Wie kann ich "Trojan.Heur.Vundo.by4@dCgCSGe" entfernen?

Holz12 · 31.12.2009, 16:19

Hallo! Ich habe mir, glaube ich, einen Trojaner eingefangen und bitte um eure Hilfe, um ihn wieder loszuwerden. Schon jetzt vielen Dank an alle Helfer

Seit einigen Tagen hat der Rechner Probleme beim Booten. Immer wieder bleibt er im Boot-Prozess hängen, allerdings nicht immer an der gleichen Stelle. Da das Problem regelmäßig auftrat, wollte ich auf Ursachensuche gehen und stellte fest:

- Norton AntiVir 2009 kompakt lässt sich nicht starten
- Spybot Search an Destroy lässt sich nicht starten
- Avira AntiVir (Neuinstallation) lässt sich nicht starten

Der Bitdefender Online-Quickscan brachte schließlich folgendes Ergebnis:

BitDefender QuickScan Beta 32-bit v0.9.8.8
------------------------------------------

Scan date: Thu Dec 31 15:33:27 2009
Machine ID: 793AFBBB

Process svchost.exe (1532) is affected by Gen:Trojan.Heur.Vundo.by4@dCgCSGe

Found 1 infected file!
------------------------
C:\WINDOWS\system32\H8SRTpxymycsdjb.dll - Gen:Trojan.Heur.Vundo.by4@dCgCSGe

Processes
---------
<unsigned> Catalyst Control Centre 4072 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
<unsigned> Catalyst Control Centre 3780 C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
<unsigned> Device Detector 3 2336 C:\Programme\Olympus\DeviceDetector\DevDtct2.exe
<unsigned> LckFldService 2756 C:\WINDOWS\system32\LckFldService.exe
<unsigned> OpenOffice.org 3.0 2728 C:\Programme\OpenOffice.org 3\program\soffice.bin
<unsigned> OpenOffice.org 3.0 2696 C:\Programme\OpenOffice.org 3\program\soffice.exe
<unsigned> PTChangeFilterService 2460 C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe

<verified> ActivClient 352 C:\Programme\ActivIdentity\ActivClient\accrdsub.exe
<verified> ActivClient Services 2064 C:\Programme\ActivIdentity\ActivClient\accoca.exe
<verified> ActivClient Services 1488 C:\Programme\ActivIdentity\ActivClient\acevents.exe
<verified> ActivClient Services 572 C:\Programme\ActivIdentity\ActivClient\acevents.exe
<verified> Agere Soft Modem Call Progress Service 2212 C:\WINDOWS\system32\agrsmsvc.exe
<verified> Apple Mobile Device Service 2268 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
<verified> ArcSoft Connect 2168 C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
<verified> ATI External Event Utility for Windows 1580 C:\WINDOWS\system32\Ati2evxx.exe
<verified> ATI External Event Utility for Windows 720 C:\WINDOWS\system32\Ati2evxx.exe
<verified> Betriebssystem Microsoft® Windows® 388 C:\WINDOWS\Explorer.EXE
<verified> Betriebssystem Microsoft® Windows® 660 C:\WINDOWS\System32\SCardSvr.exe
<verified> Betriebssystem Microsoft® Windows® 1348 C:\WINDOWS\system32\services.exe
<verified> Betriebssystem Microsoft® Windows® 1144 C:\WINDOWS\System32\smss.exe
<verified> Betriebssystem Microsoft® Windows® 2544 C:\WINDOWS\system32\wbem\wmiapsrv.exe
<verified> Betriebssystem Microsoft® Windows® 1304 C:\WINDOWS\system32\winlogon.exe
<verified> Bioscrypt VeriSoft Single Sign On 1960 C:\Programme\Hewlett-Packard\IAM\Bin\AsGHost.exe
<verified> Bluetooth Software 1820 C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
<verified> Bluetooth Software 2180 C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
<verified> Bonjour 2308 C:\Programme\Bonjour\mDNSResponder.exe
<verified> Firefox 3192 C:\Programme\Mozilla Firefox\firefox.exe
<verified> GoGear VIBE Device Manager 2412 C:\Programme\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
<verified> Hewlett-Packard Corporation 3D DriveGuard System 284 C:\WINDOWS\system32\AccelerometerSt.Exe
<verified> HP ProtectTools 1704 C:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
<verified> HP ProtectTools Security Manager 360 C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
<verified> HP Quick Launch Buttons 2856 C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
<verified> HP Quick Launch Buttons 452 C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
<verified> HP Wireless Assistant 884 C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
<verified> HpqToaster Module 2692 C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe
<verified> hpqwmiex Module 3620 C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
<verified> iTunes 968 C:\Programme\iPod\bin\iPodService.exe
<verified> iTunes 1068 C:\Programme\iTunes\iTunesHelper.exe
<verified> Java(TM) Platform SE 6 U13 2712 C:\Programme\Java\jre6\bin\jqs.exe
<verified> Java(TM) Platform SE 6 U13 256 C:\Programme\Java\jre6\bin\jusched.exe
<verified> Microsoft Distributed Transaction Coordinator 2968 C:\WINDOWS\system32\msdtc.exe
<verified> Microsoft Message Queue 3296 C:\WINDOWS\system32\mqsvc.exe
<verified> Microsoft Message Queue 3548 C:\WINDOWS\system32\mqtgsvc.exe
<verified> Microsoft® Windows® Operating System 2368 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 1264 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 1220 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 1360 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 540 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 1388 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1788 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 136 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1532 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1604 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1912 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 3224 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1860 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1740 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1508 C:\WINDOWS\system32\wbem\wmiprvse.exe
<verified> Microsoft® Windows® Operating System 3992 C:\WINDOWS\system32\wbem\wmiprvse.exe
<verified> NMSAccessU.exe 3000 C:\Programme\CDBurnerXP\NMSAccessU.exe
<verified> SMax4PNP Application 508 C:\Programme\Analog Devices\Core\smax4pnp.exe
<verified> Synaptics Pointing Device Driver 240 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
<verified> Windows Installer - Unicode 372 C:\WINDOWS\system32\msiexec.exe

Network activity
----------------
Process firefox.exe (3192) connected on port 80 (HTTP) - adria.hijackthis.de
Process firefox.exe (3192) connected on port 80 (HTTP) - a92-123-148-20.deploy.akamaitechnologies.com
Process firefox.exe (3192) connected on port 80 (HTTP) - adria.hijackthis.de
Process firefox.exe (3192) connected on port 80 (HTTP) - adria.hijackthis.de
Process firefox.exe (3192) connected on port 80 (HTTP) - adria.hijackthis.de
Process firefox.exe (3192) connected on port 80 (HTTP) - adria.hijackthis.de
Process firefox.exe (3192) connected on port 80 (HTTP) - adria.hijackthis.de
Process firefox.exe (3192) connected on port 80 (HTTP) - a92-123-148-20.deploy.akamaitechnologies.com
Process firefox.exe (3192) connected on port 80 (HTTP) - adria.hijackthis.de
Process firefox.exe (3192) connected on port 80 (HTTP) - adria.hijackthis.de
Process firefox.exe (3192) connected on port 80 (HTTP) - adria.hijackthis.de

Process svchost.exe (1740) listens on ports: 135 (RPC)
Process mqsvc.exe (3296) listens on ports: 1028 (RPC), 1801 (MSMQ), 2103 (MSMQ-RPC), 2105 (MSMQ-RPC), 2107 (MSMQ-Mgmt)

Autoruns and critical files
---------------------------
<unsigned> ActivClient C:\Programme\ActivIdentity\ActivClient\acunlock.dll
<unsigned> ActivClient Services C:\WINDOWS\system32\ackpbsc.dll
<unsigned> AntiVir Desktop C:\Programme\Avira\AntiVir Desktop\avgnt.exe
<unsigned> Audio Control Panel C:\Programme\Analog Devices\SoundMAX\Smax4.exe
<unsigned> Catalyst® Control Center c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
<unsigned> cpqset.exe C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe
<unsigned> Device Detector 3 C:\Programme\Olympus\DeviceDetector\DevDtct2.exe
<unsigned> quickstart.exe C:\Programme\OpenOffice.org 3\program\quickstart.exe
<unsigned> QuickTime C:\Programme\QuickTime\QTTask.exe
<unsigned> Search Settings C:\Programme\pdfforge Toolbar\SearchSettings.exe
<unsigned> Spybot - Search & Destroy C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

<verified> ActivClient C:\Programme\ActivIdentity\ActivClient\accrdsub.exe
<verified> Adobe Acrobat C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> Apple Software Update C:\Programme\Apple Software Update\SoftwareUpdate.exe
<verified> ArcSoft Connect C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
<verified> ATI External Event Utility for Windows C:\WINDOWS\system32\ati2evxx.dll
<verified> Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\browseui.dll
<verified> Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\crypt32.dll
<verified> Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\cscdll.dll
<verified> Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\logonui.exe
<verified> Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\regsvr32.exe
<verified> Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\sclgntfy.dll
<verified> Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\shell32.dll
<verified> Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\stobject.dll
<verified> Betriebssystem Microsoft® Windows® c:\windows\system32\userinit.exe
<verified> Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\wlnotify.dll
<verified> Bioscrypt VeriSoft Single Sign On c:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll
<verified> Bioscrypt VeriSoft Single Sign On C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
<verified> Bioscrypt VeriSoft Single Sign On C:\WINDOWS\system32\APSHook.dll
<verified> Hewlett-Packard Corporation 3D DriveGuard System C:\WINDOWS\system32\AccelerometerSt.Exe
<verified> HP ProtectTools Security Manager C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
<verified> HP Quick Launch Buttons C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
<verified> HP Wireless Assistant C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
<verified> iTunes C:\Programme\iTunes\iTunesHelper.exe
<verified> Java(TM) Platform SE 6 U13 C:\Programme\Java\jre6\bin\jusched.exe
<verified> Microsoft Genuine Advantage C:\WINDOWS\system32\KB905474\wgasetup.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> SMax4PNP Application C:\Programme\Analog Devices\Core\smax4pnp.exe
<verified> Symantec Shared Component E:\cdstart.exe
<verified> Synaptics Pointing Device Driver C:\Programme\Synaptics\SynTP\SynTPEnh.exe
<verified> Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins
---------------
<unsigned> Bonjour C:\Programme\Bonjour\mdnsNSP.dll
<unsigned> Easy-WebPrint c:\programme\canon\easy-webprint\toolband.dll
<unsigned> Easy-WebPrint EWPBrowseLoader Module c:\programme\canon\easy-webprint\ewpbrowseloader.dll
<unsigned> Java(TM) Platform SE 6 U13 c:\programme\java\jre6\bin\jp2ssv.dll
<unsigned> Java(TM) Platform SE 6 U13 c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> libcurl.dll C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles/gc11t3xx.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
<unsigned> libexpatw.dll C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles/gc11t3xx.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
<unsigned> Microsoft® Visual Studio .NET C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles/gc11t3xx.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll
<unsigned> Microsoft® Visual Studio .NET C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles/gc11t3xx.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll
<unsigned> nppdf32.DEU C:\Programme\Internet Explorer\plugins\nppdf32.DEU
<unsigned> nppdf32.DEU C:\Programme\Mozilla Firefox\plugins\nppdf32.DEU
<unsigned> QuickTime Plug-in 7.6.5 C:\Programme\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Programme\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Programme\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Programme\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Programme\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Programme\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Programme\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> Search Settings c:\programme\pdfforge toolbar\searchsettings.dll
<unsigned> The OpenSSL Toolkit C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles/gc11t3xx.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll
<unsigned> The OpenSSL Toolkit C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles/gc11t3xx.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll
<unsigned> Widgi Toolbar c:\programme\pdfforge toolbar\widgitoolbarie.dll
<unsigned> zlib C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles/gc11t3xx.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll

<verified> AcroIEHelperShim Library c:\programme\gemeinsame dateien\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Programme\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe Acrobat C:\Programme\Mozilla Firefox\plugins\nppdf32.dll
<verified> AOL IE Toolbar c:\programme\aol\aol toolbar 5.0\aoltb.dll
<verified> ArcSoft Video Downloader c:\programme\arcsoft\media converter for philips\internet video downloader\arcurlrecord.dll
<verified> Betriebssystem Microsoft® Windows® C:\WINDOWS\system32\mswsock.dll
<verified> Bioscrypt VeriSoft Single Sign On c:\programme\hewlett-packard\iam\bin\itieaddin.dll
<verified> BitDefender QuickScan C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles/gc11t3xx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
<verified> BitDefender QuickScan C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles/gc11t3xx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> getPlusPlus for Adobe 16241 C:\Programme\Mozilla Firefox\plugins\np_gp.dll
<verified> Java(TM) Platform SE 6 U13 C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Messenger C:\Programme\Messenger\msmsgs.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Programme\Mozilla Firefox\plugins\npnul32.dll
<verified> npitunes.dll C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Spybot - Search & Destroy C:\Programme\Spybot - Search & Destroy\SDHelper.dll
<verified> Symantec Intrusion Detection c:\programme\norton antivirus\engine\16.0.0.125\ipsbho.dll
<verified> TVU Web Player for FireFox C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles/gc11t3xx.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

Missing files
-------------
File not found: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\richtx64.exe
referenced in: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"richtx64.exe"

Scan
----

No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.09 MB sent, 4.09 KB recvd
Scanned 1728 files and modules - 75 seconds

Anschließend wollte ich Bitdefender herunterladen und installieren, aber die Installation konnte nicht erfolgreich abgeschlossen werden.

Schließlich habe ich dieses Board gefunden und versucht, die Anleitungen zu befolgen:

- CC Cleaner habe ich ausgeführt
- Malwarebytes-Anti-Malware lässt sich nicht installieren
- RSIT habe ich ausgeführt. Hier der Report:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-12-31 15:58:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 200 GB (84%) free of 237 GB
Total RAM: 1789 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:18, on 31.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Programme\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Programme\ActivIdentity\ActivClient\accrdsub.exe
C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Programme\ActivIdentity\ActivClient\acevents.exe
c:\Programme\ActivIdentity\ActivClient\accoca.exe
C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Olympus\DeviceDetector\DevDtct2.exe
C:\Programme\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\Programme\OpenOffice.org 3\program\soffice.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\LckFldService.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe
c:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\RSIT.exe
C:\Programme\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [StartCCC] "c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [accrdsub] "c:\Programme\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Programme\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Philips GoGear VIBE Device Manager.lnk = ?
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AOL\ieToolbar\resources\de-DE\local\search.html
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Programme\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: OneCard - c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Programme\ActivIdentity\ActivClient\accoca.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: Norton AntiVirus Kompakt (Norton AntiVirus) - Symantec Corporation - C:\Programme\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13188 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11222041-111B-46E3-BD29-EFB2449479B1}]
IEPlugin Class - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL [2008-12-24 145920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Programme\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Programme\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL [2009-12-31 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2008-05-21 58128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Programme\pdfforge Toolbar\SearchSettings.dll [2009-01-30 1114112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"AccelerometerSysTrayApplet"=C:\WINDOWS\system32\AccelerometerSt.Exe [2008-06-09 82224]
"StartCCC"=c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
""= []
"accrdsub"=c:\Programme\ActivIdentity\ActivClient\accrdsub.exe [2007-05-15 293168]
"PTHOSTTR"=c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2008-06-02 238984]
"CognizanceTS"=c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2008-05-21 24848]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1040384]
"hpWirelessAssistant"=C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"QlbCtrl.exe"=C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-14 177456]
"Cpqset"=C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe [2008-05-14 61440]
"SoundMAXPnP"=C:\Programme\Analog Devices\Core\smax4pnp.exe [2008-04-04 1044480]
"SoundMAX"=C:\Programme\Analog Devices\SoundMAX\Smax4.exe [2008-03-24 884736]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SearchSettings"=C:\Programme\pdfforge Toolbar\SearchSettings.exe [2009-01-30 992256]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"ArcSoft Connection Service"=C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-10-10 203264]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2009-11-12 141600]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
Device Detector 3.lnk - C:\Programme\Olympus\DeviceDetector\DevDtct2.exe
Philips GoGear VIBE Device Manager.lnk - C:\Programme\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe

C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart
OpenOffice.org 3.0.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc]
c:\WINDOWS\system32\ackpbsc.dll [2007-05-15 112640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock]
c:\Programme\ActivIdentity\ActivClient\acunlock.dll [2007-05-15 281088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-05-15 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2008-05-21 111888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Programme\TmNationsForever\TmForever.exe"="C:\Programme\TmNationsForever\TmForever.exe:*

isabled:TmForever"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programme\SopCast\adv\SopAdver.exe"="C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Programme\TVUPlayer\TVUPlayer.exe"="C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e537cbbe-042b-11de-95f2-806d6172696f}]
shell\AutoRun\command - E:\CDStart.exe
shell\Install\command - E:\Setup.exe

======List of files/folders created in the last 1 months======

2009-12-31 15:58:14 ----D---- C:\rsit
2009-12-31 15:58:14 ----D---- C:\Programme\trend micro
2009-12-31 15:50:08 ----D---- C:\Programme\CCleaner
2009-12-31 15:33:15 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\QuickScan
2009-12-31 15:25:32 ----D---- C:\WINDOWS\LastGood
2009-12-31 15:25:24 ----D---- C:\Programme\Avira
2009-12-31 15:15:31 ----SHD---- C:\Config.Msi
2009-12-31 15:09:09 ----D---- C:\Programme\Norton Support
2009-12-31 15:01:21 ----D---- C:\Programme\Symantec
2009-12-31 15:01:21 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared
2009-12-31 15:01:21 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-12-31 15:00:38 ----D---- C:\Programme\Windows Sidebar
2009-12-31 15:00:38 ----D---- C:\Programme\Norton AntiVirus
2009-12-31 14:59:02 ----D---- C:\Programme\NortonInstaller
2009-12-30 11:59:28 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-12-30 11:58:56 ----D---- C:\Programme\iPod
2009-12-30 11:58:53 ----D---- C:\Programme\iTunes
2009-12-30 11:39:52 ----D---- C:\WINDOWS\system32\appmgmt
2009-12-29 19:53:04 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-29 19:51:09 ----D---- C:\Programme\QuickTime
2009-12-23 01:56:45 ----A---- C:\WINDOWS\system32\krl32mainweq.dll
2009-12-23 01:55:26 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
2009-12-10 08:19:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 08:18:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 08:17:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 08:16:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 08:16:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-08 20:13:29 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVU Networks
2009-12-08 20:13:15 ----D---- C:\Programme\TVUPlayer
2009-12-05 14:10:01 ----D---- C:\Programme\7-Zip
2009-12-01 19:23:18 ----D---- C:\Programme\Maxis

======List of files/folders modified in the last 1 months======

2009-12-31 15:58:14 ----D---- C:\Programme
2009-12-31 15:53:31 ----D---- C:\Programme\Mozilla Firefox
2009-12-31 15:52:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-12-31 15:52:33 ----D---- C:\WINDOWS\Debug
2009-12-31 15:52:33 ----D---- C:\WINDOWS
2009-12-31 15:52:32 ----D---- C:\WINDOWS\Temp
2009-12-31 15:40:44 ----D---- C:\Programme\Gemeinsame Dateien
2009-12-31 15:40:09 ----SHD---- C:\WINDOWS\Installer
2009-12-31 15:40:08 ----D---- C:\WINDOWS\WinSxS
2009-12-31 15:25:40 ----D---- C:\WINDOWS\system32\drivers
2009-12-31 15:25:34 ----HD---- C:\WINDOWS\inf
2009-12-31 15:25:33 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-31 15:23:27 ----D---- C:\WINDOWS\system32
2009-12-31 15:23:21 ----A---- C:\WINDOWS\system32\lckfldservicelog.txt
2009-12-31 15:05:13 ----SHD---- C:\System Volume Information
2009-12-31 15:04:32 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-12-31 15:02:30 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller
2009-12-31 15:01:43 ----D---- C:\WINDOWS\Prefetch
2009-12-31 14:56:16 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton
2009-12-30 11:59:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-30 11:58:55 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2009-12-30 11:35:02 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Apple Computer
2009-12-29 20:35:11 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype
2009-12-29 17:42:28 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skypePM
2009-12-19 10:47:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-10 19:08:40 ----D---- C:\Programme\Internet Explorer
2009-12-10 08:19:19 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-12-10 08:17:48 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-05 17:58:09 ----D---- C:\Programme\Free M4a to MP3 Converter
2009-12-05 17:54:21 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dvdcss
2009-12-01 21:06:19 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 BHDrvx86;Symantec Heuristics Driver; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\ccHPx86.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys []
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 RsvLock;RsvLock; C:\WINDOWS\system32\drivers\RsvLock.sys [2008-05-30 12496]
R1 SRTSP;SRTSP; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SRTSP.SYS []
R1 SRTSPX;SRTSPX; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SRTSPX.SYS []
R1 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMTDI.SYS []
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 Accelerometer;HP Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2008-05-23 28592]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-11 338944]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-05-16 2881536]
R3 BCM43XX;Treiber für Broadcom 802.11-Netzwerkadapter; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-03-21 1287552]
R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-05-14 37424]
R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-05-14 879624]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NAVENG;NAVENG; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS []
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2008-04-10 1804160]
R3 SYMDNS;SYMDNS; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMDNS.SYS []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMFW.SYS []
R3 SYMIDS;SYMIDS; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMIDS.SYS []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-12-31 35888]
R3 SYMNDIS;SYMNDIS; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMNDIS.SYS []
R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMREDRV.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-27 224672]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-04-03 296320]
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-05-14 74688]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMC IrCC-Miniportgerätetreiber; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-18 35913]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-12-31 35888]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 accoca;ActivClient Middleware Service; c:\Programme\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe [2009-09-28 109056]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2007-12-11 12800]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ASChannel;Lokaler Verbindungskanal; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-05-15 540672]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-05-12 264800]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-06-02 18944]
R2 HpFkCryptService;Drive Encryption Service; c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-30 256512]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 LckFldService;LckFldService; C:\WINDOWS\system32\LckFldService.exe [2005-06-22 36864]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
R2 NMSAccessU;NMSAccessU; C:\Programme\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 Com4QLBEx;Com4QLBEx; C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe [2008-04-16 165192]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
S2 Norton AntiVirus;Norton AntiVirus Kompakt; C:\Programme\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe [2009-12-31 115560]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

So. Ich hoffe, meine Angaben sind für euch verständlich und vollständig. Über Hilfe bei Diagnose und Bekämpfung des Problems bin ich euch dankbar! Und allen, die das heute noch lesen, wünsche ich außerdem nen guten Rutsch

Holz12 · 31.12.2009, 18:41

Nachtrag: Ich habe Avenger benutzt. Dies ist der Report:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "H8SRTd.sys" found!
ImagePath: \systemroot\system32\drivers\H8SRTwntyxtlimp.sys
Driver disabled successfully.

Rootkit scan completed.

Error: file "C:\WINDOWS\SYSTEM32\drivers\H8SRTckkylhlkjp.sys" not found!
Deletion of file "C:\WINDOWS\SYSTEM32\drivers\H8SRTckkylhlkjp.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\H8SRTsmsdudkvjc.dll" not found!
Deletion of file "C:\WINDOWS\system32\H8SRTsmsdudkvjc.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\H8SRTsunblqpjej.dll" not found!
Deletion of file "C:\WINDOWS\system32\H8SRTsunblqpjej.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\H8SRTfakypafrql.dat" not found!
Deletion of file "C:\WINDOWS\system32\H8SRTfakypafrql.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\Temp\H8SRT6c66.tmp" not found!
Deletion of file "C:\WINDOWS\Temp\H8SRT6c66.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Jetzt funktionieren die Virenscanner wieder, auch Malwarebytes. Hier der Report:

Malwarebytes' Anti-Malware 1.43
Datenbank Version: 3462
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31.12.2009 18:28:29
mbam-log-2009-12-31 (18-28-29).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 236031
Laufzeit: 1 hour(s), 42 minute(s), 41 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\h8srtd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{B32AEE6A-215A-4A68-95FC-9CABBF245D43}\RP111\A0027107.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTlmedoqkvse.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\H8SRTwntyxtlimp.sys (Malware.Packer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTompfumowqj.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\H8SRTf5ad.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

Und nun? War es das oder sollte ich weitere Checks folgen lassen?

Danke für Hilfe!

Wie kann ich "Trojan.Heur.Vundo.by4@dCgCSGe" entfernen?

Plagegeister aller Art und deren Bekämpfung: Wie kann ich "Trojan.Heur.Vundo.by4@dCgCSGe" entfernen?

Wie kann ich "Trojan.Heur.Vundo.by4@dCgCSGe" entfernen?

Wie kann ich "Trojan.Heur.Vundo.by4@dCgCSGe" entfernen?

Ähnliche Themen: Wie kann ich "Trojan.Heur.Vundo.by4@dCgCSGe" entfernen?