|
Log-Analyse und Auswertung: System Check Malware entfernt, aber immer noch ProblemeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.02.2012, 20:04 | #16 |
| System Check Malware entfernt, aber immer noch Probleme Hallo Arne, erst einmal vielen Dank für deine Bemühungen und das Bearbeiten der ganzen Logs. Ich finde es klasse, wir Ihr Euer Wissen und Eure Zeit für uns zur Verfügung stellt. Hier nun das Log: Code:
ATTFilter ComboFix 12-02-08.01 - tmondelli 09.02.2012 19:29:55.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2039.1304 [GMT 1:00] ausgeführt von:: c:\dokumente und einstellungen\tmondelli.NB-001\Desktop\Tahoma.exe Benutzte Befehlsschalter :: c:\dokumente und einstellungen\tmondelli.NB-001\Desktop\CFScript.txt AV: G DATA AVK Client *Enabled/Outdated* {71310606-6F3B-49F2-9A81-8315AA75FBB3} AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP c:\windows\TEMP\logishrd\LVPrcInj01.dll . . ((((((((((((((((((((((( Dateien erstellt von 2012-01-09 bis 2012-02-09 )))))))))))))))))))))))))))))) . . 2012-02-09 11:05 . 2012-01-05 19:19 6557240 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{8A2714AE-C847-4906-B4B7-A19421E474BA}\mpengine.dll 2012-02-07 15:48 . 2012-02-07 15:48 -------- d-----w- c:\programme\ESET 2012-02-07 14:04 . 2012-02-07 14:04 -------- d-----w- C:\ProcAlyzer Dumps 2012-02-06 12:55 . 2012-02-06 12:55 -------- d-----w- c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Simply Super Software 2012-02-06 12:26 . 2012-02-06 12:26 -------- d-----w- c:\programme\Gemeinsame Dateien\Java 2012-02-06 12:24 . 2012-02-06 12:21 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-02-06 10:49 . 2012-02-06 10:49 388096 ----a-r- c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-06 10:49 . 2012-02-06 10:49 -------- d-----w- c:\programme\Trend Micro 2012-02-04 17:25 . 2012-02-04 17:25 -------- d-----w- c:\programme\SmartTools 2012-02-03 13:41 . 2012-02-03 13:41 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} 2012-02-03 13:31 . 2012-01-05 19:19 6557240 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-03 13:14 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2012-02-03 13:03 . 2012-02-03 15:14 -------- d-----w- c:\programme\Spyware Terminator 2012-02-03 12:41 . 2012-02-03 12:41 -------- d-----w- c:\windows\Logs 2012-02-03 12:37 . 2012-02-03 12:37 -------- d-----w- c:\dokumente und einstellungen\tmondelli.NB-001\Lokale Einstellungen\Anwendungsdaten\PackageAware 2012-02-03 11:53 . 1998-06-23 23:00 407104 ----a-w- c:\windows\system32\MSHFLXGD.OCX 2012-02-03 11:19 . 2002-06-02 15:29 73216 ----a-w- c:\windows\system32\SYNSOACC.dll 2012-02-03 11:19 . 2002-02-13 12:23 598016 ----a-w- c:\windows\system32\SYNSOPOS.exe 2012-02-03 11:19 . 2001-04-09 19:03 17784 ----a-w- c:\windows\system32\drivers\NSynas32.sys 2012-02-03 11:05 . 2012-02-03 13:33 -------- d-----w- C:\ArCon 2012-02-03 10:20 . 2012-02-03 10:20 -------- d-----w- c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Malwarebytes 2012-02-03 10:19 . 2012-02-03 10:19 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2012-02-03 10:19 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-03 10:19 . 2012-02-03 10:19 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2012-02-03 07:09 . 2012-02-09 10:33 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2012-02-03 07:06 . 2009-01-25 12:14 15224 ----a-w- c:\windows\system32\sdnclean.exe 2012-02-03 07:06 . 2012-02-03 11:50 -------- d-----w- c:\programme\Spybot - Search & Destroy 2 2012-02-03 05:30 . 2012-02-03 05:30 -------- d-----w- c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\IObit 2012-02-03 05:30 . 2012-02-03 05:30 -------- d-----w- c:\programme\IObit 2012-02-02 20:50 . 2012-02-02 20:50 8192 --sha-w- c:\windows\o2cLicStore.bin 2012-02-02 20:49 . 2012-02-02 20:49 1115704 ----a-w- c:\windows\system32\O2CPlayer.OCX 2012-02-02 20:48 . 2012-02-02 20:48 -------- d-----w- c:\programme\directx 2012-02-02 20:43 . 2012-02-02 20:43 -------- d-----w- c:\windows\mbgruppe 2012-02-02 20:43 . 1995-09-24 11:02 243472 ------w- c:\windows\system32\vbar2232.dll 2012-02-02 20:43 . 1996-01-12 00:00 722192 ------w- c:\windows\system32\VB40032.DLL 2012-02-02 20:43 . 1995-09-20 16:16 23824 ------w- c:\windows\system32\msjter32.dll 2012-02-02 20:43 . 1995-09-20 16:13 977680 ------w- c:\windows\system32\msjt3032.dll 2012-02-02 20:43 . 1995-09-20 16:16 35088 ------w- c:\windows\system32\msjint32.dll 2012-02-02 20:43 . 1996-12-02 18:44 582144 ------w- c:\windows\system32\dao350.dll 2012-02-02 20:42 . 2012-02-03 12:33 -------- d-----w- C:\3DBauGarten 2012-02-02 18:28 . 2012-02-02 18:28 -------- d-----w- c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\InstallShield 2012-02-02 13:25 . 2012-02-02 13:25 -------- d-----w- c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\ElevatedDiagnostics 2012-02-02 12:46 . 2012-01-26 23:21 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-02 12:43 . 2012-02-02 12:45 -------- d-----w- c:\programme\Microsoft Security Client 2012-02-01 23:02 . 2012-02-01 23:02 -------- d--h--w- c:\windows\msdownld.tmp 2012-02-01 22:57 . 2012-02-01 22:59 -------- dc-h--w- c:\windows\ie8 2012-02-01 13:32 . 2012-02-01 13:32 97961 ----a-w- c:\windows\system32\drivers\klick.dat 2012-02-01 13:32 . 2012-02-01 13:32 115369 ----a-w- c:\windows\system32\drivers\klin.dat 2012-02-01 13:29 . 2012-02-09 18:45 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab 2012-02-01 13:29 . 2012-02-01 13:29 -------- d-----w- c:\programme\Kaspersky Lab 2012-02-01 13:23 . 2012-02-01 13:24 -------- d-----w- C:\kleaner.tmp 2012-02-01 09:31 . 2012-02-01 09:31 -------- d-----r- c:\dokumente und einstellungen\NetworkService\Favoriten 2012-02-01 08:48 . 2012-02-01 08:48 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe 2012-01-28 10:40 . 2012-01-28 10:40 -------- d-----w- c:\programme\Lame For Audacity 2012-01-23 19:51 . 2012-01-23 19:51 -------- d-----w- c:\programme\iPod 2012-01-17 15:01 . 2012-01-28 17:04 -------- d-----w- c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Audacity . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-06 12:21 . 2011-02-28 16:44 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-12-05 12:31 . 2011-06-06 13:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-29 18:57 . 2011-11-29 18:57 29184 ----a-r- c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Microsoft\Installer\{106F886B-A874-43DF-BCC4-01DB57E1F3C6}\IconTmpl5.26D6FF13_F77C_402E_8E96_9E49DFBBAF31.exe 2011-11-25 21:57 . 2004-08-04 10:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 14:40 . 2004-08-04 10:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 06:12 . 2004-08-04 10:00 61952 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:21 . 2004-08-04 10:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:21 . 2004-08-04 10:00 152064 ----a-w- c:\windows\system32\schannel.dll 2012-02-02 23:04 . 2011-04-30 19:32 134104 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . . --- c:\windows\system32\drivers\NSynas32.sys --- Company: Syncrosoft Hard- und Software GmbH File Description: Internet Protection Hardware Driver File Version: 1.108 Product Name: Internet Protection Hardware Driver Copyright: © Syncrosoft Hard- und Software GmbH 1999 Original Filename: NSynas32.sys File size: 17784 Created time: 2012-02-03 11:19 Modified time: 2001-04-09 19:03 MD5: 4B4A21E158C039EE0888741BFE1D24E0 SHA1: C58404C9C59D851C1239AFF58F45A70F952E8ABE . ---- Directory of c:\windows\mbgruppe ---- . 2012-02-02 20:43 . 2002-05-02 16:36 126976 ----a-w- c:\windows\mbgruppe\mbUtil.dll 2012-02-02 20:43 . 2002-04-05 12:33 45056 ----a-w- c:\windows\mbgruppe\mbHLink.ocx 2012-02-02 20:43 . 2001-12-18 15:58 319488 ----a-w- c:\windows\mbgruppe\mbdbjet.dll 2012-02-02 20:43 . 2000-10-31 11:11 90112 ----a-w- c:\windows\mbgruppe\mbctrl.ocx . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}] 2011-11-22 08:59 269824 ----a-w- c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUpon.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408] "ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "hpWirelessAssistant"="c:\programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752] "IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328] "IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2007-11-01 1101824] "AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "iSaverCtrl"="c:\programme\iSaver\iSaverCtrl.exe" [2009-06-08 1160192] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "LogitechQuickCamRibbon"="c:\programme\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 63712] "QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-01-16 421736] "AVP"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296] "MSC"="c:\programme\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "SDTray"="c:\programme\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272] "Spybot-S&D Cleaning"="c:\programme\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-10-05 3025304] "Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "EPSON SX100 Series (Kopie 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE" [2008-02-05 188928] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-16 09:45 63712 ----a-w- c:\programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Device Listener] 2011-01-25 08:48 380416 ----a-w- c:\programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Programme\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Programme\\Synology\\Assistant\\DSAssistant.exe"= "c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Programme\\Logitech\\Vid HD\\Vid.exe"= "c:\\Programme\\Synology Data Replicator 3\\Backup.exe"= "c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Programme\\Mozilla Firefox\\plugin-container.exe"= "c:\\Programme\\Synology Download Redirector\\Redirector.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\RM.exe"= "c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\umi.exe"= "c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"= "c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= "c:\\Programme\\Spybot - Search & Destroy 2\\SDTray.exe"= "c:\\Programme\\Spybot - Search & Destroy 2\\SDFSSvc.exe"= "c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdate.exe"= "c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.03.2009 18:42 715248] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04.03.2011 13:23 11352] R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\programme\Spybot - Search & Destroy 2\SDHookDrv32.sys [03.02.2012 08:06 38504] R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [03.02.2012 11:19 652360] R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\programme\Spybot - Search & Destroy 2\SDHookSvc.exe [03.02.2012 08:06 130976] R2 StumbleUponUpdater;StumbleUpon Updater;c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe [22.11.2011 09:59 18432] R2 SynoDrService;SynoDrService;c:\programme\Synology Data Replicator 3\SynoDrService.exe [12.01.2010 03:45 245760] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10.03.2011 18:34 34608] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02.11.2009 20:27 19472] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03.02.2012 11:19 20464] S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 12:16 130384] S2 gupdate1c9cc19a2b7bc2e;Google Update Service (gupdate1c9cc19a2b7bc2e);c:\programme\Google\Update\GoogleUpdate.exe [03.05.2009 19:04 133104] S3 crmsrv;INTERMEDIATE enomic Intern Server;"c:\programme\Intermediate Intern Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf --> c:\programme\Intermediate Intern Server\enomic-server\Wrapper.exe [?] S3 enomicsrv;Intermediate ENOMIC Server;"c:\programme\Intermediate Demo Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf --> c:\programme\Intermediate Demo Server\enomic-server\Wrapper.exe [?] S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [03.05.2009 19:04 133104] S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programme\Spybot - Search & Destroy 2\SDFSSvc.exe [03.02.2012 08:06 892336] S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [03.02.2012 08:06 955816] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 12:16 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}] 2009-03-04 15:32 8192 ----a-w- c:\programme\PixiePack Codec Pack\InstallerHelper.exe . Inhalt des "geplante Tasks" Ordners . 2012-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2012-02-09 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job - c:\programme\Spybot - Search & Destroy 2\SDUpdate.exe [2012-02-03 14:46] . 2012-02-06 c:\windows\Tasks\Google Software Updater.job - c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-16 13:26] . 2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-05-03 18:04] . 2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-05-03 18:04] . 2012-02-09 c:\windows\Tasks\MP Scheduled Scan.job - c:\programme\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39] . 2012-02-09 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job - c:\programme\Spybot - Search & Destroy 2\SDImmunize.exe [2012-02-03 14:46] . 2012-02-09 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job - c:\programme\Spybot - Search & Destroy 2\SDScan.exe [2012-02-03 14:46] . 2012-02-08 c:\windows\Tasks\Synology Data Replicator 3-NB-001-tmondelli.job - c:\programme\Synology Data Replicator 3\Backup.exe [2010-09-15 09:52] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.mondelli.de/ uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Hinzufügen zu Anti-Banner - c:\programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\dokumente und einstellungen\tmondelli.NB-001\Anwendungsdaten\Mozilla\Firefox\Profiles\u67unzlk.default\ FF - prefs.js: browser.startup.homepage - www.mondelli.de . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-02-09 19:45 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*] "7040111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'winlogon.exe'(1492) c:\programme\Spybot - Search & Destroy 2\SDHook32.dll c:\windows\system32\netprovcredman.dll c:\windows\system32\MPRUI.dll c:\windows\system32\netmsg.dll . - - - - - - - > 'lsass.exe'(1548) c:\programme\Spybot - Search & Destroy 2\SDHook32.dll . - - - - - - - > 'explorer.exe'(3120) c:\programme\Spybot - Search & Destroy 2\SDHook32.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\MPR.dll c:\windows\system32\netprovcredman.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\programme\Microsoft Security Client\Antimalware\MsMpEng.exe c:\programme\Intel\Wireless\Bin\S24EvMon.exe c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\system32\bgsvcgen.exe c:\programme\Bonjour\mDNSResponder.exe c:\programme\Intel\Wireless\Bin\EvtEng.exe c:\programme\Java\jre6\bin\jqs.exe c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe c:\programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe c:\programme\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\wbem\wmiapsrv.exe c:\programme\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\igfxsrvc.exe c:\programme\Hewlett-Packard\Shared\HpqToaster.exe c:\programme\iPod\bin\iPodService.exe c:\programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-02-09 19:50:34 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-02-09 18:50 ComboFix2.txt 2012-02-09 11:02 ComboFix3.txt 2012-02-08 16:53 . Vor Suchlauf: 8.933.801.984 Bytes frei Nach Suchlauf: 8.903.917.568 Bytes frei . - - End Of File - - B834760F299D2D6188B9202AC8B01AA1 Gruß Thomas |
09.02.2012, 21:46 | #17 |
/// Winkelfunktion /// TB-Süch-Tiger™ | System Check Malware entfernt, aber immer noch Probleme Sagmal ist das rein zufällig ein Büro- oder andersweitig hauptsächlich gewerblich eingesetzter Rechner?
__________________
__________________ |
09.02.2012, 22:32 | #18 |
| System Check Malware entfernt, aber immer noch Probleme Das war früher mein Home-Office-Rechner, den ich jetzt aber vorwiegend nur noch privat nutze.
__________________ |
10.02.2012, 12:12 | #19 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | System Check Malware entfernt, aber immer noch ProblemeZitat:
Wenn ja, sowas geht nicht, man sollte nie zwei Virenscanner dieser Art gleichzeitig nutzen. Eins umgehend deinstallieren!
__________________ Logfiles bitte immer in CODE-Tags posten |
10.02.2012, 14:37 | #20 |
| System Check Malware entfernt, aber immer noch Probleme Alles klar, werde einen wieder deaktivieren. Aus meiner Sicht funktionieren beide gleich gut, da der Kaspersky sowieso nur eine Test-Version ist, werde ich mit dem MSE weitermachen, oder hast du als Experten einen anderen Ratschlag? Was mich noch unsicher macht, ist die Geschichte, mit dem nicht mehr vorhandenen G-Data Client, den ComboFix bemerkt hatte. Muss man da noch etwas tun oder kann man das ignorieren? Gruß Thomas |
10.02.2012, 16:08 | #21 |
/// Winkelfunktion /// TB-Süch-Tiger™ | System Check Malware entfernt, aber immer noch Probleme Nein, nicht deaktivieren, sondern deinstallieren!
__________________ --> System Check Malware entfernt, aber immer noch Probleme |
10.02.2012, 17:28 | #22 |
| System Check Malware entfernt, aber immer noch Probleme So, Kaspersky ist deinstalliert. Kann ich noch etwas tun? Gruß Thomas |
10.02.2012, 19:02 | #23 |
/// Winkelfunktion /// TB-Süch-Tiger™ | System Check Malware entfernt, aber immer noch Probleme Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
10.02.2012, 22:01 | #24 |
| System Check Malware entfernt, aber immer noch Probleme Hallo Arne, hier die Osam-Log: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:08:52 on 10.02.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\WINDOWS\system32\sdnclean.exe [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "Check for updates (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Refresh immunization (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDImmunize.exe "Scan the system (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDScan.exe "MP Scheduled Scan.job" - "Microsoft Corporation" - C:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe "Synology Data Replicator 3-NB-001-tmondelli.job" - ? - C:\Programme\Synology Data Replicator 3\Backup.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "ImageDrive.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\ImageDrive.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "HPWACpl" - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\HP Wireless Assistant\WACntlPnl.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "BlackBerry-Smartphone" (RimUsb) - ? - C:\WINDOWS\System32\Drivers\RimUsb.sys (File not found) "catchme" (catchme) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\catchme.sys (File not found) "cercsr6" (cercsr6) - "Adaptec, Inc." - C:\WINDOWS\system32\drivers\cercsr6.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "fftdqpog" (fftdqpog) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\fftdqpog.sys (Hidden registry entry, rootkit activity | File not found) "GEAR ASPI Filter Driver" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys "Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "mbr" (mbr) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "MpKsla4b0dc35" (MpKsla4b0dc35) - "Microsoft Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{126C6DA4-AF2A-4415-89FA-30A859E32C96}\MpKsla4b0dc35.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "SANDRA" (SANDRA) - ? - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\WNt500x86\Sandra.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "Spybot-S&D 2 Hook Driver" (SDHookDriver) - ? - C:\Programme\Spybot - Search & Destroy 2\SDHookDrv32.sys (File found, but it contains no detailed information) "tclondrv" (tclondrv) - ? - C:\WINDOWS\System32\DRIVERS\tclondrv.sys (File not found) "Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WinDriver6" (WinDriver6) - "Jungo" - C:\WINDOWS\System32\drivers\windrvr6.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {9C450606-ED24-4958-92BA-B8940C99D441} "PixiePack Codec Pack 1.1.400.0" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Programme\Pinnacle\VideoSpin\Programs\BlueShellExt.dll (File found, but it contains no detailed information) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll (File found, but it contains no detailed information) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI239C~1\shellext.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {44176360-2BBF-4EC1-93CE-384B8681A0BC} "Spybot-S&D Explorer Integration" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDECon32.dll {52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx / hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10t.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} "StumbleUpon" - "StumbleUpon Inc." - C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUpon.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\tmondelli.NB-001\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ISUSPM" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler "swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" "hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "IntelWireless" - "Intel Corporation" - "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless "IntelZeroConfig" - "Intel Corporation" - "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" "iSaverCtrl" - "infoMantis GmbH" - C:\Programme\iSaver\iSaverCtrl.exe --startup "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "MSC" - "Microsoft Corporation" - "C:\Programme\Microsoft Security Client\msseces.exe" -hide -runkey "NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SDTray" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" "Spybot-S&D Cleaning" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Broadcom 802.11 Wireless LAN Adapter Logon Provider" - "Broadcom Corporation" - C:\WINDOWS\System32\BCMLogon.dll "IntelNetProvCredMan" - "Intel Corporation" - c:\windows\system32\netprovcredman.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll "PDFCreator" - "internet-support foehr.com" - C:\WINDOWS\system32\pdfcmnnt.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\WINDOWS\system32\bgsvcgen.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c9cc19a2b7bc2e)" (gupdate1c9cc19a2b7bc2e) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe "Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe "INTERMEDIATE enomic Intern Server" (crmsrv) - ? - "C:\Programme\Intermediate Intern Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf (File not found) "Intermediate ENOMIC Server" (enomicsrv) - ? - "C:\Programme\Intermediate Demo Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf (File not found) "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "LiveShare P2P Server 9" (RoxLiveShare9) - ? - "C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" (File not found) "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe "Spybot S&D 2 Live Protection Service" (SDHookService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe "Spybot-S&D 2 Scanner Service" (SDScannerService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe "Spybot-S&D 2 Updating Service" (SDUpdateService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe "StumbleUpon Updater" (StumbleUponUpdater) - ? - C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe (File found, but it contains no detailed information) "SynoDrService" (SynoDrService) - ? - C:\Programme\Synology Data Replicator 3\SynoDrService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software Run date: 2012-02-10 21:19:13 ----------------------------- 21:19:13.734 OS Version: Windows 5.1.2600 Service Pack 3 21:19:13.734 Number of processors: 2 586 0xF06 21:19:13.734 ComputerName: NB-001 UserName: 21:19:14.109 Initialize success 21:19:18.484 AVAST engine defs: 12021000 21:19:22.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 21:19:22.312 Disk 0 Vendor: ST912082 7.24 Size: 114473MB BusType: 3 21:19:22.468 Disk 0 MBR read successfully 21:19:22.468 Disk 0 MBR scan 21:19:22.500 Disk 0 Windows XP default MBR code 21:19:22.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 50011 MB offset 63 21:19:22.546 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 64459 MB offset 102422880 21:19:22.640 Disk 0 scanning sectors +234435600 21:19:22.859 Disk 0 scanning C:\WINDOWS\system32\drivers 21:19:57.281 Service scanning 21:19:57.609 Service MpKsla4b0dc35 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{126C6DA4-AF2A-4415-89FA-30A859E32C96}\MpKsla4b0dc35.sys **LOCKED** 32 21:19:57.656 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32 21:19:58.187 Modules scanning 21:21:06.265 Disk 0 trace - called modules: 21:21:06.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spwf.sys >>UNKNOWN [0x8a636944]<< 21:21:06.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5889c0] 21:21:06.328 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000091[0x8a58aa28] 21:21:06.328 5 ACPI.sys[b9e69620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a589030] 21:21:06.703 AVAST engine scan C:\WINDOWS 21:21:38.187 AVAST engine scan C:\WINDOWS\system32 21:33:45.000 AVAST engine scan C:\WINDOWS\system32\drivers 21:34:46.140 AVAST engine scan C:\Dokumente und Einstellungen\tmondelli.NB-001 21:42:33.421 AVAST engine scan C:\Dokumente und Einstellungen\All Users 21:44:12.218 Scan finished successfully 21:51:55.406 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\MBR.dat" 21:51:55.421 The log file has been saved successfully to "C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\aswMBR.txt" |
10.02.2012, 22:18 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | System Check Malware entfernt, aber immer noch Probleme GMER fehlt. Warum packst du nicht alles als CODE hier in den Beitrag? war ein Log zu groß?
__________________ Logfiles bitte immer in CODE-Tags posten |
10.02.2012, 22:42 | #26 |
| System Check Malware entfernt, aber immer noch Probleme GMER läuft noch, sobald er durch ist poste ich dir nochmal alles zusammen. |
10.02.2012, 22:57 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | System Check Malware entfernt, aber immer noch Probleme Ist ok, nimm dir die Zeit!
__________________ Logfiles bitte immer in CODE-Tags posten |
11.02.2012, 07:59 | #28 |
| System Check Malware entfernt, aber immer noch Probleme Guten Morgen Arne, nun habe ich alle Logs zusammen: GMER: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-02-11 07:52:48 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST912082 rev.7.24 Running: 47crshwe.exe; Driver: C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\fftdqpog.sys ---- System - GMER 1.0.15 ---- SSDT spec.sys ZwCreateKey [0xB9EAB0E0] SSDT spec.sys ZwEnumerateKey [0xB9EC8CA2] SSDT spec.sys ZwEnumerateValueKey [0xB9EC9030] SSDT spec.sys ZwOpenKey [0xB9EAB0C0] SSDT spec.sys ZwQueryKey [0xB9EC9108] SSDT spec.sys ZwQueryValueKey [0xB9EC8F88] SSDT spec.sys ZwSetValueKey [0xB9EC919A] INT 0x62 ? 8A685BF8 INT 0x73 ? 8A615BF8 INT 0x73 ? 8A684BF8 INT 0x73 ? 8A615BF8 INT 0xA4 ? 8A684BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spec.sys Das System kann die angegebene Datei nicht finden. ! .text USBPORT.SYS!DllUnload B83B28AC 5 Bytes JMP 8A6841D8 ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[288] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008E0001 .text C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[288] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe[288] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[400] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BA0001 .text C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[400] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[400] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Programme\Java\jre6\bin\jqs.exe[416] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F10001 .text C:\Programme\Java\jre6\bin\jqs.exe[416] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\Programme\Java\jre6\bin\jqs.exe[416] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\Programme\Google\Update\GoogleUpdate.exe[484] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FA0001 .text C:\Programme\Google\Update\GoogleUpdate.exe[484] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A60F5A .text C:\Programme\Google\Update\GoogleUpdate.exe[484] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[500] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CB0001 .text C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[500] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[500] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\WINDOWS\Explorer.EXE[580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F00001 .text C:\WINDOWS\Explorer.EXE[580] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\WINDOWS\Explorer.EXE[580] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[584] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AF0001 .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[584] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe[584] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[616] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01310001 .text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[616] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A60F5A .text C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[616] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe[624] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DE0001 .text C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe[624] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe[624] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F50001 .text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01820001 .text C:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A60F5A .text C:\WINDOWS\system32\winlogon.exe[904] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01490001 .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01340001 .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A60F5A .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\Programme\iTunes\iTunesHelper.exe[1008] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BB0001 .text C:\Programme\iTunes\iTunesHelper.exe[1008] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\Programme\iTunes\iTunesHelper.exe[1008] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01FA0001 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1100] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E50001 .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01010001 .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\bgsvcgen.exe[1280] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010F0001 .text C:\WINDOWS\system32\bgsvcgen.exe[1280] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\bgsvcgen.exe[1280] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\Programme\Bonjour\mDNSResponder.exe[1316] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CF0001 .text C:\Programme\Bonjour\mDNSResponder.exe[1316] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\Programme\Bonjour\mDNSResponder.exe[1316] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 052B0001 .text C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1356] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe[1356] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[1364] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F50001 .text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[1364] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe[1364] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02650001 .text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\WINDOWS\System32\svchost.exe[1392] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D60001 .text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 07400001 .text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1488] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[1568] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010D0001 .text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[1568] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[1568] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BB0001 .text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe[1704] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B00001 .text C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe[1704] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe[1704] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DD0001 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DC0001 .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1892] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 0A6D0001 .text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1892] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1892] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\WINDOWS\system32\spoolsv.exe[1992] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D90001 .text C:\WINDOWS\system32\spoolsv.exe[1992] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A .text C:\WINDOWS\system32\spoolsv.exe[1992] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A .text C:\Programme\Analog Devices\Core\smax4pnp.exe[2052] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E00001 .text C:\Programme\Analog Devices\Core\smax4pnp.exe[2052] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\Programme\Analog Devices\Core\smax4pnp.exe[2052] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[2124] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01540001 .text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[2124] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe[2124] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe[2172] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008D0001 .text C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe[2172] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe[2172] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Programme\Synology Data Replicator 3\SynoDrService.exe[2220] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00980001 .text C:\Programme\Synology Data Replicator 3\SynoDrService.exe[2220] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\Programme\Synology Data Replicator 3\SynoDrService.exe[2220] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2268] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DA0001 .text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2268] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A .text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2268] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AD0F5A .text E:\Temp\47crshwe.exe[2384] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001 .text E:\Temp\47crshwe.exe[2384] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text E:\Temp\47crshwe.exe[2384] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 011B0001 .text C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\WINDOWS\system32\igfxsrvc.exe[2432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B80001 .text C:\WINDOWS\system32\igfxsrvc.exe[2432] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\WINDOWS\system32\igfxsrvc.exe[2432] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[2520] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013C0001 .text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[2520] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe[2520] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Programme\iPod\bin\iPodService.exe[2604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00980001 .text C:\Programme\iPod\bin\iPodService.exe[2604] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\Programme\iPod\bin\iPodService.exe[2604] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe[2824] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001 .text C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe[2824] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe[2824] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\WINDOWS\system32\igfxtray.exe[2868] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001 .text C:\WINDOWS\system32\igfxtray.exe[2868] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\WINDOWS\system32\igfxtray.exe[2868] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2908] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009D0001 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2908] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2908] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\WINDOWS\system32\hkcmd.exe[2920] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001 .text C:\WINDOWS\system32\hkcmd.exe[2920] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\WINDOWS\system32\hkcmd.exe[2920] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\WINDOWS\system32\igfxpers.exe[2956] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B70001 .text C:\WINDOWS\system32\igfxpers.exe[2956] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\WINDOWS\system32\igfxpers.exe[2956] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\WINDOWS\System32\alg.exe[3008] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00940001 .text C:\WINDOWS\System32\alg.exe[3008] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\WINDOWS\System32\alg.exe[3008] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3060] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A00001 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3060] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3060] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[3292] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C60001 .text C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[3292] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[3292] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Programme\Microsoft Security Client\msseces.exe[3660] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CD0001 .text C:\Programme\Microsoft Security Client\msseces.exe[3660] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\Programme\Microsoft Security Client\msseces.exe[3660] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[3664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FC0001 .text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[3664] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A70F5A .text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[3664] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3816] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DC0001 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3816] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3816] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3820] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B30001 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3820] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3820] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[3856] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D40001 .text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[3856] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A70F5A .text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[3856] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[3976] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B60001 .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[3976] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A .text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe[3976] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EAC046] spec.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EAC142] spec.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EAC0C4] spec.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EAC7CE] spec.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EAC6A4] spec.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB7D7A] spec.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F12F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F12C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F12CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F12CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [011C2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [011C2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [011C2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Programme\Logitech\Logitech WebCam Software\LWS.exe[2416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [011C2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A6831F8 Device \Driver\usbuhci \Device\USBPDO-0 89B5B1F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A6161F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A6161F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A6161F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A6161F8 Device \Driver\usbuhci \Device\USBPDO-1 89B5B1F8 Device \Driver\usbuhci \Device\USBPDO-2 89B5B1F8 Device \Driver\usbuhci \Device\USBPDO-3 89B5B1F8 Device \Driver\usbehci \Device\USBPDO-4 89B2E1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{D96C6CDB-062D-46B2-B66F-FA4B9ECC5E51} 897BC500 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6861F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6861F8 Device \Driver\Cdrom \Device\CdRom0 89B071F8 Device \Driver\iastor \Device\Ide\iaStor0 [B9D585D0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DE0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B9DE0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 [B9D585D0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 897BC500 Device \Driver\NetBT \Device\NetbiosSmb 897BC500 Device \Driver\usbuhci \Device\USBFDO-0 89B5B1F8 Device \Driver\usbuhci \Device\USBFDO-1 89B5B1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8983B500 Device \Driver\usbuhci \Device\USBFDO-2 89B5B1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8983B500 Device \Driver\usbuhci \Device\USBFDO-3 89B5B1F8 Device \Driver\usbehci \Device\USBFDO-4 89B2E1F8 Device \Driver\Ftdisk \Device\FtControl 8A6861F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{CEAE2D63-0D6E-426B-A352-BE5CF7D88C2A} 897BC500 Device \FileSystem\Cdfs \Cdfs 89A58500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ... ---- Files - GMER 1.0.15 ---- File C:\Dokumente und Einstellungen\tmondelli.NB-001\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4TFY2B41\integrity-local[1].txt 40 bytes File C:\Dokumente und Einstellungen\tmondelli.NB-001\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4TFY2B41\integrity-local[2].txt 40 bytes ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:08:52 on 10.02.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\WINDOWS\system32\sdnclean.exe [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "Check for updates (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Refresh immunization (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDImmunize.exe "Scan the system (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDScan.exe "MP Scheduled Scan.job" - "Microsoft Corporation" - C:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe "Synology Data Replicator 3-NB-001-tmondelli.job" - ? - C:\Programme\Synology Data Replicator 3\Backup.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "ImageDrive.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\ImageDrive.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "HPWACpl" - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\HP Wireless Assistant\WACntlPnl.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "BlackBerry-Smartphone" (RimUsb) - ? - C:\WINDOWS\System32\Drivers\RimUsb.sys (File not found) "catchme" (catchme) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\catchme.sys (File not found) "cercsr6" (cercsr6) - "Adaptec, Inc." - C:\WINDOWS\system32\drivers\cercsr6.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "fftdqpog" (fftdqpog) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\fftdqpog.sys (Hidden registry entry, rootkit activity | File not found) "GEAR ASPI Filter Driver" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys "Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "mbr" (mbr) - ? - C:\DOKUME~1\TMONDE~1.NB-\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "MpKsla4b0dc35" (MpKsla4b0dc35) - "Microsoft Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{126C6DA4-AF2A-4415-89FA-30A859E32C96}\MpKsla4b0dc35.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "SANDRA" (SANDRA) - ? - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1c\WNt500x86\Sandra.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "Spybot-S&D 2 Hook Driver" (SDHookDriver) - ? - C:\Programme\Spybot - Search & Destroy 2\SDHookDrv32.sys (File found, but it contains no detailed information) "tclondrv" (tclondrv) - ? - C:\WINDOWS\System32\DRIVERS\tclondrv.sys (File not found) "Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WinDriver6" (WinDriver6) - "Jungo" - C:\WINDOWS\System32\drivers\windrvr6.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {9C450606-ED24-4958-92BA-B8940C99D441} "PixiePack Codec Pack 1.1.400.0" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Programme\Pinnacle\VideoSpin\Programs\BlueShellExt.dll (File found, but it contains no detailed information) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll (File found, but it contains no detailed information) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI239C~1\shellext.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {44176360-2BBF-4EC1-93CE-384B8681A0BC} "Spybot-S&D Explorer Integration" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDECon32.dll {52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx / hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10t.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} "StumbleUpon" - "StumbleUpon Inc." - C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUpon.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\tmondelli.NB-001\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ISUSPM" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler "swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" "hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "IntelWireless" - "Intel Corporation" - "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless "IntelZeroConfig" - "Intel Corporation" - "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" "iSaverCtrl" - "infoMantis GmbH" - C:\Programme\iSaver\iSaverCtrl.exe --startup "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "MSC" - "Microsoft Corporation" - "C:\Programme\Microsoft Security Client\msseces.exe" -hide -runkey "NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SDTray" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" "Spybot-S&D Cleaning" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Broadcom 802.11 Wireless LAN Adapter Logon Provider" - "Broadcom Corporation" - C:\WINDOWS\System32\BCMLogon.dll "IntelNetProvCredMan" - "Intel Corporation" - c:\windows\system32\netprovcredman.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll "PDFCreator" - "internet-support foehr.com" - C:\WINDOWS\system32\pdfcmnnt.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\WINDOWS\system32\bgsvcgen.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c9cc19a2b7bc2e)" (gupdate1c9cc19a2b7bc2e) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe "Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe "INTERMEDIATE enomic Intern Server" (crmsrv) - ? - "C:\Programme\Intermediate Intern Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf (File not found) "Intermediate ENOMIC Server" (enomicsrv) - ? - "C:\Programme\Intermediate Demo Server\enomic-server\Wrapper.exe" -s conf/Wrapper.conf (File not found) "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "LiveShare P2P Server 9" (RoxLiveShare9) - ? - "C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" (File not found) "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe "Spybot S&D 2 Live Protection Service" (SDHookService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe "Spybot-S&D 2 Scanner Service" (SDScannerService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe "Spybot-S&D 2 Updating Service" (SDUpdateService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe "StumbleUpon Updater" (StumbleUponUpdater) - ? - C:\Dokumente und Einstellungen\tmondelli.NB-001\Anwendungsdaten\StumbleUpon\IE\StumbleUponUpdater.exe (File found, but it contains no detailed information) "SynoDrService" (SynoDrService) - ? - C:\Programme\Synology Data Replicator 3\SynoDrService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software Run date: 2012-02-10 21:19:13 ----------------------------- 21:19:13.734 OS Version: Windows 5.1.2600 Service Pack 3 21:19:13.734 Number of processors: 2 586 0xF06 21:19:13.734 ComputerName: NB-001 UserName: 21:19:14.109 Initialize success 21:19:18.484 AVAST engine defs: 12021000 21:19:22.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 21:19:22.312 Disk 0 Vendor: ST912082 7.24 Size: 114473MB BusType: 3 21:19:22.468 Disk 0 MBR read successfully 21:19:22.468 Disk 0 MBR scan 21:19:22.500 Disk 0 Windows XP default MBR code 21:19:22.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 50011 MB offset 63 21:19:22.546 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 64459 MB offset 102422880 21:19:22.640 Disk 0 scanning sectors +234435600 21:19:22.859 Disk 0 scanning C:\WINDOWS\system32\drivers 21:19:57.281 Service scanning 21:19:57.609 Service MpKsla4b0dc35 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{126C6DA4-AF2A-4415-89FA-30A859E32C96}\MpKsla4b0dc35.sys **LOCKED** 32 21:19:57.656 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32 21:19:58.187 Modules scanning 21:21:06.265 Disk 0 trace - called modules: 21:21:06.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spwf.sys >>UNKNOWN [0x8a636944]<< 21:21:06.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5889c0] 21:21:06.328 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000091[0x8a58aa28] 21:21:06.328 5 ACPI.sys[b9e69620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a589030] 21:21:06.703 AVAST engine scan C:\WINDOWS 21:21:38.187 AVAST engine scan C:\WINDOWS\system32 21:33:45.000 AVAST engine scan C:\WINDOWS\system32\drivers 21:34:46.140 AVAST engine scan C:\Dokumente und Einstellungen\tmondelli.NB-001 21:42:33.421 AVAST engine scan C:\Dokumente und Einstellungen\All Users 21:44:12.218 Scan finished successfully 21:51:55.406 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\MBR.dat" 21:51:55.421 The log file has been saved successfully to "C:\Dokumente und Einstellungen\tmondelli.NB-001\Desktop\aswMBR.txt" Gruß Thomas |
12.02.2012, 13:13 | #29 |
/// Winkelfunktion /// TB-Süch-Tiger™ | System Check Malware entfernt, aber immer noch Probleme Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
13.02.2012, 22:52 | #30 |
| System Check Malware entfernt, aber immer noch Probleme Hallo Arne, hier die Logs der zwei Vollscans. Malwarebytes lief ohne Beanstandung durch: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.13.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 tmondelli :: NB-001 [Administrator] Schutz: Deaktiviert 13.02.2012 10:49:19 mbam-log-2012-02-13 (10-49-19).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 524890 Laufzeit: 4 Stunde(n), 17 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
Themen zu System Check Malware entfernt, aber immer noch Probleme |
aufruf, check, dateien, dateien beschädigt, diverse, entfernen, falsche, festgestellt, firefox, internet, kaspersky, keine programme, link, malware, meldung, microsoft security, problem, probleme, programme, remover, security, sicherheitssoftware, spybot, system, tools, trojan, unregelmäßige, weiterleitung, windows, öffnet |