnl.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"BlackBerry-Smartphone" (RimUsb) - ? - C:\WINDOWS\System32\Drivers\RimUsb.sys  (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\catchme.sys  (File not found)
"cercsr6" (cercsr6) - "Adaptec, Inc." - C:\WINDOWS\system32\drivers\cercsr6.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"fftdqpog" (fftdqpog) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\fftdqpog.sys  (Hidden registry entry, rootkit activity | File not found)
"GEAR ASPI Filter Driver" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MpKsla4b0dc35" (MpKsla4b0dc35) - "Microsoft Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{126C6DA4-AF2A-4415-89FA-30A859E32C96}\MpKsla4b0dc35.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"SANDRA" (SANDRA) - ? - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\WNt500x86\Sandra.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"Spybot-S&D 2 Hook Driver" (SDHookDriver) - ? - C:\Programme\Spybot - Search & Destroy 2\SDHookDrv32.sys  (File found, but it contains no detailed information)
"tclondrv" (tclondrv) - ? - C:\WINDOWS\System32\DRIVERS\tclondrv.sys  (File not found)
"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WinDriver6" (WinDriver6) - "Jungo" - C:\WINDOWS\System32\drivers\windrvr6.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{9C450606-ED24-4958-92BA-B8940C99D441} "PixiePack Codec Pack 1.1.400.0" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Programme\Pinnacle\VideoSpin\Programs\BlueShellExt.dll  (File found, but it contains no detailed information)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll  (File found, but it contains no detailed information)
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI239C~1\shellext.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{44176360-2BBF-4EC1-93CE-384B8681A0BC} "Spybot-S&D Explorer Integration" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDECon32.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx / hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10t.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} "StumbleUpon" - "StumbleUpon Inc." - C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUpon.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\tmondelli.NB-001\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ISUSPM" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"IntelWireless" - "Intel Corporation" - "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
"IntelZeroConfig" - "Intel Corporation" - "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
"iSaverCtrl" - "infoMantis GmbH" - C:\Programme\iSaver\iSaverCtrl.exe --startup
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"MSC" - "Microsoft Corporation" - "C:\Programme\Microsoft Security Client\msseces.exe" -hide -runkey
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SDTray" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe"
"Spybot-S&D Cleaning" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Broadcom 802.11 Wireless LAN Adapter Logon Provider" - "Broadcom Corporation" - C:\WINDOWS\System32\BCMLogon.dll
"IntelNetProvCredMan" - "Intel Corporation" - c:\windows\system32\netprovcredman.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDFCreator" - "internet-support foehr.com" - C:\WINDOWS\system32\pdfcmnnt.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\WINDOWS\system32\bgsvcgen.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9cc19a2b7bc2e)" (gupdate1c9cc19a2b7bc2e) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"INTERMEDIATE enomic Intern Server" (crmsrv) - ? - "C:\Programme\Intermediate Intern Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf  (File not found)
"Intermediate ENOMIC Server" (enomicsrv) - ? - "C:\Programme\Intermediate Demo Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf  (File not found)
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LiveShare P2P Server 9" (RoxLiveShare9) - ? - "C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe"  (File not found)
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
"Spybot S&D 2 Live Protection Service" (SDHookService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe
"Spybot-S&D 2 Scanner Service" (SDScannerService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
"Spybot-S&D 2 Updating Service" (SDUpdateService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
"StumbleUpon Updater" (StumbleUponUpdater) - ? - C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe  (File found, but it contains no detailed information)
"SynoDrService" (SynoDrService) - ? - C:\Programme\Synology Data Replicator  3\SynoDrService.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR:
Code:
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-10 21:19:13
-----------------------------
21:19:13.734    OS Version: Windows 5.1.2600 Service Pack 3
21:19:13.734    Number of processors: 2 586 0xF06
21:19:13.734    ComputerName: NB-001  UserName:
21:19:14.109    Initialize success
21:19:18.484    AVAST engine defs: 12021000
21:19:22.312    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:19:22.312    Disk 0 Vendor: ST912082 7.24 Size: 114473MB BusType: 3
21:19:22.468    Disk 0 MBR read successfully
21:19:22.468    Disk 0 MBR scan
21:19:22.500    Disk 0 Windows XP default MBR code
21:19:22.500    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        50011 MB offset 63
21:19:22.546    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        64459 MB offset 102422880
21:19:22.640    Disk 0 scanning sectors +234435600
21:19:22.859    Disk 0 scanning C:\WINDOWS\system32\drivers
21:19:57.281    Service scanning
21:19:57.609    Service MpKsla4b0dc35 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{126C6DA4-AF2A-4415-89FA-30A859E32C96}\MpKsla4b0dc35.sys **LOCKED** 32
21:19:57.656    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
21:19:58.187    Modules scanning
21:21:06.265    Disk 0 trace - called modules:
21:21:06.328    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spwf.sys >>UNKNOWN [0x8a636944]<<
21:21:06.328    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5889c0]
21:21:06.328    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000091[0x8a58aa28]
21:21:06.328    5 ACPI.sys[b9e69620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a589030]
21:21:06.703    AVAST engine scan C:\WINDOWS
21:21:38.187    AVAST engine scan C:\WINDOWS\system32
21:33:45.000    AVAST engine scan C:\WINDOWS\system32\drivers
21:34:46.140    AVAST engine scan C:\Dokumente und Einstellungen\tmondelli.NB-001
21:42:33.421    AVAST engine scan C:\Dokumente und Einstellungen\All Users
21:44:12.218    Scan finished successfully
21:51:55.406    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\MBR.dat"
21:51:55.421    The log file has been saved successfully to "C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\aswMBR.txt"
Bin gespannt auf deine Einschätzung

Gruß Thomas

cosinus 12.02.2012 13:13
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

struppyx 13.02.2012 22:52
Hallo Arne,

hier die Logs der zwei Vollscans.

Malwarebytes lief ohne Beanstandung durch:
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.13.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
tmondelli :: NB-001 [Administrator]

Schutz: Deaktiviert

13.02.2012 10:49:19
mbam-log-2012-02-13 (10-49-19).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 524890
Laufzeit: 4 Stunde(n), 17 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

struppyx 13.02.2012 22:58
SASW hat dann doch noch was gefunden.
Einen Haufen Adware Cookies (poste ich extra, da sie nicht alle in einen Thread passen.

Eine C1541.exe (die stammt von einer Commodore 64 Emu) Ich habe mal gegoogelt , von der sollte keine Gefahr ausgehen.
Das andere scheint noch ein letzter Rest vom leidigen Softonic zu sein. :kloppen:
Allerdings bei der loader.exe von pixcreations, habe ich keine Ahnung, was die zu bedeuten hat.

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/13/2012 at 10:49 PM

Application Version : 5.0.1144

Core Rules Database Version : 8230
Trace Rules Database Version: 6042

Scan type      : Complete Scan
Total Scan Time : 06:55:19

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 574
Memory threats detected  : 0
Registry items scanned    : 35366
Registry threats detected : 0
File items scanned        : 240749
File threats detected    : 900



PotentiallyUnwanted.Softonic
        E:\SYSTEM VOLUME INFORMATION\_RESTORE{B7588483-C639-40AA-9F38-7BBD7F79D534}\RP955\A0182228.EXE

Trojan.Agent/Gen-SoftonicDownloader
        E:\SYSTEM VOLUME INFORMATION\_RESTORE{B7588483-C639-40AA-9F38-7BBD7F79D534}\RP955\A0182231.EXE

Trojan.Agent/Gen-Kazy
        E:\TOMMYTHEK\SPIELE\C643\C1541.EXE
        T:\SPIELE\C643\C1541.EXE

Trojan.Unclassified/Loader-Suspicious
        C:\PROGRAMME\PIXCREATIONS\APACHE3\LOADER.EXE
Soll ich die gefundenen Objekte mit SASW löschen?

Gruß Thomas

struppyx 13.02.2012 23:04
Benötigst du auch die Adware.Tracking Cookies?
Sind fast 900 und passen nicht in einen Thread.

Gruß Thomas

cosinus 13.02.2012 23:19
Die Cookies sind nicht relevant.
Aber was ist das:

Trojan.Agent/Gen-Kazy
E:\TOMMYTHEK\SPIELE\C643\C1541.EXE
T:\SPIELE\C643\C1541.EXE

struppyx 13.02.2012 23:26
Die C1541.exe gehört zu einer Emulation, mit der man alte Comodore 64 Spiele auch auf dem PC nutzen kann. Nach den Ergebnissen meiner Google-Recherche sollte die Datei unbedenklich sein, aber ich kann sie auch vorsichtshalber löschen.

Gruß Thomas

cosinus 13.02.2012 23:34
Nee lass mal sein, das Tool SASW ist auch sehr fehlalarmlastig.
Rechner soweit wieder im Lot oder noch Probleme offen? Was Cookies sind ist dir bewusst?

struppyx 13.02.2012 23:48
Rechner läuft seit Tagen ohne Auffälligkeiten.
:dankeschoen:

Wegen den Cookies war ich selber überrascht, wie viel sich da mit der Zeit ansammelt. Werde mal aufräumen und die Dinger mit SUPERAntiSpyware löschen. Den Softonic Downloader würde ich auch endgültig von meinem System löschen.

Nachdem wir nun ja etliche Tools verwendet haben, würde mich noch interessieren, welcher der Scanner sich am besten eignet, meinen Rechner regelmäßig zu überprüfen. Hast du da einen Tipp für mich?

Die andern Tools würde ich ansonsten wieder deinstallieren.

Gruß Thomas

cosinus 13.02.2012 23:50
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

struppyx 13.02.2012 23:56
Lieber Arne,

nochmals vielen, vielen Dank für deine tolle und vor allem kompetente Unterstützung. Ich gebe zu, am Anfang war ich kurz davor zu kapitulieren, aber dank deiner Hilfe haben wir den Patienten doch noch vom Tropf bekommen.
:party:


Ich wünsche eine gute Nacht
Thomas


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:33 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131