Trojaner-Board - Fehler beim Laden von C:\...\dcopegy.dll

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Fehler beim Laden von C:\...\dcopegy.dll (https://www.trojaner-board.de/97125-fehler-beim-laden-c-dcopegy-dll.html)

Fehler beim Laden von C:\...\dcopegy.dll

Hallo zusammen,

Mein System ist bis jetzt eigentlich immer reibungslos gelaufen, jedoch habe ich letztens mal wieder AntiVir und Spybot durchlaufen lassen, wo bei beiden Programmen mehrere Trojaner entdeckt wurden. Habe diese dann in Quarantäne verschoben bzw. gelöscht. Daraufhin wurde das System neu gestartet und da kam auch schon das Problem, welches jetzt noch immer besteht. Nämlich ist es so, dass wenn ich den Rechner starte, mich anmelde und warte, bis ich den Rechner nutzen kann, kommt eine Fehlermeldung mit der Überschrift "RUNDLL". Der Text der Fehlermeldung besagt: "Fehler beim Laden von C:\WINXP\dcopegy.dll - Das angegebene Modul wurde nicht gefunden."
Nach klick auf OK habe ich beide zuvor genannten Programme nochmals 2 Mal durchlaufen lassen, wodurch dann keine Viren/Trojaner bzw. Fehler mehr entdeckt wurden. Nach erneutem Neustart kam die Fehlermeldung immernoch. Dies ist aber bestimmt schon eine Woche her, da ich zwischendurch nicht Zuhause war. Jedoch besteht das Problem noch immer.
Ich hoffe, mir kann jemand helfen.
Ich bedanke mich schonmal im Voraus!

Anschließend noch die gerade eben erstellten Logfiles..

Malwarebytes:

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6266
 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702
 

04.04.2011 15:21:17

mbam-log-2011-04-04 (15-21-17).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 169531

Laufzeit: 4 Minute(n), 10 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 2

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 1

Infizierte Dateien: 2
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_CURRENT_USER\Software\MarketPrecision\DuhikiToolbar (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Adparatus (Adware.Adparatus) -> Quarantined and deleted successfully.
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

c:\spy.qwas (Trojan.SpyEyes) -> Quarantined and deleted successfully.
 

Infizierte Dateien:

c:\spy.qwas\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

c:\dokumente und einstellungen\***\anwendungsdaten\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

OTL:

Code:

OTL Extras logfile created on: 04.04.2011 15:36:24 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme

Drive C: | 111,79 Gb Total Space | 61,57 Gb Free Space | 55,08% Space Free | Partition Type: NTFS

 

Computer Name: *** | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.scr [@ = scrfile] -- "%1" /S 

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S 

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"2799:UDP" = 2799:UDP:*:Enabled:Altova License Metering Port (UDP)

"2799:TCP" = 2799:TCP:*:Enabled:Altova License Metering Port (TCP)

"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)

"C:\Dokumente und Einstellungen\Pascal\Desktop\CS CZ\Condition Zero\czero.exe" = C:\Dokumente und Einstellungen\Pascal\Desktop\CS CZ\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher

"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver

"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application

"C:\Programme\TmUnitedForever\TmForever.exe" = C:\Programme\TmUnitedForever\TmForever.exe:*:Enabled:TmForever

"C:\WINXP\system32\javaw.exe" = C:\WINXP\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)

"C:\Programme\SRWare Iron\iron.exe" = C:\Programme\SRWare Iron\iron.exe:*:Enabled:SRWare Iron

"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)

"C:\WINXP\system32\mmc.exe" = C:\WINXP\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

"C:\Programme\Valve\Steam\SteamApps\g3k0677\condition zero deleted scenes\hl.exe" = C:\Programme\Valve\Steam\SteamApps\g3k0677\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

"C:\Programme\Valve\Steam\SteamApps\g3k0677\condition zero\hl.exe" = C:\Programme\Valve\Steam\SteamApps\g3k0677\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

"C:\Programme\EA Sports\FIFA 11 Demo\Game\fifa.exe" = C:\Programme\EA Sports\FIFA 11 Demo\Game\fifa.exe:*:Enabled:FIFA 11

"C:\Programme\Valve\Steam\SteamApps\g3k0677\counter-strike\hl.exe" = C:\Programme\Valve\Steam\SteamApps\g3k0677\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)

"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library

"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6

"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility

"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup

"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 24

"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3

"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility

"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1

"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer

"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup

"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series

"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Qtpfsgui 1.9.3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{90AB0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1

"{90AC0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 2

"{90AD0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3

"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6

"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver

"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management

"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver

"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7

"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi

"{CE6ED5AE-4F78-4B50-ADA5-A8F24DBDC673}" = Cisco AnyConnect VPN Client

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{D879E023-A47A-487A-AE00-30728F9612CB}" = Altova UModel® 2009 sp1 Enterprise Edition

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

"{E97B5B50-9843-11D4-9FB6-00105ADD64DB}" = EasyCODE-EasyCASE JAVA Standard 6.8

"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL

"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F1168575-4145-441A-AFF9-24E1E5C51031}" = Nero 7 Essentials

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings

"5BD344B056B3C55F64C360DB77A427268720A03F" = Windows-Treiberpaket - Ricoh R5U870 (UVC)  (11/07/2006 6.1003.206.0)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3

"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4

"AFD653D92C0CA9E8F375124D6A0B19FFBA89B1D2" = Windows Driver Package - Razer (Razerlow) HIDClass  (03/07/2007 1.0.0.2)

"Analogy" = Analogy Screen Saver

"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus

"ArgoUML" = ArgoUML 0.28

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)

"BundesDeutscheGesetze" = BundesDeutscheGesetze

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"DAEMON Tools Toolbar" = DAEMON Tools Toolbar

"eestruct_is1" = eestruct

"ENTERPRISE" = Microsoft Office Enterprise 2007

"FairUse Wizard 2" = FairUse Wizard 2

"FotoSketcher_is1" = FotoSketcher - Version 1.9

"Free Studio_is1" = Free Studio version 4.2

"Funktion" = Funktion

"Google Updater" = Google Updater

"ie8" = Windows Internet Explorer 8

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mario Forever v 2.16 !" = Mario Forever v 2.16 !

"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5

"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU

"MiKTeX 2.7" = MiKTeX 2.7

"MouseSuite98" = Sony USB Mouse

"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)

"NVIDIA Drivers" = NVIDIA Drivers

"PolarClock3" = PolarClock3 Screen Saver

"ProInst" = Intel(R) PROSet/Wireless Software

"PunkBusterSvc" = PunkBuster Services

"RealPlayer 6.0" = RealPlayer

"Samsung CLP-310 Series" = Samsung CLP-310 Series

"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.50

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 0.9.8a

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 03.04.2011 09:09:44 | Computer Name = PASCALSPC | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2011/04/03 15:09:44.343]: [00003168]: lperrcode->api

 = 3 , lperrcode->code = 31   

 

Error - 03.04.2011 09:09:44 | Computer Name = *** | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2011/04/03 15:09:44.515]: [00000564]: CUsbScnDev: DeviceIoControl

 Illegal response  

 

Error - 03.04.2011 09:09:45 | Computer Name = *** | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2011/04/03 15:09:45.843]: [00003168]: lperrcode->api

 = 1 , lperrcode->code = 2   

 

Error - 03.04.2011 09:09:47 | Computer Name = *** | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2011/04/03 15:09:47.343]: [00003168]: lperrcode->api

 = 1 , lperrcode->code = 2   

 

Error - 03.04.2011 09:09:48 | Computer Name = *** | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2011/04/03 15:09:48.859]: [00003168]: lperrcode->api

 = 1 , lperrcode->code = 2   

 

Error - 03.04.2011 09:09:50 | Computer Name = *** | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2011/04/03 15:09:50.359]: [00003168]: lperrcode->api

 = 1 , lperrcode->code = 2   

 

Error - 03.04.2011 09:09:51 | Computer Name = *** | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2011/04/03 15:09:51.859]: [00003168]: lperrcode->api

 = 1 , lperrcode->code = 2   

 

Error - 03.04.2011 09:09:53 | Computer Name = *** | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2011/04/03 15:09:53.359]: [00003168]: lperrcode->api

 = 1 , lperrcode->code = 2   

 

Error - 03.04.2011 09:09:54 | Computer Name = *** | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2011/04/03 15:09:54.859]: [00003168]: lperrcode->api

 = 1 , lperrcode->code = 2   

 

Error - 03.04.2011 09:09:56 | Computer Name = *** | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2011/04/03 15:09:56.359]: [00003168]: lperrcode->api

 = 1 , lperrcode->code = 2   

 

[ Cisco AnyConnect VPN Client Events ]

Error - 04.04.2011 06:19:00 | Computer Name = *** | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:

 645 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647

 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 

 

Error - 04.04.2011 06:19:00 | Computer Name = *** | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:

 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -33095647 (0xFE070021)

Description:

 ROUTETABLE_ERROR_GETBESTROUTE_FAILED 

 

Error - 04.04.2011 06:19:00 | Computer Name = *** | Source = vpnagent | ID = 67108866

Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp

Line:

 2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 

(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 

 

Error - 04.04.2011 06:19:00 | Computer Name = *** | Source = vpnagent | ID = 67108866

Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 

2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647

 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 

 

Error - 04.04.2011 06:19:00 | Computer Name = *** | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp

Line:

 7578 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647

 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 

 

Error - 04.04.2011 06:19:00 | Computer Name = *** | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:

 5613 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647

 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 

 

Error - 04.04.2011 06:19:00 | Computer Name = *** | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5353

Invoked

 Function: CMainThread::genericNoticeHandler Return Code: -33095647 (0xFE070021) Description:

 ROUTETABLE_ERROR_GETBESTROUTE_FAILED 

 

Error - 04.04.2011 06:19:00 | Computer Name = *** | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5315

Invoked

 Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description:

 ROUTETABLE_ERROR_GETBESTROUTE_FAILED 

 

Error - 04.04.2011 06:19:00 | Computer Name = *** | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp

Line:

 5077 Invoked Function: CMainThread::noticeHandler Return Code: -33095647 (0xFE070021)

Description:

 ROUTETABLE_ERROR_GETBESTROUTE_FAILED 

 

Error - 04.04.2011 06:19:00 | Computer Name = *** | Source = vpnagent | ID = 67108866

Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 

5003 Invoked Function: internalCallbackHandler Return Code: -33095647 (0xFE070021)

Description:

 ROUTETABLE_ERROR_GETBESTROUTE_FAILED 

 

[ System Events ]

Error - 04.04.2011 06:44:09 | Computer Name = *** | Source = ipnathlp | ID = 31012

Description = Es ist ein Fehler bei der Übertragung der lokalen Liste der  Namensauflösungsserver

 zum DNS-Proxy-Agenten aufgetreten.  Einige DNS- oder WINS-Server sind für Clients

 des lokalen Netzwerks nicht erreichbar.  Die Daten enthalten den Fehlercode.

 

Error - 04.04.2011 06:44:09 | Computer Name = *** | Source = ipnathlp | ID = 31012

Description = Es ist ein Fehler bei der Übertragung der lokalen Liste der  Namensauflösungsserver

 zum DNS-Proxy-Agenten aufgetreten.  Einige DNS- oder WINS-Server sind für Clients

 des lokalen Netzwerks nicht erreichbar.  Die Daten enthalten den Fehlercode.

 

Error - 04.04.2011 06:44:15 | Computer Name = *** | Source = ipnathlp | ID = 31012

Description = Es ist ein Fehler bei der Übertragung der lokalen Liste der  Namensauflösungsserver

 zum DNS-Proxy-Agenten aufgetreten.  Einige DNS- oder WINS-Server sind für Clients

 des lokalen Netzwerks nicht erreichbar.  Die Daten enthalten den Fehlercode.

 

Error - 04.04.2011 06:44:22 | Computer Name = *** | Source = ipnathlp | ID = 30013

Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.100 deaktiviert,

 da  die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt,  von der

 die Adressen DHCP-Clients zu gewiesen werden. Ändern  Sie den Bereich, sodass die

 IP-Adresse mit einbezogen wird,  oder ändern Sie die IP-Adresse, sodass sie innerhalb

 dieses  Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.

 

Error - 04.04.2011 08:25:26 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 04.04.2011 08:25:26 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 04.04.2011 08:25:35 | Computer Name = *** | Source = ipnathlp | ID = 30013

Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.100 deaktiviert,

 da  die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt,  von der

 die Adressen DHCP-Clients zu gewiesen werden. Ändern  Sie den Bereich, sodass die

 IP-Adresse mit einbezogen wird,  oder ändern Sie die IP-Adresse, sodass sie innerhalb

 dieses  Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.

 

Error - 04.04.2011 09:30:35 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 04.04.2011 09:30:35 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 04.04.2011 09:30:38 | Computer Name = *** | Source = ipnathlp | ID = 30013

Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.100 deaktiviert,

 da  die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt,  von der

 die Adressen DHCP-Clients zu gewiesen werden. Ändern  Sie den Bereich, sodass die

 IP-Adresse mit einbezogen wird,  oder ändern Sie die IP-Adresse, sodass sie innerhalb

 dieses  Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.

 

 

< End of report >

und:

Code:

OTL logfile created on: 04.04.2011 15:36:24 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme

Drive C: | 111,79 Gb Total Space | 61,57 Gb Free Space | 55,08% Space Free | Partition Type: NTFS

 

Computer Name: *** | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\WINXP\Samsung\PanelMgr\SSMMgr.exe ()

PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)

PRC - C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

PRC - C:\WINXP\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)

PRC - C:\WINXP\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)

PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)

PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)

PRC - C:\WINXP\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Razer\Diamondback 3G\razerhid.exe ()

PRC - C:\Programme\Razer\Diamondback 3G\razertra.exe ()

PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)

PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)

PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\Programme\Razer\Diamondback 3G\razerofa.exe (Razer Inc.)

PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)

PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)

PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINXP\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (KeenfinderSrch Service) --  File not found

SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)

SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (DVD-RAM_Service) -- C:\WINXP\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)

SRV - (AntiVirScheduler) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)

SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (vpnva) -- C:\WINXP\system32\drivers\vpnva.sys (Cisco Systems, Inc.)

DRV - (hamachi) -- C:\WINXP\system32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (cpudrv) -- C:\Programme\SystemRequirementsLab\cpudrv.sys ()

DRV - (tap0901) -- C:\WINXP\system32\drivers\tap0901.sys (The OpenVPN Project)

DRV - (avipbb) -- C:\WINXP\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)

DRV - (PnkBstrK) -- C:\WINXP\system32\drivers\PnkBstrK.sys ()

DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Programme\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)

DRV - (meiudf) -- C:\WINXP\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)

DRV - (sptd) -- C:\WINXP\System32\Drivers\sptd.sys ()

DRV - (nm) -- C:\WINXP\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (ssmdrv) -- C:\WINXP\system32\drivers\ssmdrv.sys (AVIRA GmbH)

DRV - (STHDA) -- C:\WINXP\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (LHidUsbK) -- C:\WINXP\system32\drivers\LHidUsbK.sys (Logitech, Inc.)

DRV - (w39n51) Intel(R) -- C:\WINXP\system32\drivers\w39n51.sys (Intel® Corporation)

DRV - (s24trans) -- C:\WINXP\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (HSF_DPV) -- C:\WINXP\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINXP\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINXP\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (vserial) -- C:\WINXP\system32\drivers\vserial.sys ()

DRV - (actser) -- C:\WINXP\system32\drivers\actser.sys (Siemens AG)

DRV - (vsbus) -- C:\WINXP\system32\drivers\vsb.sys ()

DRV - (Razerlow) -- C:\WINXP\system32\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)

DRV - (cdrbsdrv) -- C:\WINXP\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)

DRV - (SNC) -- C:\WINXP\system32\drivers\SonyNC.sys (Sony Corporation)

DRV - (DMICall) -- C:\WINXP\system32\drivers\DMICall.sys (Sony Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://shop.thefreevpn.com/home.php

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {7C82E17F-2758-4EA2-BDDD-F75EFA5F89C1}:1.9.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..network.proxy.type: 4

 

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Programme\Real\RealPlayer\browserrecord [2009.07.07 21:51:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{7C82E17F-2758-4EA2-BDDD-F75EFA5F89C1}: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{7C82E17F-2758-4EA2-BDDD-F75EFA5F89C1} [2011.02.28 23:08:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.23 02:00:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.25 16:06:27 | 000,000,000 | ---D | M]

 

[2008.12.10 00:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions

[2011.03.30 00:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\usxna8c1.default\extensions

[2011.03.22 19:53:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.03.01 00:32:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

File not found (No name found) -- 

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\USXNA8C1.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\USXNA8C1.DEFAULT\EXTENSIONS\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.XPI

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\USXNA8C1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\USXNA8C1.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI

[2011.02.28 23:08:34 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\{7C82E17F-2758-4EA2-BDDD-F75EFA5F89C1}

[2010.03.12 14:34:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011.03.23 01:59:54 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll

[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2011.03.23 01:59:57 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.03.23 01:59:57 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml

[2011.03.23 01:59:57 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.03.23 01:59:57 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.03.23 01:59:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.03.23 01:59:57 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()

O4 - HKLM..\Run: [(De)Coder Cleaner]  File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)

O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [Diamondback] C:\Programme\Razer\Diamondback 3G\razerhid.exe ()

O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer]  File not found

O4 - HKLM..\Run: [Mouse Suite 98 Daemon]  File not found

O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINXP\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINXP\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINXP\System32\nwiz.exe ()

O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Programme\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RemoteControl9] C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINXP\Samsung\PanelMgr\SSMMgr.exe ()

O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)

O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)

O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Javajdk.exe]  File not found

O4 - HKCU..\Run: [Steam] c:\programme\valve\steam\steam.exe (Valve Corporation)

O4 - HKCU..\Run: [Tjiwomukimup]  File not found

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\RAMASST.lnk = C:\WINXP\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINXP\sysid\sys.exe

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINXP\sysid\sys.exe

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.uni-marburg.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINXP\System32\VESWinlogon.dll (Sony Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.12.08 20:45:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{25bfd5c9-5908-11df-a9a2-0019d2137451}\Shell\AutoRun\command - "" = F:\

O33 - MountPoints2\{25bfd5c9-5908-11df-a9a2-0019d2137451}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM

O33 - MountPoints2\{8cd2da96-f17b-11de-a911-0019d2137451}\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe

O33 - MountPoints2\{970b91a8-f1cf-11dd-a79e-0019d2137451}\Shell\verb1\command - "" = desktop.exe

O33 - MountPoints2\{cf9e4cf1-6bd6-11de-a850-0019d2137451}\Shell\AutoRun\command - "" = F:\

O33 - MountPoints2\{cf9e4cf1-6bd6-11de-a850-0019d2137451}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.04.04 15:34:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2011.04.04 15:31:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\CyberLink PowerDVD 9

[2011.04.04 15:13:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

[2011.04.04 15:13:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbamswissarmy.sys

[2011.04.04 15:13:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2011.04.04 15:13:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011.04.04 15:12:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys

[2011.04.04 15:12:55 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.04.04 15:12:00 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup.exe

[2011.04.02 01:25:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AnwaltVerlag

[2011.04.02 01:22:37 | 000,000,000 | ---D | C] -- C:\Programme\Deutscher Anwaltverlag

[2011.04.02 01:21:43 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\WINXP\IsUn0407.exe

[2011.03.15 14:08:44 | 000,000,000 | ---D | C] -- C:\Programme\Walaber's Trampoline

[2011.03.14 17:16:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeReturner

[2011.03.14 17:16:09 | 000,000,000 | ---D | C] -- C:\Programme\Safe Returner

[2011.03.06 13:31:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\KwithOthers

[3 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]

[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.04.04 15:34:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2011.04.04 15:31:17 | 000,051,048 | ---- | M] () -- C:\WINXP\System32\nvapps.xml

[2011.04.04 15:30:44 | 000,001,044 | ---- | M] () -- C:\WINXP\tasks\Google Software Updater.job

[2011.04.04 15:30:29 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat

[2011.04.04 15:30:25 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys

[2011.04.04 15:13:05 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.04 15:12:32 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup.exe

[2011.04.04 12:18:55 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl

[2011.04.02 01:25:05 | 000,001,837 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BundesDeutscheGesetze.lnk

[2011.03.30 23:44:54 | 007,574,768 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\THE_9-11_COMMISSION_REPORT.pdf

[2011.03.30 22:45:00 | 000,245,716 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\johannes.pdf

[2011.03.30 09:02:27 | 000,452,548 | ---- | M] () -- C:\WINXP\System32\perfh007.dat

[2011.03.30 09:02:27 | 000,435,594 | ---- | M] () -- C:\WINXP\System32\perfh009.dat

[2011.03.30 09:02:27 | 000,081,522 | ---- | M] () -- C:\WINXP\System32\perfc007.dat

[2011.03.30 09:02:27 | 000,068,490 | ---- | M] () -- C:\WINXP\System32\perfc009.dat

[2011.03.28 17:46:47 | 000,688,449 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\StudienbescheinigungSS2011(2).jpg

[2011.03.25 16:06:27 | 000,001,705 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk

[2011.03.19 23:20:58 | 000,126,132 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\anstiftung ohne haupttat.pdf

[2011.03.15 01:41:10 | 005,641,216 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Domination_install_1.1.0.1.exe

[2011.03.09 18:33:31 | 000,088,021 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\pechloes.pdf

[2011.03.09 15:13:34 | 000,127,332 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\abwehrprovokation (notwehrhandlung).pdf

[2011.03.09 10:34:18 | 000,088,021 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\zu_Anstiftung der Körperverletzung etc.pdf

[2011.03.08 01:29:26 | 008,419,967 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\dissertationSLO.pdf

[2011.03.07 11:50:35 | 001,000,007 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\AufbauschemataStrafR-2004.pdf

[3 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]

[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.04.04 15:13:04 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.02 01:25:05 | 000,001,837 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BundesDeutscheGesetze.lnk

[2011.03.30 23:44:54 | 007,574,768 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\THE_9-11_COMMISSION_REPORT.pdf

[2011.03.30 22:45:00 | 000,245,716 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\johannes.pdf

[2011.03.28 17:45:31 | 000,688,449 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\StudienbescheinigungSS2011(2).jpg

[2011.03.19 23:20:58 | 000,126,132 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\anstiftung ohne haupttat.pdf

[2011.03.15 01:40:42 | 005,641,216 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Domination_install_1.1.0.1.exe

[2011.03.09 18:33:31 | 000,088,021 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\pechloes.pdf

[2011.03.09 15:13:34 | 000,127,332 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\abwehrprovokation (notwehrhandlung).pdf

[2011.03.09 10:34:18 | 000,088,021 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\zu_Anstiftung der Körperverletzung etc.pdf

[2011.03.08 01:29:26 | 008,419,967 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\dissertationSLO.pdf

[2011.03.07 11:50:35 | 001,000,007 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\AufbauschemataStrafR-2004.pdf

[2011.03.04 14:32:12 | 000,000,084 | ---- | C] () -- C:\WINXP\wininit.ini

[2011.02.28 23:08:36 | 000,000,120 | ---- | C] () -- C:\WINXP\Iheyujikap.dat

[2011.02.28 23:08:36 | 000,000,000 | ---- | C] () -- C:\WINXP\Ewewevopebasus.bin

[2011.02.17 17:36:36 | 000,000,082 | ---- | C] () -- C:\WINXP\mafosav.INI

[2011.01.06 16:59:40 | 000,000,484 | ---- | C] () -- C:\WINXP\eReg.dat

[2011.01.06 13:35:54 | 000,069,632 | R--- | C] () -- C:\WINXP\System32\xmltok.dll

[2011.01.06 13:35:54 | 000,036,864 | R--- | C] () -- C:\WINXP\System32\xmlparse.dll

[2010.10.28 01:30:53 | 000,000,425 | ---- | C] () -- C:\WINXP\BRWMARK.INI

[2010.10.28 01:28:16 | 000,000,050 | ---- | C] () -- C:\WINXP\System32\bridf08b.dat

[2010.10.28 01:24:35 | 000,031,864 | ---- | C] () -- C:\WINXP\maxlink.ini

[2010.06.11 14:11:34 | 000,482,408 | ---- | C] () -- C:\WINXP\ssndii.exe

[2010.06.11 14:09:37 | 000,022,723 | ---- | C] () -- C:\WINXP\System32\cl31cl3.dll

[2010.02.12 16:51:00 | 000,033,948 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SQLite3.dll

[2010.01.09 04:14:31 | 000,152,256 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2009.10.11 23:54:36 | 000,069,632 | ---- | C] () -- C:\WINXP\System32\GkSui18.EXE

[2009.10.11 23:54:36 | 000,020,480 | ---- | C] () -- C:\WINXP\System32\gksl_ger.dll

[2009.06.29 00:06:15 | 000,008,263 | ---- | C] () -- C:\WINXP\Easy-java.ini

[2009.04.17 23:55:25 | 000,061,236 | -H-- | C] () -- C:\WINXP\System32\mlfcache.dat

[2008.12.22 23:50:51 | 000,138,184 | ---- | C] () -- C:\WINXP\System32\drivers\PnkBstrK.sys

[2008.12.22 23:50:42 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PnkBstrK.sys

[2008.12.22 23:50:19 | 000,183,112 | ---- | C] () -- C:\WINXP\System32\PnkBstrB.exe

[2008.12.22 23:50:17 | 002,337,865 | ---- | C] () -- C:\WINXP\System32\pbsvc.exe

[2008.12.22 23:50:17 | 000,066,872 | ---- | C] () -- C:\WINXP\System32\PnkBstrA.exe

[2008.12.10 16:20:09 | 000,000,069 | ---- | C] () -- C:\WINXP\NeroDigital.ini

[2008.12.10 14:50:22 | 000,000,056 | -H-- | C] () -- C:\WINXP\System32\ezsidmv.dat

[2008.12.10 14:28:49 | 000,000,394 | ---- | C] () -- C:\WINXP\ODBC.INI

[2008.12.10 14:12:07 | 000,095,232 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.12.10 01:45:53 | 000,156,672 | ---- | C] () -- C:\WINXP\System32\RtlCPAPI.dll

[2008.12.10 01:45:53 | 000,040,960 | ---- | C] () -- C:\WINXP\System32\ChCfg.exe

[2008.12.10 00:41:56 | 000,000,000 | ---- | C] () -- C:\WINXP\nsreg.dat

[2008.12.08 20:56:34 | 000,001,324 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat

[2008.12.08 20:50:49 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat

[2008.12.08 20:42:08 | 000,021,740 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat

[2008.12.08 20:24:06 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI

[2008.12.08 20:22:30 | 001,576,976 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT

[2008.09.19 23:57:34 | 003,596,288 | ---- | C] () -- C:\WINXP\System32\qt-dx331.dll

[2008.09.19 23:54:18 | 000,012,288 | ---- | C] () -- C:\WINXP\System32\DivXWMPExtType.dll

[2008.04.14 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINXP\System32\oembios.bin

[2008.04.14 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINXP\System32\mlang.dat

[2008.04.14 13:00:00 | 000,452,548 | ---- | C] () -- C:\WINXP\System32\perfh007.dat

[2008.04.14 13:00:00 | 000,435,594 | ---- | C] () -- C:\WINXP\System32\perfh009.dat

[2008.04.14 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINXP\System32\perfi009.dat

[2008.04.14 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINXP\System32\perfi007.dat

[2008.04.14 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINXP\System32\dssec.dat

[2008.04.14 13:00:00 | 000,081,522 | ---- | C] () -- C:\WINXP\System32\perfc007.dat

[2008.04.14 13:00:00 | 000,068,490 | ---- | C] () -- C:\WINXP\System32\perfc009.dat

[2008.04.14 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINXP\System32\mib.bin

[2008.04.14 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINXP\System32\perfd007.dat

[2008.04.14 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINXP\System32\perfd009.dat

[2008.04.14 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINXP\System32\secupd.dat

[2008.04.14 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINXP\System32\oembios.dat

[2008.04.14 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINXP\System32\Dcache.bin

[2008.04.14 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINXP\System32\noise.dat

[2006.04.25 08:58:00 | 001,662,976 | ---- | C] () -- C:\WINXP\System32\nvwdmcpl.dll

[2006.04.25 08:58:00 | 001,519,616 | ---- | C] () -- C:\WINXP\System32\nwiz.exe

[2006.04.25 08:58:00 | 001,466,368 | ---- | C] () -- C:\WINXP\System32\nview.dll

[2006.04.25 08:58:00 | 001,339,392 | ---- | C] () -- C:\WINXP\System32\nvdspsch.exe

[2006.04.25 08:58:00 | 001,019,904 | ---- | C] () -- C:\WINXP\System32\nvwimg.dll

[2006.04.25 08:58:00 | 000,466,944 | ---- | C] () -- C:\WINXP\System32\nvshell.dll

[2006.04.25 08:58:00 | 000,442,368 | ---- | C] () -- C:\WINXP\System32\nvappbar.exe

[2006.04.25 08:58:00 | 000,425,984 | ---- | C] () -- C:\WINXP\System32\keystone.exe

[2006.04.25 08:58:00 | 000,098,304 | ---- | C] () -- C:\WINXP\System32\nvapi.dll

[2005.09.12 16:40:08 | 000,047,744 | ---- | C] () -- C:\WINXP\System32\drivers\vserial.sys

[2005.09.12 16:40:08 | 000,015,264 | ---- | C] () -- C:\WINXP\System32\drivers\vsb.sys

[2005.09.02 12:14:08 | 000,110,592 | ---- | C] () -- C:\WINXP\System32\TosBtAcc.dll

[2005.07.22 19:00:20 | 000,065,536 | ---- | C] () -- C:\WINXP\System32\TosCommAPI.dll

[2004.07.20 14:34:02 | 000,094,208 | ---- | C] () -- C:\WINXP\System32\TosBtHcrpAPI.dll

[2004.01.15 12:13:28 | 000,114,688 | ---- | C] () -- C:\WINXP\System32\TBTMonUI.dll

 
 ========== LOP Check ==========

 

[2009.07.06 00:32:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Altova

[2010.11.12 01:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco

[2011.01.22 16:27:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Phase6

[2010.01.04 12:59:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Power Soft

[2011.03.14 17:19:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeReturner

[2010.10.28 01:24:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft

[2009.04.25 01:29:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp

[2009.11.27 01:22:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrueCrypt

[2008.12.22 23:51:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft

[2010.09.17 01:43:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010.04.29 17:45:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Audacity

[2008.12.10 14:15:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools

[2009.04.07 22:42:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0

[2010.05.12 06:22:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ

[2009.04.27 17:06:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech

[2009.01.24 17:25:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OLYMPUS

[2010.03.12 14:41:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org

[2009.06.27 01:47:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PapDesigner

[2011.01.22 16:21:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Phase6

[2010.09.09 15:59:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WordToPDF

[2009.04.16 01:05:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\XCPCSync.OEM

 
 ========== Purity Check ==========

 

 
 

< End of report >

MfG, g3k0

Zitat:

Art des Suchlaufs: Quick-Scan

Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

erstmal vielen Dank für die Antwort und die Hilfe! :dankeschoen:

Zuvor als heute gibt es keinen Log, hatte zuvor noch nie eine Überprüfung mit Malwarebytes gemacht, da ich mit Spybot in Kombination mit AntiVir eigentlich immer gut gefahren bin.

Hier der Log vom Vollscan mit Malwarebytes:

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6269
 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702
 

04.04.2011 23:10:29

mbam-log-2011-04-04 (23-10-29).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Durchsuchte Objekte: 314768

Laufzeit: 1 Stunde(n), 9 Minute(n), 22 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 1
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\system volume information\_restore{a7002f22-9d33-492f-b1fd-41ddb251f4bc}\RP615\A0077975.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.12.08 20:45:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{25bfd5c9-5908-11df-a9a2-0019d2137451}\Shell\AutoRun\command - "" = F:\

O33 - MountPoints2\{25bfd5c9-5908-11df-a9a2-0019d2137451}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM

O33 - MountPoints2\{8cd2da96-f17b-11de-a911-0019d2137451}\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe

O33 - MountPoints2\{970b91a8-f1cf-11dd-a79e-0019d2137451}\Shell\verb1\command - "" = desktop.exe

O33 - MountPoints2\{cf9e4cf1-6bd6-11de-a850-0019d2137451}\Shell\AutoRun\command - "" = F:\

O33 - MountPoints2\{cf9e4cf1-6bd6-11de-a850-0019d2137451}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM

O4 - HKCU..\Run: [Javajdk.exe]  File not found

O4 - HKCU..\Run: [Tjiwomukimup]  File not found

O4 - HKLM..\Run: [(De)Coder Cleaner]  File not found

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

So, wie beschrieben ausgeführt. Nach dem Neustart kam die besagte Fehlermeldung nicht mehr, was für mich schon mal ein gutes Zeichen ist.
Wie sieht es mit dem System aus? Ist es jetzt Clean?
Vielen Dank schonmal für die Hilfe! :dankeschoen:

Hier noch das Log nach dem Neustart:

Code:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\AUTOEXEC.BAT moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25bfd5c9-5908-11df-a9a2-0019d2137451}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25bfd5c9-5908-11df-a9a2-0019d2137451}\ not found.

File F:\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25bfd5c9-5908-11df-a9a2-0019d2137451}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25bfd5c9-5908-11df-a9a2-0019d2137451}\ not found.

File rundll32.exe .\desktop.dll,InstallM not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd2da96-f17b-11de-a911-0019d2137451}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd2da96-f17b-11de-a911-0019d2137451}\ not found.

File wd_windows_tools\WDSetup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{970b91a8-f1cf-11dd-a79e-0019d2137451}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{970b91a8-f1cf-11dd-a79e-0019d2137451}\ not found.

File desktop.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf9e4cf1-6bd6-11de-a850-0019d2137451}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf9e4cf1-6bd6-11de-a850-0019d2137451}\ not found.

File F:\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf9e4cf1-6bd6-11de-a850-0019d2137451}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf9e4cf1-6bd6-11de-a850-0019d2137451}\ not found.

File rundll32.exe .\desktop.dll,InstallM not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Javajdk.exe deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Tjiwomukimup deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\(De)Coder Cleaner deleted successfully.

========== COMMANDS ==========

C:\WINXP\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41 bytes

 

User: Gast

->Temp folder emptied: 56920 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->FireFox cache emptied: 3325807 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->FireFox cache emptied: 1892900 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 627540 bytes

 

User: ***

->Temp folder emptied: 186461347 bytes

->Temporary Internet Files folder emptied: 51175349 bytes

->Java cache emptied: 14611272 bytes

->FireFox cache emptied: 54596062 bytes

->Flash cache emptied: 2123643 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2352202 bytes

%systemroot%\System32 .tmp files removed: 2951 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 18330 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 303,00 mb

 

 

OTL by OldTimer - Version 3.2.22.3 log created on 04052011_135219
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

okay, alles wie besagt ausgeführt.

hier der log:

Code:

ComboFix 11-04-04.02 - *** 05.04.2011  15:08:36.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1505 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\***\Anwendungsdaten\SQLite3.dll

c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{7C82E17F-2758-4EA2-BDDD-F75EFA5F89C1}

c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{7C82E17F-2758-4EA2-BDDD-F75EFA5F89C1}\chrome.manifest

c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{7C82E17F-2758-4EA2-BDDD-F75EFA5F89C1}\chrome\content\_cfg.js

c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{7C82E17F-2758-4EA2-BDDD-F75EFA5F89C1}\chrome\content\overlay.xul

c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{7C82E17F-2758-4EA2-BDDD-F75EFA5F89C1}\install.rdf

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-03-05 bis 2011-04-05  ))))))))))))))))))))))))))))))

.

.

2011-04-05 12:53 . 2011-04-05 12:53        --------        d-----w-        c:\programme\CCleaner

2011-04-05 11:52 . 2011-04-05 11:52        --------        d-----w-        C:\_OTL

2011-04-04 13:13 . 2011-04-04 13:13        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes

2011-04-04 13:13 . 2011-04-04 13:13        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2011-04-04 13:13 . 2010-12-20 16:09        38224        ----a-w-        c:\winxp\system32\drivers\mbamswissarmy.sys

2011-04-04 13:12 . 2011-04-04 13:13        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2011-04-04 13:12 . 2010-12-20 16:08        20952        ----a-w-        c:\winxp\system32\drivers\mbam.sys

2011-04-01 23:22 . 2011-04-01 23:22        --------        d-----w-        c:\programme\Deutscher Anwaltverlag

2011-04-01 23:21 . 1998-11-17 12:44        328704        ----a-w-        c:\winxp\IsUn0407.exe

2011-03-22 23:59 . 2011-03-22 23:59        781272        ----a-w-        c:\programme\Mozilla Firefox\mozsqlite3.dll

2011-03-22 23:59 . 2011-03-22 23:59        728024        ----a-w-        c:\programme\Mozilla Firefox\libGLESv2.dll

2011-03-22 23:59 . 2011-03-22 23:59        1874904        ----a-w-        c:\programme\Mozilla Firefox\mozjs.dll

2011-03-22 23:59 . 2011-03-22 23:59        15832        ----a-w-        c:\programme\Mozilla Firefox\mozalloc.dll

2011-03-22 23:59 . 2011-03-22 23:59        142296        ----a-w-        c:\programme\Mozilla Firefox\libEGL.dll

2011-03-22 23:59 . 2011-03-22 23:59        1975768        ----a-w-        c:\programme\Mozilla Firefox\D3DCompiler_42.dll

2011-03-22 23:59 . 2011-03-22 23:59        1893336        ----a-w-        c:\programme\Mozilla Firefox\d3dx9_42.dll

2011-03-22 23:59 . 2011-03-22 23:59        142296        ----a-w-        c:\programme\Mozilla Firefox\components\browsercomps.dll

2011-03-15 12:08 . 2011-03-15 12:24        --------        d-----w-        c:\programme\Walaber's Trampoline

2011-03-14 15:16 . 2011-03-14 15:19        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SafeReturner

2011-03-14 15:16 . 2011-03-14 15:20        --------        d-----w-        c:\programme\Safe Returner

2011-03-12 11:28 . 2011-03-12 11:28        103864        ----a-w-        c:\programme\Mozilla Firefox\plugins\nppdf32.dll

2011-03-12 11:28 . 2011-03-12 11:28        103864        ----a-w-        c:\programme\Internet Explorer\Plugins\nppdf32.dll

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-02 20:40 . 2011-02-28 22:32        472808        ----a-w-        c:\winxp\system32\deployJava1.dll

2011-02-02 18:19 . 2010-03-12 12:34        73728        ----a-w-        c:\winxp\system32\javacpl.cpl

2011-02-01 22:54 . 2011-02-01 22:54        8952        ----a-w-        c:\winxp\system32\vpncategories.dll

2011-02-01 22:53 . 2011-02-01 22:53        28920        ----a-w-        c:\winxp\system32\vpnevents.dll

2011-02-01 22:33 . 2011-02-01 22:33        19680        ----a-w-        c:\winxp\system32\drivers\vpnva.sys

2011-03-22 23:59 . 2011-03-22 23:59        142296        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

.

[-] 2008-07-08 . 451D0981F4CCA5697307AF90D799BDC3 . 1571840 . . [5.1.2600.5512] . . c:\winxp\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\programme\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]

"Steam"="c:\programme\valve\steam\steam.exe" [2010-11-17 1242448]

"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-03 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISBMgr.exe"="c:\programme\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"VAIOCameraUtility"="c:\programme\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]

"SonyPowerCfg"="c:\programme\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 217088]

"Switcher.exe"="c:\programme\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]

"NvCplDaemon"="c:\winxp\system32\NvCpl.dll" [2006-04-25 7573504]

"nwiz"="nwiz.exe" [2006-04-25 1519616]

"NvMediaCenter"="c:\winxp\system32\NvMcTray.dll" [2006-04-25 86016]

"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Diamondback"="c:\programme\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]

"RemoteControl9"="c:\programme\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]

"PDVD9LanguageShortcut"="c:\programme\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]

"BDRegion"="c:\programme\Cyberlink\Shared Files\brs.exe" [2009-03-30 75048]

"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2009-07-07 198160]

"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Samsung PanelMgr"="c:\winxp\Samsung\PanelMgr\SSMMgr.exe" [2009-08-28 606208]

"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-09-08 421888]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]

"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]

"PPort11reminder"="c:\programme\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\programme\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]

"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\winxp\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

.

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

RAMASST.lnk - c:\winxp\system32\RAMASST.exe [2008-12-10 155648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2006-03-09 10:21        73728        ----a-w-        c:\winxp\system32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Hamachi2Svc"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Messenger\\msmsgs.exe"=

"c:\\Programme\\ICQ6.5\\ICQ.exe"=

"c:\\WINXP\\system32\\PnkBstrA.exe"=

"c:\\WINXP\\system32\\PnkBstrB.exe"=

"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=

"c:\\WINXP\\system32\\javaw.exe"=

"c:\\Programme\\Real\\RealPlayer\\realplay.exe"=

"c:\\Programme\\Mozilla Firefox\\firefox.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\WINXP\\system32\\mmc.exe"=

"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Programme\\Valve\\Steam\\SteamApps\\g3k0677\\condition zero deleted scenes\\hl.exe"=

"c:\\Programme\\Valve\\Steam\\SteamApps\\g3k0677\\condition zero\\hl.exe"=

"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

"c:\\Programme\\iTunes\\iTunes.exe"=

"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programme\\Valve\\Steam\\SteamApps\\g3k0677\\counter-strike\\hl.exe"=

"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)

"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

"5353:TCP"= 5353:TCP:Adobe CSI CS4

.

R0 sptd;sptd;c:\winxp\system32\drivers\sptd.sys [10.12.2008 14:15 717296]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/25 01:31];c:\programme\CyberLink\PowerDVD9\000.fcl [30.03.2009 17:53 87536]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [02.02.2011 00:48 604408]

R3 Razerlow;Diamondback 3G USB Filter Driver;c:\winxp\system32\drivers\DB3G.sys [20.04.2009 16:32 13225]

S2 gupdate1c9e43c1254083c;Google Update Service (gupdate1c9e43c1254083c);c:\programme\Google\Update\GoogleUpdate.exe [03.06.2009 13:11 133104]

S2 KeenfinderSrch Service;KeenfinderSrch Service;"c:\dokumente und einstellungen\All Users\Anwendungsdaten\KeenfinderSrch\keenfinder137.exe" "c:\programme\KeenfinderSrch\keenfinder.dll" Service --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\KeenfinderSrch\keenfinder137.exe [?]

S2 SSPORT;SSPORT;\??\c:\winxp\system32\Drivers\SSPORT.sys --> c:\winxp\system32\Drivers\SSPORT.sys [?]

S3 cpudrv;cpudrv;c:\programme\SystemRequirementsLab\cpudrv.sys [18.12.2009 11:58 11336]

S3 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programme\LogMeIn Hamachi\hamachi-2.exe [06.12.2010 09:31 1238408]

S3 RegKernelHelp;RegKernelHelp;\??\c:\programme\Safe Returner\RegKernelHelp.sys --> c:\programme\Safe Returner\RegKernelHelp.sys [?]

.

Inhalt des "geplante Tasks" Ordners

.

2009-02-24 c:\winxp\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 08:04]

.

2011-04-05 c:\winxp\Tasks\Google Software Updater.job

- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-03 11:09]

.

2010-10-14 c:\winxp\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-03 11:11]

.

2010-10-14 c:\winxp\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-03 11:11]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://shop.thefreevpn.com/home.php

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.uni-marburg.de/CACHE/stc/1/binaries/vpnweb.cab

FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\usxna8c1.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de

FF - prefs.js: network.proxy.type - 4

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE

HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-04-05 15:12

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]

"ImagePath"="\??\c:\programme\CyberLink\PowerDVD9\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1614895754-1682526488-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6A1D73F2-5A86-F7E2-0D1F-0AF9F216E56A}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"eakdmilmhm"=hex:66,61,61,67,6c,67,66,6f,68,6c,70,67,00,31

"danebmjn"=hex:64,62,6f,63,63,6a,61,70,63,70,6f,66,67,6d,6b,6e,6d,69,6c,6c,64,

   6b,66,65,69,6e,69,66,70,66,6c,6a,6e,66,6b,65,61,66,6b,67,00,00

"iacdaflnhddfncebgo"=hex:69,61,61,63,65,68,69,62,67,6e,6c,67,64,6b,65,6b,6b,6b,

   00,00

"haibggaohmobjldk"=hex:69,61,61,63,65,68,69,62,67,6e,6c,67,64,6b,65,6b,6b,6b,

   00,00

.

[HKEY_USERS\S-1-5-21-1614895754-1682526488-1801674531-1003\Software\SecuROM\License information*]

"datasecu"=hex:ff,bc,a0,b0,32,2f,22,bd,2c,43,4e,9f,dd,a0,db,5e,9d,d0,dc,2b,01,

   b8,10,4f,f5,0d,46,81,f7,6a,f3,74,73,22,44,01,7e,a2,2f,ae,7a,54,e9,fb,66,ed,\

"rkeysecu"=hex:62,f0,35,c8,5b,6e,c1,55,5e,a4,a4,5b,81,dd,50,91

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"AB141C35E9F4BF344B9FC010BB17F68A"=""

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(772)

c:\winxp\system32\VESWinlogon.dll

.

Zeit der Fertigstellung: 2011-04-05  15:15:13

ComboFix-quarantined-files.txt  2011-04-05 13:15

.

Vor Suchlauf: 11 Verzeichnis(se), 67.009.175.552 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 66.960.281.600 Bytes frei

.

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINXP

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 5BCF3F4FDBEDFB75C0A0F95A137E341A

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Regnull::

[HKEY_USERS\S-1-5-21-1614895754-1682526488-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6A1D73F2-5A86-F7E2-0D1F-0AF9F216E56A}*]

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Und zwar:
Nach dem Neustart, zu welchem er mich nicht gefragt hat sondern automatisch ausgeführt hat, hat er mir die Fehlermeldung gegeben, dass ein "schwerwiegendes Problem behoben wurde und das System jetzt wieder ausgeführt wird", oder so ähnlich. Da habe ich dann natürlich auf "Nicht senden" geklickt.
Wo befindet sich denn das Log welches du von mir haben willst? Es wurde nach dem Neustart auf jeden Fall keins automatisch geöffnet und auf dem Desktop befindet es sich auch nicht.
Ich hoffe ich hab nichts falsch gemacht? :eek:

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Kaspersky-Tool wurde wie beschrieben ausgeführt. Rechner wurde nicht neu gestartet.
Er hatte einen Fund gemacht, wo ich auf "Continue" geklickt habe. War das richtig so?

Hier der Log:

Code:

2011/04/05 18:50:29.0671 0728        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/05 18:50:30.0140 0728        ================================================================================

2011/04/05 18:50:30.0140 0728        SystemInfo:

2011/04/05 18:50:30.0140 0728        

2011/04/05 18:50:30.0140 0728        OS Version: 5.1.2600 ServicePack: 3.0

2011/04/05 18:50:30.0140 0728        Product type: Workstation

2011/04/05 18:50:30.0140 0728        ComputerName: ***

2011/04/05 18:50:30.0140 0728        UserName: ***

2011/04/05 18:50:30.0140 0728        Windows directory: C:\WINXP

2011/04/05 18:50:30.0140 0728        System windows directory: C:\WINXP

2011/04/05 18:50:30.0140 0728        Processor architecture: Intel x86

2011/04/05 18:50:30.0140 0728        Number of processors: 2

2011/04/05 18:50:30.0140 0728        Page size: 0x1000

2011/04/05 18:50:30.0140 0728        Boot type: Normal boot

2011/04/05 18:50:30.0140 0728        ================================================================================

2011/04/05 18:50:30.0765 0728        Initialize success

2011/04/05 18:50:35.0812 0352        ================================================================================

2011/04/05 18:50:35.0812 0352        Scan started

2011/04/05 18:50:35.0812 0352        Mode: Manual; 

2011/04/05 18:50:35.0812 0352        ================================================================================

2011/04/05 18:50:38.0062 0352        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINXP\system32\DRIVERS\ACPI.sys

2011/04/05 18:50:38.0109 0352        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINXP\system32\DRIVERS\ACPIEC.sys

2011/04/05 18:50:38.0156 0352        actser          (6463d1db354b13e6ced4d67f6e4910f4) C:\WINXP\system32\drivers\actser.sys

2011/04/05 18:50:38.0218 0352        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINXP\system32\drivers\aec.sys

2011/04/05 18:50:38.0265 0352        AegisP          (12dafd934641dcf61e446313bc261ec2) C:\WINXP\system32\DRIVERS\AegisP.sys

2011/04/05 18:50:38.0312 0352        AFD             (4d43e74f2a1239d53929b82600f1971c) C:\WINXP\System32\drivers\afd.sys

2011/04/05 18:50:38.0531 0352        Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINXP\system32\DRIVERS\arp1394.sys

2011/04/05 18:50:38.0625 0352        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINXP\system32\DRIVERS\asyncmac.sys

2011/04/05 18:50:38.0687 0352        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINXP\system32\DRIVERS\atapi.sys

2011/04/05 18:50:38.0734 0352        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINXP\system32\DRIVERS\atmarpc.sys

2011/04/05 18:50:38.0765 0352        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINXP\system32\DRIVERS\audstub.sys

2011/04/05 18:50:38.0843 0352        avgio           (87828ecd657f81503465ac705e845076) C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys

2011/04/05 18:50:38.0875 0352        avgntflt        (fcb30820bed1d3feb55e3dd55a3f947f) C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys

2011/04/05 18:50:39.0000 0352        avipbb          (0b09df022250fb7ba91fb932eac6ea9b) C:\WINXP\system32\DRIVERS\avipbb.sys

2011/04/05 18:50:39.0031 0352        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINXP\system32\drivers\Beep.sys

2011/04/05 18:50:39.0093 0352        BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINXP\system32\DRIVERS\BrScnUsb.sys

2011/04/05 18:50:39.0203 0352        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINXP\system32\drivers\cbidf2k.sys

2011/04/05 18:50:39.0250 0352        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINXP\system32\DRIVERS\CCDECODE.sys

2011/04/05 18:50:39.0406 0352        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINXP\system32\drivers\Cdaudio.sys

2011/04/05 18:50:39.0453 0352        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINXP\system32\drivers\Cdfs.sys

2011/04/05 18:50:39.0500 0352        cdrbsdrv        (351735695e9ead93de6af85d8beb1ca8) C:\WINXP\system32\drivers\cdrbsdrv.sys

2011/04/05 18:50:39.0531 0352        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINXP\system32\DRIVERS\cdrom.sys

2011/04/05 18:50:39.0578 0352        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINXP\system32\DRIVERS\CmBatt.sys

2011/04/05 18:50:39.0609 0352        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINXP\system32\DRIVERS\compbatt.sys

2011/04/05 18:50:39.0718 0352        cpudrv          (d01f685f8b4598d144b0cce9ff95d8d5) C:\Programme\SystemRequirementsLab\cpudrv.sys

2011/04/05 18:50:39.0906 0352        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINXP\system32\DRIVERS\disk.sys

2011/04/05 18:50:39.0968 0352        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINXP\system32\drivers\dmboot.sys

2011/04/05 18:50:40.0031 0352        DMICall         (526192bf7696f72e29777bf4a180513a) C:\WINXP\system32\DRIVERS\DMICall.sys

2011/04/05 18:50:40.0078 0352        dmio            (53720ab12b48719d00e327da470a619a) C:\WINXP\system32\drivers\dmio.sys

2011/04/05 18:50:40.0109 0352        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINXP\system32\drivers\dmload.sys

2011/04/05 18:50:40.0156 0352        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINXP\system32\drivers\DMusic.sys

2011/04/05 18:50:40.0296 0352        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINXP\system32\drivers\drmkaud.sys

2011/04/05 18:50:40.0375 0352        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINXP\system32\drivers\Fastfat.sys

2011/04/05 18:50:40.0390 0352        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINXP\system32\drivers\Fdc.sys

2011/04/05 18:50:40.0421 0352        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINXP\system32\drivers\Fips.sys

2011/04/05 18:50:40.0437 0352        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINXP\system32\drivers\Flpydisk.sys

2011/04/05 18:50:40.0468 0352        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINXP\system32\DRIVERS\fltMgr.sys

2011/04/05 18:50:40.0515 0352        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINXP\system32\drivers\Fs_Rec.sys

2011/04/05 18:50:40.0578 0352        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINXP\system32\DRIVERS\ftdisk.sys

2011/04/05 18:50:40.0609 0352        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINXP\system32\DRIVERS\GEARAspiWDM.sys

2011/04/05 18:50:40.0671 0352        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINXP\system32\DRIVERS\msgpc.sys

2011/04/05 18:50:40.0750 0352        hamachi         (833051c6c6c42117191935f734cfbd97) C:\WINXP\system32\DRIVERS\hamachi.sys

2011/04/05 18:50:40.0828 0352        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINXP\system32\DRIVERS\HDAudBus.sys

2011/04/05 18:50:40.0890 0352        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINXP\system32\DRIVERS\hidusb.sys

2011/04/05 18:50:40.0953 0352        HSFHWAZL        (acc46dda7fece95a253ae88cea172e12) C:\WINXP\system32\DRIVERS\HSFHWAZL.sys

2011/04/05 18:50:41.0093 0352        HSF_DPV         (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINXP\system32\DRIVERS\HSF_DPV.sys

2011/04/05 18:50:41.0234 0352        HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINXP\system32\Drivers\HTTP.sys

2011/04/05 18:50:41.0328 0352        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINXP\system32\DRIVERS\i8042prt.sys

2011/04/05 18:50:41.0343 0352        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINXP\system32\DRIVERS\imapi.sys

2011/04/05 18:50:41.0406 0352        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINXP\system32\DRIVERS\intelppm.sys

2011/04/05 18:50:41.0437 0352        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINXP\system32\DRIVERS\Ip6Fw.sys

2011/04/05 18:50:41.0531 0352        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINXP\system32\DRIVERS\ipfltdrv.sys

2011/04/05 18:50:41.0562 0352        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINXP\system32\DRIVERS\ipinip.sys

2011/04/05 18:50:41.0656 0352        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINXP\system32\DRIVERS\ipnat.sys

2011/04/05 18:50:41.0703 0352        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINXP\system32\DRIVERS\ipsec.sys

2011/04/05 18:50:41.0734 0352        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINXP\system32\DRIVERS\irenum.sys

2011/04/05 18:50:41.0781 0352        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINXP\system32\DRIVERS\isapnp.sys

2011/04/05 18:50:41.0812 0352        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINXP\system32\DRIVERS\kbdclass.sys

2011/04/05 18:50:41.0921 0352        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINXP\system32\DRIVERS\kbdhid.sys

2011/04/05 18:50:41.0968 0352        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINXP\system32\drivers\kmixer.sys

2011/04/05 18:50:42.0046 0352        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINXP\system32\drivers\KSecDD.sys

2011/04/05 18:50:42.0125 0352        LHidUsbK        (6d3730e50f5dc7ae22843a0fa6176d41) C:\WINXP\system32\Drivers\LHidUsbK.Sys

2011/04/05 18:50:42.0187 0352        mdmxsdk         (e246a32c445056996074a397da56e815) C:\WINXP\system32\DRIVERS\mdmxsdk.sys

2011/04/05 18:50:42.0234 0352        meiudf          (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINXP\system32\Drivers\meiudf.sys

2011/04/05 18:50:42.0343 0352        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINXP\system32\drivers\mnmdd.sys

2011/04/05 18:50:42.0390 0352        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINXP\system32\drivers\Modem.sys

2011/04/05 18:50:42.0468 0352        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINXP\system32\DRIVERS\mouclass.sys

2011/04/05 18:50:42.0484 0352        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINXP\system32\DRIVERS\mouhid.sys

2011/04/05 18:50:42.0500 0352        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINXP\system32\drivers\MountMgr.sys

2011/04/05 18:50:42.0546 0352        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINXP\system32\DRIVERS\mrxdav.sys

2011/04/05 18:50:42.0609 0352        MRxSmb          (d09b9f0b9960dd41e73127b7814c115f) C:\WINXP\system32\DRIVERS\mrxsmb.sys

2011/04/05 18:50:42.0640 0352        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINXP\system32\drivers\Msfs.sys

2011/04/05 18:50:42.0687 0352        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINXP\system32\drivers\MSKSSRV.sys

2011/04/05 18:50:42.0765 0352        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINXP\system32\drivers\MSPCLOCK.sys

2011/04/05 18:50:42.0937 0352        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINXP\system32\drivers\MSPQM.sys

2011/04/05 18:50:43.0125 0352        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINXP\system32\DRIVERS\mssmbios.sys

2011/04/05 18:50:43.0156 0352        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINXP\system32\drivers\MSTEE.sys

2011/04/05 18:50:43.0187 0352        Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINXP\system32\drivers\Mup.sys

2011/04/05 18:50:43.0218 0352        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINXP\system32\DRIVERS\NABTSFEC.sys

2011/04/05 18:50:43.0296 0352        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINXP\system32\drivers\NDIS.sys

2011/04/05 18:50:43.0328 0352        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINXP\system32\DRIVERS\NdisIP.sys

2011/04/05 18:50:43.0359 0352        NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINXP\system32\DRIVERS\ndistapi.sys

2011/04/05 18:50:43.0406 0352        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINXP\system32\DRIVERS\ndisuio.sys

2011/04/05 18:50:43.0484 0352        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINXP\system32\DRIVERS\ndiswan.sys

2011/04/05 18:50:43.0500 0352        NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINXP\system32\drivers\NDProxy.sys

2011/04/05 18:50:43.0515 0352        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINXP\system32\DRIVERS\netbios.sys

2011/04/05 18:50:43.0562 0352        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINXP\system32\DRIVERS\netbt.sys

2011/04/05 18:50:43.0656 0352        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINXP\system32\DRIVERS\nic1394.sys

2011/04/05 18:50:43.0687 0352        nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINXP\system32\DRIVERS\NMnt.sys

2011/04/05 18:50:43.0703 0352        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINXP\system32\drivers\Npfs.sys

2011/04/05 18:50:43.0750 0352        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINXP\system32\drivers\Ntfs.sys

2011/04/05 18:50:43.0796 0352        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINXP\system32\drivers\Null.sys

2011/04/05 18:50:43.0968 0352        nv              (ab1fd9eb3f2295527954d6538648bd2d) C:\WINXP\system32\DRIVERS\nv4_mini.sys

2011/04/05 18:50:44.0156 0352        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINXP\system32\DRIVERS\nwlnkflt.sys

2011/04/05 18:50:44.0171 0352        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINXP\system32\DRIVERS\nwlnkfwd.sys

2011/04/05 18:50:44.0203 0352        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINXP\system32\DRIVERS\ohci1394.sys

2011/04/05 18:50:44.0265 0352        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINXP\system32\drivers\Parport.sys

2011/04/05 18:50:44.0296 0352        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINXP\system32\drivers\PartMgr.sys

2011/04/05 18:50:44.0343 0352        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINXP\system32\drivers\ParVdm.sys

2011/04/05 18:50:44.0375 0352        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINXP\system32\DRIVERS\pci.sys

2011/04/05 18:50:44.0421 0352        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINXP\system32\DRIVERS\pciide.sys

2011/04/05 18:50:44.0437 0352        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINXP\system32\DRIVERS\pcmcia.sys

2011/04/05 18:50:44.0609 0352        PnkBstrK        (580c066b3fd4fb6096243cbb8a2e0cc2) C:\WINXP\system32\drivers\PnkBstrK.sys

2011/04/05 18:50:44.0687 0352        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINXP\system32\DRIVERS\raspptp.sys

2011/04/05 18:50:44.0703 0352        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINXP\system32\DRIVERS\psched.sys

2011/04/05 18:50:44.0781 0352        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINXP\system32\DRIVERS\ptilink.sys

2011/04/05 18:50:44.0828 0352        PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINXP\system32\Drivers\PxHelp20.sys

2011/04/05 18:50:44.0921 0352        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINXP\system32\DRIVERS\rasacd.sys

2011/04/05 18:50:44.0968 0352        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINXP\system32\DRIVERS\rasl2tp.sys

2011/04/05 18:50:44.0984 0352        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINXP\system32\DRIVERS\raspppoe.sys

2011/04/05 18:50:45.0000 0352        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINXP\system32\DRIVERS\raspti.sys

2011/04/05 18:50:45.0046 0352        Razerlow        (116c340acf37602d12cac6de6b8107cd) C:\WINXP\system32\Drivers\DB3G.sys

2011/04/05 18:50:45.0078 0352        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINXP\system32\DRIVERS\rdbss.sys

2011/04/05 18:50:45.0093 0352        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINXP\system32\DRIVERS\RDPCDD.sys

2011/04/05 18:50:45.0171 0352        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINXP\system32\DRIVERS\rdpdr.sys

2011/04/05 18:50:45.0218 0352        RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINXP\system32\drivers\RDPWD.sys

2011/04/05 18:50:45.0281 0352        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINXP\system32\DRIVERS\redbook.sys

2011/04/05 18:50:45.0421 0352        s24trans        (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINXP\system32\DRIVERS\s24trans.sys

2011/04/05 18:50:45.0468 0352        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINXP\system32\DRIVERS\secdrv.sys

2011/04/05 18:50:45.0500 0352        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINXP\system32\drivers\Serial.sys

2011/04/05 18:50:45.0546 0352        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINXP\system32\drivers\Sfloppy.sys

2011/04/05 18:50:45.0656 0352        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINXP\system32\DRIVERS\SLIP.sys

2011/04/05 18:50:45.0703 0352        SNC             (1a992c8136c015453e82041c35b299da) C:\WINXP\system32\DRIVERS\SonyNC.sys

2011/04/05 18:50:45.0796 0352        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINXP\system32\drivers\splitter.sys

2011/04/05 18:50:45.0890 0352        sptd            (71e276f6d189413266ea22171806597b) C:\WINXP\system32\Drivers\sptd.sys

2011/04/05 18:50:45.0890 0352        Suspicious file (NoAccess): C:\WINXP\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b

2011/04/05 18:50:45.0890 0352        sptd - detected Locked file (1)

2011/04/05 18:50:45.0921 0352        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINXP\system32\DRIVERS\sr.sys

2011/04/05 18:50:45.0968 0352        Srv             (422e4508508015c7d12f40bf9763f158) C:\WINXP\system32\DRIVERS\srv.sys

2011/04/05 18:50:46.0046 0352        ssmdrv          (71d609c5dff067906d930bde031c4cfe) C:\WINXP\system32\DRIVERS\ssmdrv.sys

2011/04/05 18:50:46.0171 0352        STHDA           (784b73bd9d1c0fba6ca96e8976f4b0e6) C:\WINXP\system32\drivers\sthda.sys

2011/04/05 18:50:46.0343 0352        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINXP\system32\DRIVERS\StreamIP.sys

2011/04/05 18:50:46.0421 0352        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINXP\system32\DRIVERS\swenum.sys

2011/04/05 18:50:46.0453 0352        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINXP\system32\drivers\swmidi.sys

2011/04/05 18:50:46.0578 0352        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINXP\system32\drivers\sysaudio.sys

2011/04/05 18:50:46.0640 0352        tap0901         (2e644070f2240cca9775a6b79cae62cd) C:\WINXP\system32\DRIVERS\tap0901.sys

2011/04/05 18:50:46.0687 0352        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINXP\system32\DRIVERS\tcpip.sys

2011/04/05 18:50:46.0718 0352        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINXP\system32\drivers\TDPIPE.sys

2011/04/05 18:50:46.0812 0352        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINXP\system32\drivers\TDTCP.sys

2011/04/05 18:50:46.0859 0352        TermDD          (88155247177638048422893737429d9e) C:\WINXP\system32\DRIVERS\termdd.sys

2011/04/05 18:50:46.0968 0352        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINXP\system32\drivers\Udfs.sys

2011/04/05 18:50:47.0046 0352        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINXP\system32\DRIVERS\update.sys

2011/04/05 18:50:47.0093 0352        USBAAPL         (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINXP\system32\Drivers\usbaapl.sys

2011/04/05 18:50:47.0187 0352        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINXP\system32\DRIVERS\usbccgp.sys

2011/04/05 18:50:47.0218 0352        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINXP\system32\DRIVERS\usbehci.sys

2011/04/05 18:50:47.0265 0352        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINXP\system32\DRIVERS\usbhub.sys

2011/04/05 18:50:47.0312 0352        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINXP\system32\DRIVERS\usbprint.sys

2011/04/05 18:50:47.0359 0352        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINXP\system32\DRIVERS\USBSTOR.SYS

2011/04/05 18:50:47.0375 0352        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINXP\system32\DRIVERS\usbuhci.sys

2011/04/05 18:50:47.0421 0352        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINXP\system32\Drivers\usbvideo.sys

2011/04/05 18:50:47.0468 0352        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINXP\System32\drivers\vga.sys

2011/04/05 18:50:47.0562 0352        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINXP\system32\drivers\VolSnap.sys

2011/04/05 18:50:47.0609 0352        vpnva           (1b7c80c66742dafaa31f98af4c3a5bc2) C:\WINXP\system32\DRIVERS\vpnva.sys

2011/04/05 18:50:47.0703 0352        vsbus           (1c8a783e90c34d205596f1ab4a97e261) C:\WINXP\system32\DRIVERS\vsb.sys

2011/04/05 18:50:47.0765 0352        vserial         (3377daa1cb8cac46a538c236f5f3d58f) C:\WINXP\system32\DRIVERS\vserial.sys

2011/04/05 18:50:47.0875 0352        w39n51          (b1f126e7e28877106d60e6ff3998d033) C:\WINXP\system32\DRIVERS\w39n51.sys

2011/04/05 18:50:48.0000 0352        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINXP\system32\DRIVERS\wanarp.sys

2011/04/05 18:50:48.0062 0352        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINXP\system32\drivers\wdmaud.sys

2011/04/05 18:50:48.0171 0352        winachsf        (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINXP\system32\DRIVERS\HSF_CNXT.sys

2011/04/05 18:50:48.0265 0352        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINXP\system32\DRIVERS\wpdusb.sys

2011/04/05 18:50:48.0312 0352        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINXP\system32\DRIVERS\WSTCODEC.SYS

2011/04/05 18:50:48.0375 0352        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINXP\system32\DRIVERS\WudfPf.sys

2011/04/05 18:50:48.0468 0352        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINXP\system32\DRIVERS\wudfrd.sys

2011/04/05 18:50:48.0562 0352        {B154377D-700F-42cc-9474-23858FBDF4BD} (556b5cfe8d21b256add7f87d7f4b4123) C:\Programme\CyberLink\PowerDVD9\000.fcl

2011/04/05 18:50:48.0734 0352        ================================================================================

2011/04/05 18:50:48.0734 0352        Scan finished

2011/04/05 18:50:48.0734 0352        ================================================================================

2011/04/05 18:50:48.0750 1620        Detected object count: 1

2011/04/05 18:51:02.0187 1620        Locked file(sptd) - User select action: Skip

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

So, endlich.. GMER hat etwaslange gedauert, etwa 4 Stunden. Ich hoffe, dass das nichts ungewöhnliches ist!

Hier der GMER Log:

Code:

GMER 1.0.15.15570 - hxxp://www.gmer.net

Rootkit scan 2011-04-06 01:51:48

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e FUJITSU_MHW2120BH rev.00000012

Running: 2rs9k0f3.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\uwlyapob.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT      spno.sys                                                                                                             ZwCreateKey [0xB9EA80E0]

SSDT      BA79D15C                                                                                                             ZwCreateThread

SSDT      spno.sys                                                                                                             ZwEnumerateKey [0xB9EC6CA2]

SSDT      spno.sys                                                                                                             ZwEnumerateValueKey [0xB9EC7030]

SSDT      spno.sys                                                                                                             ZwOpenKey [0xB9EA80C0]

SSDT      BA79D148                                                                                                             ZwOpenProcess

SSDT      BA79D14D                                                                                                             ZwOpenThread

SSDT      spno.sys                                                                                                             ZwQueryKey [0xB9EC7108]

SSDT      spno.sys                                                                                                             ZwQueryValueKey [0xB9EC6F88]

SSDT      spno.sys                                                                                                             ZwSetValueKey [0xB9EC719A]

SSDT      BA79D157                                                                                                             ZwTerminateProcess

SSDT      BA79D152                                                                                                             ZwWriteVirtualMemory
 

INT 0x62  ?                                                                                                                    89DE1BF8

INT 0x63  ?                                                                                                                    89C1ABF8

INT 0x73  ?                                                                                                                    89C1ABF8

INT 0x83  ?                                                                                                                    89C1ABF8

INT 0x84  ?                                                                                                                    89C1ABF8

INT 0xA4  ?                                                                                                                    89DE1BF8
 

---- Kernel code sections - GMER 1.0.15 ----
 

?         spno.sys                                                                                                             Das System kann die angegebene Datei nicht finden. !

.text     C:\WINXP\system32\DRIVERS\nv4_mini.sys                                                                               section is writeable [0xB9184360, 0x221C0D, 0xE8000020]

.text     USBPORT.SYS!DllUnload                                                                                                B8FDF8AC 5 Bytes  JMP 89C1A1D8 

.text     aa1cuha9.SYS                                                                                                         B8F6D386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]

.text     aa1cuha9.SYS                                                                                                         B8F6D3AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]

.text     aa1cuha9.SYS                                                                                                         B8F6D3C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}

.text     aa1cuha9.SYS                                                                                                         B8F6D3C9 1 Byte  [2E]

.text     aa1cuha9.SYS                                                                                                         B8F6D3C9 11 Bytes  [2E, 00, 00, 00, 5A, 02, 00, ...]

.text     ...                                                                                                                  

.text     C:\Programme\CyberLink\PowerDVD9\000.fcl                                                                             section is writeable [0xB48A0000, 0x2892, 0xE8000020]

.vmp2     C:\Programme\CyberLink\PowerDVD9\000.fcl                                                                             entry point in ".vmp2" section [0xB48C3050]
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT       atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                   [B9EA9040] spno.sys

IAT       atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                           [B9EA913C] spno.sys

IAT       atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [B9EA90BE] spno.sys

IAT       atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [B9EA97FC] spno.sys

IAT       atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [B9EA96D2] spno.sys

IAT       \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                   [B9EB9048] spno.sys

IAT       \SystemRoot\System32\Drivers\aa1cuha9.SYS[HAL.dll!KfAcquireSpinLock]                                                 C0840CEC

IAT       \SystemRoot\System32\Drivers\aa1cuha9.SYS[HAL.dll!READ_PORT_UCHAR]                                                   053C0D74

IAT       \SystemRoot\System32\Drivers\aa1cuha9.SYS[HAL.dll!KeGetCurrentIrql]                                                  57B80974

IAT       \SystemRoot\System32\Drivers\aa1cuha9.SYS[HAL.dll!KfRaiseIrql]                                                       8B000000

IAT       \SystemRoot\System32\Drivers\aa1cuha9.SYS[HAL.dll!KfLowerIrql]                                                       56C35DE5

IAT       \SystemRoot\System32\Drivers\aa1cuha9.SYS[HAL.dll!HalGetInterruptVector]                                             8D08758B

IAT       \SystemRoot\System32\Drivers\aa1cuha9.SYS[HAL.dll!HalTranslateBusAddress]                                            8D51FC4D

IAT       \SystemRoot\System32\Drivers\aa1cuha9.SYS[HAL.dll!KeStallExecutionProcessor]                                         8D52FD55

IAT       \SystemRoot\System32\Drivers\aa1cuha9.SYS[HAL.dll!KfReleaseSpinLock]                                                 8D51FE4D

IAT       \SystemRoot\System32\Drivers\aa1cuha9.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                           8D52FF55

IAT       \SystemRoot\System32\Drivers\aa1cuha9.SYS[HAL.dll!READ_PORT_USHORT]                                                  8D51F84D

IAT       \SystemRoot\System32\Drivers\aa1cuha9.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                          5052F455

IAT       \SystemRoot\System32\Drivers\aa1cuha9.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                  EACAE856

IAT       \SystemRoot\System32\Drivers\aa1cuha9.SYS[WMILIB.SYS!WmiSystemControl]                                               0FC08520

IAT       \SystemRoot\System32\Drivers\aa1cuha9.SYS[WMILIB.SYS!WmiCompleteRequest]                                             0001B185
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT       C:\WINXP\explorer.exe[3112] @ C:\WINXP\explorer.exe [KERNEL32.dll!GetProcAddress]                                    [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT       C:\WINXP\explorer.exe[3112] @ C:\WINXP\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                           [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT       C:\WINXP\explorer.exe[3112] @ C:\WINXP\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                             [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT       C:\WINXP\explorer.exe[3112] @ C:\WINXP\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT       C:\WINXP\explorer.exe[3112] @ C:\WINXP\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                              [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT       C:\WINXP\explorer.exe[3112] @ C:\WINXP\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                             [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT       C:\WINXP\explorer.exe[3112] @ C:\WINXP\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]                             [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT       C:\WINXP\explorer.exe[3112] @ C:\WINXP\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                              [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT       C:\WINXP\explorer.exe[3112] @ C:\WINXP\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT       C:\WINXP\explorer.exe[3112] @ C:\WINXP\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT       C:\WINXP\explorer.exe[3112] @ C:\WINXP\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]                           [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT       C:\WINXP\explorer.exe[3112] @ C:\WINXP\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT       C:\WINXP\explorer.exe[3112] @ C:\WINXP\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT       C:\WINXP\explorer.exe[3112] @ C:\WINXP\system32\USERENV.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT       C:\WINXP\explorer.exe[3112] @ C:\WINXP\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress]                           [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT       C:\WINXP\explorer.exe[3112] @ C:\WINXP\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]                             [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

IAT       C:\WINXP\explorer.exe[3112] @ C:\WINXP\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress]                            [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

Device    \FileSystem\Ntfs \Ntfs                                                                                               89DE01F8

Device    \FileSystem\Udfs \UdfsCdRom                                                                                          89B4D500

Device    \FileSystem\Udfs \UdfsDisk                                                                                           89B4D500

Device    \Driver\PCI_PNP2402 \Device\00000051                                                                                 spno.sys

Device    \Driver\usbuhci \Device\USBPDO-0                                                                                     89C19500

Device    \Driver\usbuhci \Device\USBPDO-1                                                                                     89C19500

Device    \Driver\usbehci \Device\USBPDO-2                                                                                     89BEB1F8

Device    \Driver\usbuhci \Device\USBPDO-3                                                                                     89C19500

Device    \Driver\usbuhci \Device\USBPDO-4                                                                                     89C19500

Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                               89E501F8

Device    \Driver\Cdrom \Device\CdRom0                                                                                         89BB31F8

Device    \Driver\atapi \Device\Ide\IdePort0                                                                                   [B9E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          [B9E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\atapi \Device\Ide\IdePort1                                                                                   [B9E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\atapi \Device\Ide\IdePort2                                                                                   [B9E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                          [B9E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device    \Driver\Cdrom \Device\CdRom1                                                                                         89BB31F8

Device    \Driver\Cdrom \Device\CdRom2                                                                                         89BB31F8

Device    \Driver\sptd \Device\2105454902                                                                                      spno.sys

Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                              891471F8

Device    \Driver\NetBT \Device\NetbiosSmb                                                                                     891471F8

Device    \Driver\usbuhci \Device\USBFDO-0                                                                                     89C19500

Device    \Driver\usbuhci \Device\USBFDO-1                                                                                     89C19500

Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    8911F1F8

Device    \Driver\usbuhci \Device\USBFDO-2                                                                                     89C19500

Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          8911F1F8

Device    \Driver\usbuhci \Device\USBFDO-3                                                                                     89C19500

Device    \Driver\Ftdisk \Device\FtControl                                                                                     89E501F8

Device    \Driver\usbehci \Device\USBFDO-4                                                                                     89BEB1F8

Device    \Driver\aa1cuha9 \Device\Scsi\aa1cuha91Port3Path0Target0Lun0                                                         89BA51F8

Device    \Driver\aa1cuha9 \Device\Scsi\aa1cuha91Port3Path0Target1Lun0                                                         89BA51F8

Device    \Driver\aa1cuha9 \Device\Scsi\aa1cuha91                                                                              89BA51F8

Device    \FileSystem\Cdfs \Cdfs                                                                                               89BCB500
 

---- Registry - GMER 1.0.15 ----
 

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   1

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0xF1 0x96 0xD7 0x8F ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x04 0x8A 0xB1 0x50 ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x7B 0x54 0xA3 0x17 ...

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                      

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0xFC 0xA4 0x70 0xA7 ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xF1 0x96 0xD7 0x8F ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x04 0x8A 0xB1 0x50 ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x7B 0x54 0xA3 0x17 ...

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  

Reg       HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0xFC 0xA4 0x70 0xA7 ...

Reg       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout                                   15

Reg       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota                                      10000

Reg       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler                                                    yes

Reg       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk                                                   

Reg       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout                                   90

Reg       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota                                     10000

Reg       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs                                  1
 

---- EOF - GMER 1.0.15 ----

der OSAM-Log:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 02:15:38 on 06.04.2011
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 4.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"ALSndMgr.Cpl" - "Realtek Semiconductor Corp." - C:\WINXP\system32\ALSndMgr.Cpl

"diamondback.cpl" - "Razer Inc." - C:\WINXP\system32\diamondback.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINXP\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINXP\system32\javacpl.cpl

"LocalCOM.cpl" - "東芝公司" - C:\WINXP\system32\LocalCOM.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINXP\system32\nvcpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINXP\system32\nvtuicpl.cpl

"RTSndMgr.Cpl" - "Realtek Semiconductor Corp." - C:\WINXP\system32\RTSndMgr.Cpl

"stac97.cpl" - "SigmaTel, Inc." - C:\WINXP\system32\stac97.cpl

"VCCenter.cpl" - "Sony Corporation" - C:\WINXP\system32\VCCenter.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"aa1cuha9" (aa1cuha9) - "Microsoft Corporation" - C:\WINXP\system32\drivers\aa1cuha9.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"actser" (actser) - "Siemens AG" - C:\WINXP\System32\drivers\actser.sys

"AEGIS Protocol (IEEE 802.1x) v3.4.9.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINXP\System32\DRIVERS\AegisP.sys

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINXP\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\DOKUME~1\Pascal\LOKALE~1\Temp\catchme.sys  (File not found)

"cdrbsdrv" (cdrbsdrv) - "B.H.A Corporation" - C:\WINXP\system32\drivers\cdrbsdrv.sys

"Changer" (Changer) - ? - C:\WINXP\system32\drivers\Changer.sys  (File not found)

"cpudrv" (cpudrv) - ? - C:\Programme\SystemRequirementsLab\cpudrv.sys  (File found, but it contains no detailed information)

"DgiVecp" (DgiVecp) - ? - C:\WINXP\system32\Drivers\DgiVecp.sys  (File not found)

"ELTIMA Virtual Serial Ports Driver" (vserial) - "ELTIMA Software" - C:\WINXP\System32\DRIVERS\vserial.sys

"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINXP\System32\DRIVERS\hamachi.sys

"i2omgmt" (i2omgmt) - ? - C:\WINXP\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINXP\system32\drivers\lbrtfdc.sys  (File not found)

"Logitech SetPoint Mouse Filter Driver" (LMouKE) - ? - C:\WINXP\System32\DRIVERS\LMouKE.Sys  (File not found)

"Logitech SetPoint USB Receiver device driver" (LHidUsbK) - "Logitech, Inc." - C:\WINXP\System32\Drivers\LHidUsbK.Sys

"meiudf" (meiudf) - "Matsushita Electric Industrial Co.,Ltd." - C:\WINXP\System32\Drivers\meiudf.sys

"nv" (nv) - "NVIDIA Corporation" - C:\WINXP\System32\DRIVERS\nv4_mini.sys

"PCIDump" (PCIDump) - ? - C:\WINXP\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINXP\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINXP\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINXP\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINXP\system32\drivers\PDRFRAME.sys  (File not found)

"PnkBstrK" (PnkBstrK) - ? - C:\WINXP\system32\drivers\PnkBstrK.sys  (File found, but it contains no detailed information)

"Power Control [2009/04/25 01:31:49]" ({B154377D-700F-42cc-9474-23858FBDF4BD}) - ? - C:\Programme\CyberLink\PowerDVD9\000.fcl

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINXP\System32\Drivers\PxHelp20.sys

"RegKernelHelp" (RegKernelHelp) - ? - C:\Programme\Safe Returner\RegKernelHelp.sys  (File not found)

"Siemens Mobile Phone" (susbser) - ? - C:\WINXP\System32\DRIVERS\susbser.sys  (File not found)

"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINXP\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"ssmdrv" (ssmdrv) - "AVIRA GmbH" - C:\WINXP\System32\DRIVERS\ssmdrv.sys

"SSPORT" (SSPORT) - ? - C:\WINXP\system32\Drivers\SSPORT.sys  (File not found)

"TAP-Win32 Adapter V9" (tap0901) - "The OpenVPN Project" - C:\WINXP\System32\DRIVERS\tap0901.sys

"uwlyapob" (uwlyapob) - ? - C:\DOKUME~1\***\LOKALE~1\Temp\uwlyapob.sys  (Hidden registry entry, rootkit activity | File not found)

"Virtual Serial Bus Enumerator" (vsbus) - "ELTIMA Software" - C:\WINXP\System32\DRIVERS\vsb.sys

"WDICA" (WDICA) - ? - C:\WINXP\system32\drivers\WDICA.sys  (File not found)

"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINXP\System32\DRIVERS\s24trans.sys
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINXP\system32\Rundll32.exe c:\WINXP\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{83D96563-DB11-42DF-92F9-32CE7BA54ED8} "Altova Shortcut Drop Handler" - "Altova GmbH" - C:\WINXP\system32\LinkDropHandler.dll

{EE75AC21-B24F-11d3-BA80-00C0CA16AA37} "BenQ-Siemens Device" - ? -   (File not found | COM-object registry key not found)

{EE75AC22-B24F-11d3-BA80-00C0CA16AA37} "BenQ-Siemens Device ContextMenuHandler" - ? -   (File not found | COM-object registry key not found)

{EE75AC23-B24F-11d3-BA80-00C0CA16AA37} "BenQ-Siemens Device PropertySheetHandlers" - ? -   (File not found | COM-object registry key not found)

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINXP\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINXP\system32\nvshell.dll

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINXP\system32\nvcpl.dll

{8BE13461-936F-11D1-A87D-444553540000} "Eraser Shell Extension" - "-" - C:\WINXP\System32\erasext.dll

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll

{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINXP\system32\nvcpl.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINXP\system32\nvshell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL

{DF00DBF0-2C54-4564-838B-11B50DB0B2DD} "ReaConverter Shell Extension" - ? -   (File not found | COM-object registry key not found)

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINXP\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINXP\system32\dfshim.dll

{ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Programme\Sony\VAIO Power Management\SPMPanel.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

{45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINXP\System32\XPSSHHDR.DLL

{44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINXP\System32\XPSSHHDR.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "DAEMON Tools Toolbar" - ? - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{55963676-2F5E-4BAF-AC28-CF26AA587566} "Cisco AnyConnect VPN Client Web Control" - "Cisco Systems, Inc." - C:\WINXP\system32\vpnweb.ocx / https://vpn.uni-marburg.de/CACHE/stc/1/binaries/vpnweb.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINXP\system32\Macromed\Flash\Flash10a.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe

"PartyPoker.com" - ? - C:\Programme\PartyGaming\PartyPoker\RunApp.exe  (File not found)

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "DAEMON Tools Toolbar" - ? - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"RAMASST.lnk" - "Matsushita Electric Industrial Co., Ltd." - C:\WINXP\system32\RAMASST.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"

"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun

"MsnMsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background

"Steam" - "Valve Corporation" - "c:\programme\valve\steam\steam.exe" -silent

"swg" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

"BDRegion" - "cyberlink" - C:\Programme\Cyberlink\Shared Files\brs.exe

"BrMfcWnd" - "Brother Industries, Ltd." - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

"ControlCenter3" - "Brother Industries, Ltd." - C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun

"Diamondback" - ? - C:\Programme\Razer\Diamondback 3G\razerhid.exe

"GrooveMonitor" - "Microsoft Corporation" - "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"

"IndexSearch" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe"

"ISBMgr.exe" - "Sony Corporation" - C:\Programme\Sony\ISB Utility\ISBMgr.exe

"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"

"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup

"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit

"nwiz" - "NVIDIA Corporation" - nwiz.exe /install

"PaperPort PTD" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe"

"PDVD9LanguageShortcut" - "CyberLink Corp." - C:\Programme\CyberLink\PowerDVD9\Language\Language.exe

"PPort11reminder" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime

"RemoteControl9" - "CyberLink Corp." - C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe

"Samsung PanelMgr" - ? - C:\WINXP\Samsung\PanelMgr\SSMMgr.exe /autorun

"SonyPowerCfg" - "Sony Corporation" - "C:\Programme\Sony\VAIO Power Management\SPMgr.exe"

"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

"Switcher.exe" - "Sony Corporation" - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe

"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot

"VAIOCameraUtility" - "Sony Corporation" - "C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINXP\system32\msonpmon.dll

"Toshiba Bluetooth Monitor" - "Toshiba America Business Solutions, Inc." - C:\WINXP\system32\tbtmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Automatische Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll  (File not found)

"Avira AntiVir Personal - Free Antivirus Planer" (AntiVirScheduler) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe

"Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe

"DVD-RAM_Service" (DVD-RAM_Service) - "Matsushita Electric Industrial Co., Ltd." - C:\WINXP\system32\DVDRAMSV.exe

"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate1c9e43c1254083c)" (gupdate1c9e43c1254083c) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe

"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe

"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"KeenfinderSrch Service" (KeenfinderSrch Service) - ? - "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KeenfinderSrch\keenfinder137.exe" "C:\Programme\KeenfinderSrch\keenfinder.dll" Service  (File not found)

"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Programme\LogMeIn Hamachi\hamachi-2.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE

"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe

"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe

"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINXP\system32\nvsvc32.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"PEVSystemStart" (PEVSystemStart) - ? - C:\cofi12475c\PEV.cfxxe  (File found, but it contains no detailed information)

"PnkBstrB" (PnkBstrB) - ? - C:\WINXP\system32\PnkBstrB.exe  (File found, but it contains no detailed information)

"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Programme\Sony\VAIO Event Service\VESMgr.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
 

[Winlogon]

-----( HKCU\Control Panel\Desktop )-----

"SCRNSAVE.EXE" - "ScreenTime Media" - C:\WINXP\system32\Analogy.scr

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"VESWinlogon" - "Sony Corporation" - C:\WINXP\system32\VESWinlogon.dll

"WgaLogon" - "Microsoft Corporation" - C:\WINXP\system32\WgaLogon.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

der MBRCheck-Log:

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows XP Professional

Windows Information:                Service Pack 3 (build 2600)

Logical Drives Mask:                0x0000005c
 

Kernel Drivers (total 138):

  0x804D7000 \WINXP\system32\ntkrnlpa.exe

  0x806E5000 \WINXP\system32\hal.dll

  0xBA5A8000 \WINXP\system32\KDCOM.DLL

  0xBA4B8000 \WINXP\system32\BOOTVID.dll

  0xB9EA7000 spno.sys

  0xBA5AA000 \WINXP\System32\Drivers\WMILIB.SYS

  0xB9E8F000 \WINXP\System32\Drivers\SCSIPORT.SYS

  0xB9E60000 ACPI.sys

  0xB9E4F000 pci.sys

  0xBA0A8000 ohci1394.sys

  0xBA0B8000 \WINXP\system32\DRIVERS\1394BUS.SYS

  0xBA0C8000 isapnp.sys

  0xBA4BC000 compbatt.sys

  0xBA4C0000 \WINXP\system32\DRIVERS\BATTC.SYS

  0xBA670000 pciide.sys

  0xBA328000 \WINXP\system32\DRIVERS\PCIIDEX.SYS

  0xB9E31000 pcmcia.sys

  0xBA0D8000 MountMgr.sys

  0xB9E12000 ftdisk.sys

  0xBA4C4000 ACPIEC.sys

  0xBA671000 \WINXP\system32\DRIVERS\OPRGHDLR.SYS

  0xBA330000 PartMgr.sys

  0xBA0E8000 VolSnap.sys

  0xB9DFA000 atapi.sys

  0xBA0F8000 disk.sys

  0xBA108000 \WINXP\system32\DRIVERS\CLASSPNP.SYS

  0xB9DDA000 fltMgr.sys

  0xB9DC8000 sr.sys

  0xBA118000 PxHelp20.sys

  0xB9DB1000 KSecDD.sys

  0xB9D9E000 WudfPf.sys

  0xB9D11000 Ntfs.sys

  0xB9CE4000 NDIS.sys

  0xB9CCA000 Mup.sys

  0xBA258000 \SystemRoot\system32\DRIVERS\intelppm.sys

  0xBA59C000 \SystemRoot\system32\DRIVERS\CmBatt.sys

  0xB9184000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

  0xB9170000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

  0xB9148000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0xBA3D0000 \SystemRoot\system32\DRIVERS\usbuhci.sys

  0xB8FC7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0xBA3D8000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0xBA268000 \SystemRoot\system32\DRIVERS\nic1394.sys

  0xBA3E0000 \SystemRoot\system32\DRIVERS\SonyNC.sys

  0xBA278000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0xBA3E8000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0xBA3F0000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0xBA288000 \SystemRoot\system32\DRIVERS\imapi.sys

  0xB9C9E000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS

  0xBA298000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0xBA2A8000 \SystemRoot\system32\DRIVERS\redbook.sys

  0xB8FA4000 \SystemRoot\system32\DRIVERS\ks.sys

  0xBA3F8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

  0xB8F6D000 \SystemRoot\System32\Drivers\aa1cuha9.SYS

  0xBA6E6000 \SystemRoot\system32\DRIVERS\audstub.sys

  0xBA2B8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0xB9C8A000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0xB8F56000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0xBA2C8000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0xBA2D8000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0xBA460000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0xB8F45000 \SystemRoot\system32\DRIVERS\psched.sys

  0xBA2E8000 \SystemRoot\system32\DRIVERS\msgpc.sys

  0xBA468000 \SystemRoot\system32\DRIVERS\ptilink.sys

  0xBA470000 \SystemRoot\system32\DRIVERS\raspti.sys

  0xB8EED000 \SystemRoot\system32\DRIVERS\rdpdr.sys

  0xBA2F8000 \SystemRoot\system32\DRIVERS\termdd.sys

  0xBA5CE000 \SystemRoot\system32\DRIVERS\swenum.sys

  0xB8E8F000 \SystemRoot\system32\DRIVERS\update.sys

  0xB98C7000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0xBA318000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0xB6BD1000 \SystemRoot\system32\drivers\sthda.sys

  0xB6BAF000 \SystemRoot\system32\drivers\portcls.sys

  0xBA138000 \SystemRoot\system32\drivers\drmk.sys

  0xB6B7D000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys

  0xB6A89000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys

  0xB69D8000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

  0xBA480000 \SystemRoot\System32\Drivers\Modem.SYS

  0xBA148000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0xBA5D4000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0xBA5D6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

  0xBA7B9000 \SystemRoot\System32\Drivers\Null.SYS

  0xBA5D8000 \SystemRoot\System32\Drivers\Beep.SYS

  0xBA4A0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0xBA4A8000 \SystemRoot\System32\drivers\vga.sys

  0xBA5DA000 \SystemRoot\System32\Drivers\mnmdd.SYS

  0xBA5DC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0xB699F000 \SystemRoot\System32\Drivers\meiudf.sys

  0xB698E000 \SystemRoot\System32\Drivers\Udfs.SYS

  0xBA4B0000 \SystemRoot\System32\Drivers\Msfs.SYS

  0xBA340000 \SystemRoot\System32\Drivers\Npfs.SYS

  0xBA57C000 \SystemRoot\system32\DRIVERS\rasacd.sys

  0xB697B000 \SystemRoot\system32\DRIVERS\ipsec.sys

  0xB6922000 \SystemRoot\system32\DRIVERS\tcpip.sys

  0xB68D2000 \SystemRoot\system32\DRIVERS\netbt.sys

  0xB68AC000 \SystemRoot\system32\DRIVERS\ipnat.sys

  0xB688A000 \SystemRoot\System32\drivers\afd.sys

  0xB9593000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0xB9583000 \SystemRoot\system32\DRIVERS\netbios.sys

  0xBA348000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

  0xB685F000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0xB9573000 \SystemRoot\system32\DRIVERS\arp1394.sys

  0xB67EF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0xB9563000 \SystemRoot\System32\Drivers\Fips.SYS

  0xBA7ED000 \SystemRoot\system32\DRIVERS\DMICall.sys

  0xB67DE000 \SystemRoot\system32\DRIVERS\avipbb.sys

  0xBA5E0000 \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys

  0xBA370000 \SystemRoot\system32\DRIVERS\usbccgp.sys

  0xB8F41000 \SystemRoot\System32\Drivers\DB3G.sys

  0xB8F3D000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0xB9543000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0xB8F39000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0xB67C0000 \SystemRoot\System32\Drivers\usbvideo.sys

  0xB8F31000 \SystemRoot\system32\DRIVERS\kbdhid.sys

  0xB6780000 \SystemRoot\System32\Drivers\dump_atapi.sys

  0xBA5F0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

  0xBF800000 \SystemRoot\System32\win32k.sys

  0xBA578000 \SystemRoot\System32\drivers\Dxapi.sys

  0xBA390000 \SystemRoot\System32\watchdog.sys

  0xBF000000 \SystemRoot\System32\drivers\dxg.sys

  0xBA707000 \SystemRoot\System32\drivers\dxgthk.sys

  0xBF012000 \SystemRoot\System32\nv4_disp.dll

  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

  0xBA418000 \SystemRoot\system32\DRIVERS\AegisP.sys

  0xB5873000 \SystemRoot\system32\DRIVERS\s24trans.sys

  0xB584B000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0xB4D0A000 \SystemRoot\system32\DRIVERS\mrxdav.sys

  0xB4C3E000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

  0xB4AD3000 \SystemRoot\system32\DRIVERS\srv.sys

  0xB489F000 \??\C:\Programme\CyberLink\PowerDVD9\000.fcl

  0xB46FA000 \SystemRoot\system32\drivers\wdmaud.sys

  0xB485F000 \SystemRoot\system32\drivers\sysaudio.sys

  0xB481F000 \SystemRoot\System32\Drivers\Cdfs.SYS

  0xB457B000 \SystemRoot\System32\Drivers\HTTP.sys

  0x8A100000 \??\C:\DOKUME~1\***\LOKALE~1\Temp\uwlyapob.sys

  0x8A1F2000 \SystemRoot\system32\DRIVERS\w39n51.sys

  0x7C910000 \WINXP\system32\ntdll.dll

  0x10000000 \Programme\DAEMON Tools Lite\daemon.dll
 

Processes (total 56):

       0 System Idle Process

       4 System

     692 C:\WINXP\system32\smss.exe

     740 csrss.exe

     772 C:\WINXP\system32\winlogon.exe

     816 C:\WINXP\system32\services.exe

     836 C:\WINXP\system32\lsass.exe

    1000 C:\WINXP\system32\svchost.exe

    1076 svchost.exe

    1116 C:\WINXP\system32\svchost.exe

    1156 C:\WINXP\system32\svchost.exe

    1208 C:\Programme\Intel\Wireless\Bin\EvtEng.exe

    1244 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

    1304 svchost.exe

    1376 svchost.exe

    1388 C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

    1760 C:\WINXP\system32\spoolsv.exe

    1816 C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe

    1864 svchost.exe

    2008 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    2020 C:\Programme\Bonjour\mDNSResponder.exe

    2044 C:\WINXP\system32\DVDRAMSV.exe

     504 C:\Programme\Java\jre6\bin\jqs.exe

     584 C:\WINXP\system32\nvsvc32.exe

     624 C:\Programme\Google\Update\GoogleUpdate.exe

    1052 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe

    1476 C:\WINXP\system32\svchost.exe

    1640 C:\Programme\Sony\VAIO Event Service\VESMgr.exe

    2880 alg.exe

    3696 C:\WINXP\system32\svchost.exe

    3832 C:\WINXP\system32\wbem\wmiapsrv.exe

    3776 C:\Programme\Sony\ISB Utility\ISBMgr.exe

    3812 C:\Programme\Sony\VAIO Power Management\SPMgr.exe

    3820 C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe

     200 C:\WINXP\system32\rundll32.exe

    1316 C:\Programme\Razer\Diamondback 3G\razerhid.exe

    1192 C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe

    1616 C:\Programme\CyberLink\Shared Files\brs.exe

    1988 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

    2108 C:\WINXP\Samsung\PanelMgr\SSMMgr.exe

    2128 C:\Programme\iTunes\iTunesHelper.exe

    2248 C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

    2376 C:\Programme\ScanSoft\PaperPort\pptd40nt.exe

    2456 C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe

    2492 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

    2556 C:\Programme\Brother\Brmfcmon\BrMfcMon.exe

    1880 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe

    1496 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe

    2908 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe

    2968 C:\Programme\Razer\Diamondback 3G\razertra.exe

    3092 C:\WINXP\system32\RAMASST.exe

    3208 C:\Programme\Razer\Diamondback 3G\razerofa.exe

    3944 C:\Programme\iPod\bin\iPodService.exe

    2648 C:\WINXP\system32\ctfmon.exe

    3112 C:\WINXP\explorer.exe

    3584 C:\Dokumente und Einstellungen\***\Desktop\MBRCheck.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
 

PhysicalDrive0 Model Number: FUJITSUMHW2120BH, Rev: 00000012
 

      Size  Device Name          MBR Status

  --------------------------------------------

    111 GB  \\.\PhysicalDrive0   Windows XP MBR code detected

            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
 
 

Done!

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hier die beiden Logs:

Malwarebytes:

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6285
 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702
 

06.04.2011 14:22:56

mbam-log-2011-04-06 (14-22-56).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Durchsuchte Objekte: 310506

Laufzeit: 1 Stunde(n), 3 Minute(n), 59 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

SUPERAntiSpyware:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 04/06/2011 at 04:29 PM
 

Application Version : 4.50.1002
 

Core Rules Database Version : 6760

Trace Rules Database Version: 4572
 

Scan type       : Complete Scan

Total Scan Time : 01:57:19
 

Memory items scanned      : 634

Memory threats detected   : 0

Registry items scanned    : 8064

Registry threats detected : 0

File items scanned        : 146507

File threats detected     : 7
 

Adware.Tracking Cookie

        C:\Dokumente und Einstellungen\***\Cookies\***@atdmt.combing[2].txt

        C:\Dokumente und Einstellungen\***\Cookies\***@adtech[1].txt
 

Trojan.Agent/Gen-Cryptor[Egun]

        C:\PROGRAMME\FUNKTION V1.18\FUNKTION.EXE

        C:\DOKUMENTE UND EINSTELLUNGEN\***\EIGENE DATEIEN\SCHULE\MATHE\FUNKTION.EXE.LNK

        C:\DOKUMENTE UND EINSTELLUNGEN\***\STARTMENü\PROGRAMME\FUNKTION\FUNKTION.EXE.LNK

        C:\PROGRAMME\FUNKTION V1.18\FUNKTION-07.EXE
 

NotAThreat.EICAR[TestFile]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\LOKALE EINSTELLUNGEN\TEMP\AV-TEST.TXT