Hallo, habe mir dummerweise Spyhunter installiert, nachdem mein AVG wegen Trojanern am schimpfen war, die es aber nicht löschen konnte. Hier mal mein HJ Log, ich befürchte beinhae dass das eventuell noch mehr im Argen liegen könnte. Ich freue mich über Unterstützung, weiß leider nicht wirklich wie ich da nun vorgehen sollte.
Gruß






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:52:02, on 25.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\AVG\AVG9\avgchsvx.exe
C:\Programme\AVG\AVG9\avgrsx.exe
C:\Programme\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Application Updater\ApplicationUpdater.exe
C:\Programme\AVG\AVG9\avgwdsvc.exe
C:\Programme\avmwlanstick\WlanNetService.exe
F:\Uni\Cisco VPN Client\cvpnd.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\RealVNC\VNC4\WinVNC4.exe
C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
F:\Uni\3S Software\CoDeSys ENI Server\ENI.exe
C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\AVG\AVG9\avgnsx.exe
F:\Programme\Creative Prodikeys\Prodload.exe
C:\Programme\FreePDF_XP\fpassist.exe
F:\Uni\3S Software\CoDeSys ENI Server\ENISysTray.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Logitech\QuickCam\Quickcam.exe
F:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programme\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
C:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\AVG\AVG9\avgui.exe
C:\Programme\AVG\AVG9\avgscanx.exe
C:\Programme\AVG\AVG9\avgcsrvx.exe
C:\Programme\Hijack\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ProdikeysAutorun] "F:\Programme\Creative Prodikeys\Prodload.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [ENISysTray] F:\Uni\3S Software\CoDeSys ENI Server\ENISysTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Getdo] rundll32.exe "C:\Dokumente und Einstellungen\Herr Wum\Anwendungsdaten\Adobe\Update\flacor.dat""
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programme\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - F:\Uni\Cisco VPN Client\cvpnd.exe
O23 - Service: ENI Server - 3S-Smart Software Solutions GmbH - F:\3S Software\CoDeSys ENI Server\ENI.exe
O23 - Service: Google Update Service (gupdate1c98b054d7b9794) (gupdate1c98b054d7b9794) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RT Service 3S KM (RTService) - 3S-Smart Software Solutions GmbH - F:\Uni\3S Software\CoDeSys SP RTE\RTService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programme\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe

Hi,

Searchsetting und ein paar Files...

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

• Doppelklick auf die OTL.exe

• Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

• Unter Extra Registry, wähle bitte Use SafeList

• Klicke nun auf Run Scan links oben

• Wenn der Scan beendet wurde werden 2 Logfiles erstellt

• Poste die Logfiles hier in den Thread

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (http://www.gmer.net/#files), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

chris

Virustotal. MD5: 4cd0955e028a0f1d275da5477056b0dd Riskware.RemoteAdmin.Win32.AnyplaceControl.a!IK PUA.Packed.MinGWGCCDLL.2xx not-a-virus:RemoteAdmin.Win32.AnyplaceControl.a

Das sagt VT zu Spyhunter. Also nicht gerade das tollste Programm.

MFG

Nachtrag: http://filepony.de/?q=WOTde/scorecar...are.com#page-1
Das sagt WOT (web of trust) dazu. Die userbewertung ist wohl eindeutig

So, alles nach Vorgabe erledigt, hier die beiden Logs:

MAM:

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3910
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

25.03.2010 14:03:33
mbam-log-2010-03-25 (14-03-33).txt

Scan-Methode: Vollständiger Scan (C:\|F:\|)
Durchsuchte Objekte: 302655
Laufzeit: 2 hour(s), 18 minute(s), 44 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\getdo (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Programme\Steinberg\WaveLab\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\rasqervy.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\sdfinacs.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\sdfixwcs.dll (Malware.Trace) -> Quarantined and deleted successfully.




OTL:
OTL logfile created on: 25.03.2010 10:54:47 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Dokumente und Einstellungen\Herr Wum\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,90 Gb Total Space | 3,85 Gb Free Space | 6,88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 144,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 698,63 Gb Total Space | 208,77 Gb Free Space | 29,88% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name:
Current User Name: Herr Wum
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Herr Wum\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programme\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - F:\Uni\3S Software\CoDeSys ENI Server\ENISysTray.exe (3S-Smart Software Solutions GmbH)
PRC - F:\Uni\3S Software\CoDeSys ENI Server\ENI.exe (3S-Smart Software Solutions GmbH)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - F:\Uni\Cisco VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - F:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - F:\Programme\Creative Prodikeys\ProdLoad.exe (Creative Technology Ltd)
PRC - C:\Program Files\ASUS\Asus Probe\AsusProb.exe ()


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Herr Wum\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll ()
MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)


========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (LVSrvLauncher) -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (usnjsvc) -- C:\Programme\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (RTService) -- F:\Uni\3S Software\CoDeSys SP RTE\RTService.exe (3S-Smart Software Solutions GmbH)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (ENI Server) -- F:\Uni\3S Software\CoDeSys ENI Server\ENI.exe (3S-Smart Software Solutions GmbH)
SRV - (CVPND) -- F:\Uni\Cisco VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (WinVNC4) -- C:\Programme\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (3SRTE) -- C:\WINDOWS\system32\drivers\3SRTE.sys (3S - Smart Software Solutions GmbH)
DRV - (RTIOdrvKuhnkePBM) -- C:\WINDOWS\system32\drivers\RTIOdrvKuhnkePBM.sys (3s)
DRV - (RTIOdrvSJA) -- C:\WINDOWS\system32\drivers\RTIOdrvSJA.sys (3s)
DRV - (ibpcimpm) -- C:\WINDOWS\system32\drivers\ibpcimpm.sys (3s)
DRV - (RTIOdrvHMS) -- C:\WINDOWS\system32\drivers\RTIOdrvHMS.sys (3s)
DRV - (RTIOdrvHilscherDPM) -- C:\WINDOWS\system32\drivers\RTIOdrvHilscherDPM.sys (3s)
DRV - (RTIOdrvFC310x) -- C:\WINDOWS\system32\drivers\RTIOdrvFC310x.sys (3s)
DRV - (RTIOdrvDAMP) -- C:\WINDOWS\system32\drivers\RTIOdrvDAMP.sys (3s)
DRV - (RTIOdrvCP5613) -- C:\WINDOWS\system32\drivers\RTIOdrvCP5613.sys (3s)
DRV - (RTIOdrvAutomata) -- C:\WINDOWS\system32\drivers\RTIOdrvAutomata.sys (3s)
DRV - (RTIOdrvApplicom) -- C:\WINDOWS\system32\drivers\RTIOdrvApplicom.sys (3s)
DRV - (RTIOdrvAPIC) -- C:\WINDOWS\system32\drivers\RTIOdrvAPIC.sys (3S)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys ()
DRV - (Prodikeys) -- C:\WINDOWS\system32\drivers\ProdDrvr.sys (Creative Technology Ltd)
DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (Asapi) -- C:\WINDOWS\system32\drivers\asapi.sys (VOB Computersysteme GmbH)
DRV - (vcdrom) -- C:\VCdRom.sys (Microsoft Corporation)
DRV - (aslm75) -- C:\WINDOWS\system32\drivers\ASLM75.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.ftd.de/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.03.27 00:03:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG9\Firefox [2010.03.17 19:38:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.03.09 20:24:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.03.04 21:58:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.06 17:38:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

[2008.09.01 09:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Wum\Anwendungsdaten\Mozilla\Extensions
[2010.02.08 15:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Herr Wum\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008.04.02 12:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Herr Wum\Anwendungsdaten\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2010.03.25 02:43:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Wum\Anwendungsdaten\Mozilla\Firefox\Profiles\hjriacaa.default\extensions
[2009.07.02 17:38:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Herr Wum\Anwendungsdaten\Mozilla\Firefox\Profiles\hjriacaa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.25 02:43:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.19 00:03:18 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2003.10.11 01:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Programme\Mozilla Firefox\components\np32asw.dll
[2003.10.11 01:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Programme\Mozilla Firefox\plugins\np32asw.dll
[2009.11.03 03:14:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.11.03 03:14:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.11.03 03:14:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.11.03 03:14:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.11.03 03:14:39 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.03.25 02:39:42 | 000,000,687 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] F:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [CloneCDTray] C:\Programme\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [ENISysTray] F:\Uni\3S Software\CoDeSys ENI Server\ENISysTray.exe (3S-Smart Software Solutions GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Launch LCDMon] C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe File not found
O4 - HKLM..\Run: [Launch LGDCore] C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [ProdikeysAutorun] F:\Programme\Creative Prodikeys\Prodload.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Dokumente und Einstellungen\Herr Wum\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Herr Wum\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Herr Wum\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.01.26 18:12:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.07.07 17:31:47 | 000,000,100 | ---- | M] () - F:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{0f8f4e2e-5559-4f1c-87ae-a7c09c56c859}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- [2004.08.03 23:58:20 | 000,028,672 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{faa49bb2-61bc-11de-9ac6-001a4f487506}\Shell - "" = AutoRun
O33 - MountPoints2\{faa49bb2-61bc-11de-9ac6-001a4f487506}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{faa49bb2-61bc-11de-9ac6-001a4f487506}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.03.25 10:53:26 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Herr Wum\Desktop\OTL.exe
[2010.03.25 02:43:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Herr Wum\Anwendungsdaten\pdfforge
[2010.03.25 00:51:19 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2010.03.25 00:50:39 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010.03.25 00:49:39 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2010.03.19 00:03:03 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2010.03.17 12:08:25 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.03.16 16:30:03 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010.03.16 16:29:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2010.03.16 16:22:18 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2010.03.16 16:22:18 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2010.03.16 16:22:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010.03.16 16:22:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010.03.13 22:17:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\McAfee
[2010.03.10 12:40:21 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.03.06 00:14:36 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.03.04 21:49:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop\Installationsprogramm für Adobe Reader 9
[2010.03.04 21:49:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
[2010.03.04 21:49:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee Security Scan
[2010.03.04 21:48:53 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan
[2010.03.04 21:47:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS
[2009.02.12 18:24:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2009.02.12 08:59:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Herr Wum\*.tmp files -> C:\Dokumente und Einstellungen\Herr Wum\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.03.25 10:52:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Herr Wum\Desktop\OTL.exe
[2010.03.25 10:51:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.25 03:02:23 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.03.25 02:46:29 | 009,699,328 | ---- | M] () -- C:\Dokumente und Einstellungen\Herr Wum\ntuser.dat
[2010.03.25 02:41:37 | 057,644,995 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.03.25 02:38:40 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010.03.25 02:38:38 | 000,002,193 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2010.03.25 02:37:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.25 02:37:29 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010.03.25 02:37:25 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.25 02:37:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.25 02:37:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.25 02:36:54 | 2146,750,464 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.25 02:08:15 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Herr Wum\ntuser.ini
[2010.03.24 14:18:17 | 000,003,021 | ---- | M] () -- C:\WINDOWS\AWSHKWV.INI
[2010.03.21 18:04:54 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.20 12:51:32 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.03.17 16:08:34 | 000,023,552 | ---- | M] () -- C:\Dokumente und Einstellungen\Herr Wum\Eigene Dateien\FT II.doc
[2010.03.17 12:08:57 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.03.17 12:08:25 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.03.17 12:08:25 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.03.17 12:06:53 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.03.16 16:29:36 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010.03.16 16:29:30 | 000,001,498 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG Free 9.0.lnk
[2010.03.16 16:29:29 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.03.15 00:43:54 | 000,172,032 | ---- | M] () -- C:\Dokumente und Einstellungen\Herr Wum\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.15 00:35:44 | 000,003,830 | ---- | M] () -- C:\Dokumente und Einstellungen\Herr Wum\.recently-used.xbel
[2010.03.14 18:01:11 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.03.14 18:01:11 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.03.14 14:23:51 | 000,000,231 | ---- | M] () -- C:\WINDOWS\Muma60.INI
[2010.03.13 22:16:25 | 000,001,583 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010.03.13 22:16:25 | 000,001,575 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk
[2010.03.13 19:52:03 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.03.08 02:14:14 | 002,114,792 | -H-- | M] () -- C:\Dokumente und Einstellungen\Herr Wum\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.03.04 21:59:59 | 000,000,100 | ---- | M] () -- C:\WINDOWS\wuasirvy.dll
[2010.03.04 21:59:53 | 000,000,036 | ---- | M] () -- C:\WINDOWS\rasqervy.dll
[2010.03.04 21:59:22 | 000,000,005 | ---- | M] () -- C:\WINDOWS\sdfixwcs.dll
[2010.03.04 21:59:19 | 000,000,008 | ---- | M] () -- C:\WINDOWS\sdfinacs.dll
[2010.03.04 21:52:10 | 000,001,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.02.26 15:46:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Herr Wum\*.tmp files -> C:\Dokumente und Einstellungen\Herr Wum\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.17 16:08:34 | 000,023,552 | ---- | C] () -- C:\Dokumente und Einstellungen\Herr Wum\Eigene Dateien\FT II.doc
[2010.03.16 16:29:30 | 000,001,498 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG Free 9.0.lnk
[2010.03.15 00:35:44 | 000,003,830 | ---- | C] () -- C:\Dokumente und Einstellungen\Herr Wum\.recently-used.xbel
[2010.03.14 18:01:11 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010.03.14 18:01:11 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010.03.04 21:59:53 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2010.03.04 21:59:22 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2010.03.04 21:59:19 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2010.03.04 21:52:10 | 000,001,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.03.04 21:48:56 | 000,001,583 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010.03.04 21:48:56 | 000,001,575 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk
[2010.03.04 16:23:49 | 000,000,100 | ---- | C] () -- C:\WINDOWS\wuasirvy.dll
[2009.11.23 19:03:06 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.11.09 23:36:44 | 000,003,021 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2009.10.30 23:29:20 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.10.30 23:28:02 | 000,000,255 | ---- | C] () -- C:\WINDOWS\game.ini
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.05.16 12:43:10 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009.05.16 12:03:43 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2009.05.16 12:01:26 | 000,000,536 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installer.log
[2009.04.23 17:35:31 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll
[2009.04.23 17:35:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2009.04.23 17:35:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\maplecompat.dll
[2009.04.05 16:28:26 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008.10.20 18:47:20 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\callrproxy.dll
[2008.10.19 18:29:49 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2008.10.19 18:21:33 | 000,110,642 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2008.10.19 18:21:33 | 000,043,252 | ---- | C] () -- C:\WINDOWS\System32\pdfmon.dll
[2008.06.30 18:33:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008.06.05 16:38:39 | 000,000,122 | ---- | C] () -- C:\WINDOWS\MusicStudio.INI
[2008.06.05 16:37:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2008.06.05 16:36:51 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2008.06.05 16:35:43 | 000,006,768 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008.06.04 01:27:42 | 000,000,222 | ---- | C] () -- C:\WINDOWS\SamPro.INI
[2008.04.07 22:02:27 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2008.04.07 00:33:02 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.04.06 16:55:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.04.03 22:56:09 | 000,004,885 | ---- | C] () -- C:\Programme\Readme.txt
[2008.04.03 22:56:09 | 000,002,953 | ---- | C] () -- C:\Programme\Lizenz.txt
[2008.04.03 22:56:09 | 000,002,243 | ---- | C] () -- C:\Programme\Install.txt
[2008.03.08 20:33:29 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.03.08 20:24:11 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008.03.05 00:57:11 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2008.03.03 03:16:54 | 000,000,082 | ---- | C] () -- C:\WINDOWS\BEATBOX.INI
[2008.02.26 21:50:11 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008.02.26 21:50:10 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2008.02.26 21:49:04 | 000,000,701 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008.02.26 21:47:41 | 000,000,394 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2008.02.26 18:06:03 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.02.20 09:23:38 | 000,000,231 | ---- | C] () -- C:\WINDOWS\Muma60.INI
[2008.02.20 09:21:52 | 000,000,181 | ---- | C] () -- C:\WINDOWS\MAGIX.INI
[2008.02.11 22:51:47 | 000,003,472 | ---- | C] () -- C:\WINDOWS\messer.ini
[2008.01.28 20:08:39 | 000,172,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Herr Wum\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.26 19:26:00 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.01.26 19:18:00 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsProbe.sys
[2008.01.26 19:17:46 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2008.01.26 18:39:35 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007.12.27 22:05:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007.10.11 17:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007.04.03 15:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007.04.03 15:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007.03.10 12:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007.02.06 01:05:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2006.02.25 19:09:38 | 000,774,144 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.12.09 14:37:42 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2000.03.15 18:16:49 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\UNDERFLW.DLL
< End of report >



Extras:

OTL Extras logfile created on: 25.03.2010 10:54:47 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Dokumente und Einstellungen\Herr Wum\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,90 Gb Total Space | 3,85 Gb Free Space | 6,88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 144,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 698,63 Gb Total Space | 208,77 Gb Free Space | 29,88% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Current User Name: Herr Wum
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Trillian\trillian.exe" = C:\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Programme\Sierra\FEAR\FEAR.exe" = C:\Programme\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"C:\Programme\Sierra\FEAR\FEARMP.exe" = C:\Programme\Sierra\FEAR\FEARMP.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"C:\temp\HP_WebRelease\Setup\HPZnet01.exe" = C:\temp\HP_WebRelease\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in -- (Hewlett-Packard)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Programme\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"F:\Downloads\installer-6037-32de-WaveLab-Deutsch.exe" = F:\Downloads\installer-6037-32de-WaveLab-Deutsch.exe:*isabled:installer-6037-32de-WaveLab-Deutsch -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\AVG\AVG8\avgemc.exe" = C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Programme\AVG\AVG8\avgupd.exe" = C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\WINDOWS\system32\Gateway.exe" = C:\WINDOWS\system32\Gateway.exe:*:Enabled:GATEWAY.EXE -- (3S-Smart Software Solutions GmbH)
"C:\Programme\Mozilla Thunderbird\thunderbird.exe" = C:\Programme\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Messaging)
"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found
"F:\Uni\Maple 12\jre\bin\maple.exe" = F:\Uni\Maple 12\jre\bin\maple.exe:*isabled:Maple 12 -- (Maplesoft)
"C:\Programme\Nero\Nero8\Nero ShowTime\ShowTime.exe" = C:\Programme\Nero\Nero8\Nero ShowTime\ShowTime.exe:*isabled:Nero ShowTime -- (Nero AG)
"F:\Call of Duty 2\CoD2MP_s.exe" = F:\Call of Duty 2\CoD2MP_s.exe:*isabled:CoD2MP_s -- ()
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*isabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Participatory Culture Foundation\Miro\xulrunner\python\Miro_Downloader.exe" = C:\Programme\Participatory Culture Foundation\Miro\xulrunner\python\Miro_Downloader.exe:*isabled:Miro_Downloader -- ()
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:enable -- (Microsoft Corporation)
"C:\Programme\AVG\AVG9\avgupd.exe" = C:\Programme\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG9\avgnsx.exe" = C:\Programme\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{035E858B-2E6E-7AC7-16A9-41506F698D1E}" = Catalyst Control Center Graphics Full New
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07976ABB-1EBD-4A65-A7C7-155A0DC17173}" = CoDeSys for Automation Alliance
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}" = 3DMark05
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2F06D374-97CE-D8FB-9383-73150A2382DF}" = CCC Help English
"{2F93BFDD-EECE-924B-54ED-B0896F03D758}" = Catalyst Control Center Graphics Previews Common
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3BDFCF84-67A3-4C52-A708-FDD4135CF64C}" = Scratch LIVE 1.8 (18048)
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4F77F6EE-2C99-49F7-940A-2E9C208C3BE1}" = Paint.NET v3.5.2
"{4FA944D6-623E-EBBD-47D7-CE02A28C0796}" = Catalyst Control Center Graphics Light
"{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{69CBBEAC-4F50-4839-A5AF-58D5D6D46D4A}_is1" = Spyhunter Compact OS 1.0b
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77654E99-F083-ED32-B326-118741828039}" = Catalyst Control Center Graphics Full Existing
"{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{846E11C7-4E39-469C-8469-569E7DE9C5CD}" = Readon TV Movie Radio Player 5.8.0.0
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87CA98F3-0A13-77FE-A9F0-2AB1F28D741A}" = ccc-core-preinstall
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7E941F-2BB4-47D0-B732-8AE5F3513B68}" = ASAPI
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{8C8BC74F-E17F-4D59-D098-2F90BB9AE9E0}" = Skins
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9B5337F7-0444-5607-A397-909EFEFA7CFF}" = Catalyst Control Center Core Implementation
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A51892-D4A5-616B-4489-44B790179455}" = ccc-utility
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0CBC26C-9A9E-11D4-9304-0000E886B4FC}" = CoDeSys SP RTE
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C191BE7C-8542-4A61-973A-714EF76C5995}" = Logitech QuickCam-Software
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB20D3BC-6C7C-A9CA-D679-914240CDA0D3}" = ccc-core-static
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DD5B65F7-7CA5-4DE4-AEE7-7E8F26BF78F5}" = OpenOffice.org 2.3
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E723FBDD-0417-4546-8EB9-49A3CD443D3D}" = Readon TV Movie Radio Player 6.0.0.0
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"4U AVI MPEG Converter_is1" = 4U AVI MPEG Converter (version 5.6.9)
"Ableton Live_is1" = Ableton Live v7.0.2
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 Trial
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AFPL Ghostscript 8.50" = AFPL Ghostscript 8.50
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"All ATI Software" = ATI - Software Uninstall Utility
"Alt CDA to MP3 Converter 2.5 Shareware_is1" = Alt CDA to MP3 Converter 2.5
"ASAPI Update" = ASAPI Update
"ASUS Probe V2.25.02" = ASUS Probe V2.25.02
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.5 (Unicode)
"AVG9Uninstall" = AVG Free 9.0
"AVMWLANCLI" = AVM FRITZ!WLAN
"CDJ-400" = Pioneer CDJ-400 Driver
"CloneCD" = CloneCD
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E.M. DVD Copy_is1" = E.M. DVD Copy 2.51
"Easy Rapidshare Points3.0" = Easy Rapidshare Points
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InfoRapid KnowledgeMap Demoversion" = InfoRapid KnowledgeMap Demoversion
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IsoBuster_is1" = IsoBuster 2.2
"JDownloader" = JDownloader
"lvdrivers_11.50" = Logitech QuickCam-Treiberpaket
"MAGIX music maker generation 6" = MAGIX music maker generation 6
"MAGIX PC Visit D" = MAGIX PC Visit
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 12" = Maple 12
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Miro" = Miro
"Movies" = Movies
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Mozilla Thunderbird (3.0.3)" = Mozilla Thunderbird (3.0.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"myphotobook" = myphotobook 3.65
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoScape" = PhotoScape
"PicMaster" = PicMaster
"Prodikeys" = Creative Prodikeys DM
"PS3Eye Camera" = PS3Eye Camera 2.1.0.0130
"QcDrv" = Logitech® Camera-Treiber
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 6.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.2
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RouterControl" = RouterControl 1.90
"Samplitude Music Studio 2008 Trial D" = Samplitude Music Studio 2008 Trial 14.0.2.0 (D)
"samplitude project" = samplitude project
"ShapeCollage" = Shape Collage
"shortcircuit" = shortcircuit
"Soundforum Synth" = Soundforum Synth
"Steinberg WaveLab 5.00a" = Steinberg WaveLab 5.00a
"ToxicIII v1.2 Orion Edition Unlocked VSTi" = ToxicIII v1.2 Orion Edition Unlocked VSTi
"Ulead GIF Animator Lite Edition 1.0" = Ulead GIF Animator Lite Edition 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.2
"WAV to MP3" = WAV to MP3
"WaveLabDemo" = WaveLab Demo
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WhiteCap" = WhiteCap
"WIC" = Windows Imaging Component
"WinAce Archiver" = WinAce Archiver
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"WinSplit_is1" = WinSplit - Deinstallation
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordToPDF_is1" = WordToPDF 2.4
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zg cd extractor_is1" = Zg cd extractor 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery
"CodeBlocks" = CodeBlocks
"PhotoFiltre" = PhotoFiltre

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04.03.2010 16:51:18 | Computer Name = | Source = MsiInstaller | ID = 1013
Description = Produkt: Adobe Reader 8.1.2 - Deutsch -- Es wird ein Vorgang ausgeführt,
der nicht vom Installationsprogramm beendet werden kann. Schließen Sie vor einem
erneuten Versuche alle Anwendungen oder starten Sie Ihrem Computer neu.

Error - 05.03.2010 12:27:04 | Computer Name = | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ashdisp.exe, Version 4.8.1367.0, fehlgeschlagenes
Modul , Version 0.0.0.0, Fehleradresse 0x00000000.

Error - 12.03.2010 12:18:56 | Computer Name = | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung audacity.exe, Version 1.3.5.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 13.03.2010 17:14:48 | Computer Name = | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.

Error - 13.03.2010 17:14:48 | Computer Name = | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.

Error - 13.03.2010 17:14:48 | Computer Name = | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.

Error - 13.03.2010 17:14:48 | Computer Name = | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.

Error - 13.03.2010 17:14:48 | Computer Name = | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.

Error - 13.03.2010 17:14:50 | Computer Name = | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.

Error - 18.03.2010 19:50:51 | Computer Name = | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung wmplayer.exe, Version 11.0.5721.5145, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

[ System Events ] | Source = Service Control Manager | ID = 7000
Description = Der Dienst "avast! Mail Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 16.02.2010 08:22:02 | Computer Name = W | Source = Service Control Manager | ID = 7034
Description = Dienst "avast! Web Scanner" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 17.02.2010 07:56:52 | Computer Name = | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst avast!
Web Scanner.

Error - 17.02.2010 07:56:52 | Computer Name = | Source = Service Control Manager | ID = 7000
Description = Der Dienst "avast! Web Scanner" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053

Error - 18.02.2010 06:00:05 | Computer Name = | Source = Print | ID = 54
Description = Dokument easyJet.com Internet check-... war beschädigt und wurde gelöscht.
Der zugewiesene Treiber ist: HP LaserJet 6L.

Error - 04.03.2010 11:24:47 | Computer Name = | Source = DCOM | ID = 10010
Description = Der Server "{781B925F-0BF8-4C7B-A2A8-A8B11B488A07}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 09.03.2010 15:24:30 | Computer Name = | Source = Service Control Manager | ID = 7034
Description = Dienst "Yahoo! Updater" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 13.03.2010 06:55:41 | Computer Name = | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst avast!
Web Scanner.

Error - 13.03.2010 06:55:41 | Computer Name = | Source = Service Control Manager | ID = 7000
Description = Der Dienst "avast! Web Scanner" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053

Error - 25.03.2010 04:17:35 | Computer Name = | Source = DCOM | ID = 10010
Description = Der Server "{B2B3C70A-B20F-40B7-90C5-EA7E946C16E0}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


< End of report >

Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

• Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

• Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code: Alles auswählenAufklappen

ATTFilter

C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for
         

• Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

• Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

• Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Du hast Searchsettings (..\pdfforge Toolbar\.. bzw. "Spigot") drauf (falls nicht gelöscht werden soll, dann die entsprechenden Einträge rausnehmen!)...

• Doppelklick auf die OTL.exe, um das Programm auszuführen.

• Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

• Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code: Alles auswählenAufklappen

ATTFilter

:OTL
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
MOD - C:\Programme\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
[2010.03.04 21:59:59 | 000,000,100 | ---- | M] () -- C:\WINDOWS\wuasirvy.dll
[2010.03.04 21:59:53 | 000,000,036 | ---- | M] () -- C:\WINDOWS\rasqervy.dll
[2010.03.04 21:59:22 | 000,000,005 | ---- | M] () -- C:\WINDOWS\sdfixwcs.dll
[2010.03.04 21:59:19 | 000,000,008 | ---- | M] () -- C:\WINDOWS\sdfinacs.dll

:Files
C:\Programme\Enigma Software Group\SpyHunter

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = dword:0x00

:Commands
[emptytemp]
[Reboot]
         

• Den roten Run Fixes! Button anklicken.

• Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

• Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

• %systemroot%\_OTL

Bitte noch das Gmer-Log posten...

chris
Ps.:
Du hattest einen Banker auf dem Rechner (03.04.2010, s. u.)! Ich hoffe Du hast alle Passwörter von einem sauberen Rechner aus geändert...

Zitat:

[2010.03.04 21:59:59 | 000,000,100 | ---- | M] () -- C:\WINDOWS\wuasirvy.dll
[2010.03.04 21:59:53 | 000,000,036 | ---- | M] () -- C:\WINDOWS\rasqervy.dll
[2010.03.04 21:59:22 | 000,000,005 | ---- | M] () -- C:\WINDOWS\sdfixwcs.dll
[2010.03.04 21:59:19 | 000,000,008 | ---- | M] () -- C:\WINDOWS\sdfinacs.dll

Hmm, vielleicht sollten wir CF laufen lassen... mal sehen was GMER sagt...

Also, zunächst mal die Ergebnisse der VirusTotal Analyse:

Was ein "Hash" ist weiß ich leider nicht, ich hoffe der ist hier mit dabei?

Datei QTFont.qfn empfangen 2010.03.20 02:34:48 (UTC)
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.03.25 -
AhnLab-V3 5.0.0.2 2010.03.25 -
AntiVir 7.10.5.214 2010.03.25 -
Antiy-AVL 2.0.3.7 2010.03.24 -
Authentium 5.2.0.5 2010.03.25 -
Avast 4.8.1351.0 2010.03.25 -
Avast5 5.0.332.0 2010.03.25 -
AVG 9.0.0.787 2010.03.25 -
BitDefender 7.2 2010.03.25 -
CAT-QuickHeal 10.00 2010.03.25 -
ClamAV 0.96.0.0-git 2010.03.25 -
Comodo 4381 2010.03.25 -
DrWeb 5.0.1.12222 2010.03.25 -
eSafe 7.0.17.0 2010.03.24 -
eTrust-Vet 35.2.7388 2010.03.25 -
F-Prot 4.5.1.85 2010.03.24 -
F-Secure 9.0.15370.0 2010.03.25 -
Fortinet 4.0.14.0 2010.03.24 -
GData 19 2010.03.25 -
Ikarus T3.1.1.80.0 2010.03.25 -
Jiangmin 13.0.900 2010.03.25 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.25 -
McAfee 5930 2010.03.24 -
McAfee+Artemis 5930 2010.03.24 -
McAfee-GW-Edition 6.8.5 2010.03.25 -
Microsoft 1.5605 2010.03.25 -
NOD32 4974 2010.03.25 -
Norman 6.04.10 2010.03.25 -
nProtect 2009.1.8.0 2010.03.25 -
Panda 10.0.2.2 2010.03.24 -
PCTools 7.0.3.5 2010.03.25 -
Rising 22.40.03.04 2010.03.25 -
Sophos 4.52.0 2010.03.25 -
Sunbelt 6081 2010.03.25 -
Symantec 20091.2.0.41 2010.03.25 -
TheHacker 6.5.2.0.242 2010.03.24 -
TrendMicro 9.120.0.1004 2010.03.25 -
VBA32 3.12.12.2 2010.03.25 -
ViRobot 2010.3.25.2244 2010.03.25 -
VirusBuster 5.0.27.0 2010.03.25 -
weitere Informationen
File size: 54156 bytes
MD5...: dba91cd5a3a68302967c03213e52bde8
SHA1..: 8188a5832590c810b08ee3a2f1567afcdd094108
SHA256: 1a355634a47a01ce03e05328c2835a86926818bacdcb663db2136d691319dd18
ssdeep: 768:PSQ/EPXqsiVDQzbwaZ2QxDWNXVeOwMxsdy4uGiRu2beVopjRsFkrb8Q++J/+
aSq:m6
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: TrueType Font (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


Datei QTFont.for empfangen 2010.03.25 15:54:51 (UTC)


Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.03.25 -
AhnLab-V3 5.0.0.2 2010.03.25 -
AntiVir 7.10.5.214 2010.03.25 -
Antiy-AVL 2.0.3.7 2010.03.24 -
Authentium 5.2.0.5 2010.03.25 -
Avast 4.8.1351.0 2010.03.25 -
Avast5 5.0.332.0 2010.03.25 -
AVG 9.0.0.787 2010.03.25 -
BitDefender 7.2 2010.03.25 -
CAT-QuickHeal 10.00 2010.03.25 -
ClamAV 0.96.0.0-git 2010.03.25 -
Comodo 4381 2010.03.25 -
DrWeb 5.0.1.12222 2010.03.25 -
eSafe 7.0.17.0 2010.03.24 -
eTrust-Vet 35.2.7388 2010.03.25 -
F-Prot 4.5.1.85 2010.03.24 -
F-Secure 9.0.15370.0 2010.03.25 -
Fortinet 4.0.14.0 2010.03.24 -
GData 19 2010.03.25 -
Ikarus T3.1.1.80.0 2010.03.25 -
Jiangmin 13.0.900 2010.03.25 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.25 -
McAfee 5930 2010.03.24 -
McAfee+Artemis 5930 2010.03.24 -
McAfee-GW-Edition 6.8.5 2010.03.25 -
Microsoft 1.5605 2010.03.25 -
NOD32 4974 2010.03.25 -
Norman 6.04.10 2010.03.25 -
nProtect 2009.1.8.0 2010.03.25 -
Panda 10.0.2.2 2010.03.24 -
PCTools 7.0.3.5 2010.03.25 -
Rising 22.40.03.04 2010.03.25 -
Sophos 4.52.0 2010.03.25 -
Sunbelt 6081 2010.03.25 -
Symantec 20091.2.0.41 2010.03.25 -
TheHacker 6.5.2.0.242 2010.03.24 -
TrendMicro 9.120.0.1004 2010.03.25 -
VBA32 3.12.12.2 2010.03.25 -
ViRobot 2010.3.25.2244 2010.03.25 -
VirusBuster 5.0.27.0 2010.03.25 -
weitere Informationen
File size: 1409 bytes
MD5...: e1034d757709f37f2d1ebd96d5ead02b
SHA1..: fd71bd173744917d950ab434fd97e0e3f92d824f
SHA256: a6322c6f5bd745287666c045c3bff2861461a1752c50a2869f343d46f97fda82
ssdeep: 6:HRMU/KehWpaZtW7ABDXkwRl8Q6aJozGVQ+lpR2k:SeR1znRlz1J7Q+lWk
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win 3.x Installed TrueType Font (34.0%)
Generic Win/DOS Executable (32.9%)
DOS Executable Generic (32.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned



Das Ergebis der OTL- Fixes:

All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Programme\Application Updater\ApplicationUpdater.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
C:\Programme\pdfforge Toolbar\SearchSettings.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Programme\pdfforge Toolbar\SearchSettings.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Programme\pdfforge Toolbar\SearchSettings.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
File C:\WINDOWS\wuasirvy.dll not found.
File C:\WINDOWS\rasqervy.dll not found.
File C:\WINDOWS\sdfixwcs.dll not found.
File C:\WINDOWS\sdfinacs.dll not found.
========== FILES ==========
File\Folder C:\Programme\Enigma Software Group\SpyHunter not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 2933040 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Herr Wum
->Temp folder emptied: 807193189 bytes
->Temporary Internet Files folder emptied: 23585735 bytes
->Java cache emptied: 76558307 bytes
->FireFox cache emptied: 49134813 bytes
->Google Chrome cache emptied: 6278148 bytes
->Flash cache emptied: 135847 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3797548 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1007400 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 926,00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03252010_165836

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Ich mache jetzt mal den GMER Scan. Die Sache mit dem "Banker" verstehe ich leider nicht, was ist das? Habe bisher natürlich keine Passwörter geändert, alle Scanner haben mir nie eine Bedrohung angezeigt :-(

So, hier der erste GMER Log, ist die Hauptplatte mit dem Betriebssystem. Bei dem Versuch beide Platten zu scannen ist der Rechner leider immer abgeschmiert nach ewig langem Arbeiten.

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-03-26 00:21:25
Windows 5.1.2600 Service Pack 3
Running: sewolxvn.exe; Driver: C:\DOKUME~1\HERRWU~1\LOKALE~1\Temp\uxtdqpod.sys


---- System - GMER 1.0.15 ----

SSDT spgy.sys ZwCreateKey [0xB9EAB0E0]
SSDT spgy.sys ZwEnumerateKey [0xB9EC8CA2]
SSDT spgy.sys ZwEnumerateValueKey [0xB9EC9030]
SSDT spgy.sys ZwOpenKey [0xB9EAB0C0]
SSDT spgy.sys ZwQueryKey [0xB9EC9108]
SSDT spgy.sys ZwQueryValueKey [0xB9EC8F88]
SSDT spgy.sys ZwSetValueKey [0xB9EC919A]

INT 0x62 ? 8A754BF8
INT 0x82 ? 8A754BF8
INT 0x83 ? 8A6E5BF8
INT 0xB4 ? 8A383BF8
INT 0xB4 ? 8A383BF8
INT 0xB4 ? 8A383BF8
INT 0xB4 ? 8A383BF8
INT 0xB4 ? 8A383BF8
INT 0xB4 ? 8A383BF8

---- Kernel code sections - GMER 1.0.15 ----

? spgy.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB907F000, 0x187662, 0xE8000020]
.text USBPORT.SYS!DllUnload B8FF58AC 5 Bytes JMP 8A3831D8
.text annbf5lp.SYS B8B51384 1 Byte [20]
.text annbf5lp.SYS B8B51384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text annbf5lp.SYS B8B513AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text annbf5lp.SYS B8B513C4 3 Bytes [00, 00, 00]
.text annbf5lp.SYS B8B513C9 1 Byte [00]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EAC040] spgy.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EAC13C] spgy.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EAC0BE] spgy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EAC7FC] spgy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EAC6D2] spgy.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EBBD92] spgy.sys
IAT \SystemRoot\System32\Drivers\annbf5lp.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\annbf5lp.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\annbf5lp.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\annbf5lp.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\annbf5lp.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\annbf5lp.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\annbf5lp.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\annbf5lp.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\annbf5lp.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\annbf5lp.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\annbf5lp.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\annbf5lp.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\annbf5lp.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\annbf5lp.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\annbf5lp.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[2176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C32F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C32CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C32D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C32CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe[2428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2472] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2472] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2472] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [003D2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2472] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2976] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2976] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2976] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2976] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\avmwlanstick\wlangui.exe[3032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D52F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\avmwlanstick\wlangui.exe[3032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D52CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\avmwlanstick\wlangui.exe[3032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D52D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\avmwlanstick\wlangui.exe[3032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D52CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[3036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B62F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[3036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B62CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[3036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B62D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe[3036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B62CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\Programme\Creative Prodikeys\Prodload.exe[3180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A52F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\Programme\Creative Prodikeys\Prodload.exe[3180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A52CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\Programme\Creative Prodikeys\Prodload.exe[3180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A52D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\Programme\Creative Prodikeys\Prodload.exe[3180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A52CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\FreePDF_XP\fpassist.exe[3200] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\FreePDF_XP\fpassist.exe[3200] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\FreePDF_XP\fpassist.exe[3200] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\FreePDF_XP\fpassist.exe[3200] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\Uni\3S Software\CoDeSys ENI Server\ENISysTray.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00942F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\Uni\3S Software\CoDeSys ENI Server\ENISysTray.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00942CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\Uni\3S Software\CoDeSys ENI Server\ENISysTray.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00942D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT F:\Uni\3S Software\CoDeSys ENI Server\ENISysTray.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00942CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Java\jre6\bin\jusched.exe[3236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C12F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Java\jre6\bin\jusched.exe[3236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C12CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Java\jre6\bin\jusched.exe[3236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C12D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Java\jre6\bin\jusched.exe[3236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C12CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[3268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[3268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[3268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe[3268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008E2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008E2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008E2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008E2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C42D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Dokumente und Einstellungen\Herr Wum\Desktop\sewolxvn.exe[4080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Dokumente und Einstellungen\Herr Wum\Desktop\sewolxvn.exe[4080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Dokumente und Einstellungen\Herr Wum\Desktop\sewolxvn.exe[4080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Dokumente und Einstellungen\Herr Wum\Desktop\sewolxvn.exe[4080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A6E11F8
Device \Driver\usbuhci \Device\USBPDO-0 8A3A91F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A6E31F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A6E31F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A6E31F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A6E31F8
Device \Driver\usbuhci \Device\USBPDO-1 8A3A91F8
Device \Driver\usbuhci \Device\USBPDO-2 8A3A91F8
Device \Driver\PCI_PNP1786 \Device\00000053 spgy.sys
Device \Driver\usbuhci \Device\USBPDO-3 8A3A91F8
Device \Driver\usbehci \Device\USBPDO-4 8A39D1F8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 8A6E31F8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 8A6E31F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7551F8
Device \Driver\Cdrom \Device\CdRom0 8A32F1F8
Device \Driver\Cdrom \Device\CdRom1 8A32F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e [B9DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 8A32F1F8
Device \Driver\Cdrom \Device\CdRom3 8A32F1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A2BA500
Device \Driver\NetBT \Device\NetbiosSmb 8A2BA500
Device \Driver\sptd \Device\1679500536 spgy.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{26F1D832-665F-4CEB-AEC0-D722115EC7A0} 8A2BA500
Device \Driver\usbuhci \Device\USBFDO-0 8A3A91F8
Device \Driver\usbuhci \Device\USBFDO-1 8A3A91F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 899651F8
Device \Driver\usbuhci \Device\USBFDO-2 8A3A91F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 899651F8
Device \Driver\usbuhci \Device\USBFDO-3 8A3A91F8
Device \Driver\usbehci \Device\USBFDO-4 8A39D1F8
Device \Driver\Ftdisk \Device\FtControl 8A7551F8
Device \Driver\annbf5lp \Device\Scsi\annbf5lp1Port3Path0Target0Lun0 8A2E71F8
Device \Driver\viamraid \Device\Scsi\viamraid1 8A6E21F8
Device \Driver\annbf5lp \Device\Scsi\annbf5lp1 8A2E71F8
Device \Driver\annbf5lp \Device\Scsi\annbf5lp1Port3Path0Target2Lun0 8A2E71F8
Device \Driver\viamraid \Device\Scsi\viamraid1Port2Path0Target2Lun0 8A6E21F8
Device \Driver\annbf5lp \Device\Scsi\annbf5lp1Port3Path0Target1Lun0 8A2E71F8
Device \FileSystem\Cdfs \Cdfs 8995E1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x01 0x6A 0x67 0x46 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1D 0x76 0x7F 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x67 0x0C 0x06 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x67 0x0C 0x06 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x8C 0x47 0x4B 0x92 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x01 0x6A 0x67 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x46 0x10 0x9A 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC9 0xFD 0xE4 0xCD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x01 0x6A 0x67 0x46 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x46 0x10 0x9A 0x80 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC9 0xFD 0xE4 0xCD ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x01 0x6A 0x67 0x46 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1D 0x76 0x7F 0x6B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x67 0x0C 0x06 0x27 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x67 0x0C 0x06 0x27 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x8C 0x47 0x4B 0x92 ...

---- EOF - GMER 1.0.15 ----

Hi,

das kann nun Daemontools oder ein Rookit sein:

Code: Alles auswählenAufklappen

ATTFilter

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e [B9DFEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
         

TDSS-Killer
Download und Anweisung unter: http://www.trojaner-board.de/82358-t...tml#post640150
Entpacke alle Dateien!

Start.bat erstellen:
Start->alle Programme->Zubehör->Editor und kopiere folgenden Text rein:

Code: Alles auswählenAufklappen

ATTFilter

@ECHO OFF
TDSSKiller.exe -l report.txt -v
DEL %0
         

• Speichern als: start.bat

• abspeichern unter : Dateityp: alle Dateien

• speichere die Datei im Ordner wo auch TDSSKiller.exe steht

• Doppelklick start.bat

TDSSKiller.exe wird gestartet und ein Log erzeugen(report.txt).
Wenn TDSSKiller fertig ist poste den Inhalt der report.txt.

Die von mir angegebenen Dateien werden bei einer Infektion mit einem BankerTrojaner erstellt (versucht Homebanking abzufangen und, äh, für sich "weiterzuverwenden"), daher Passwörter ändern...

chris

Hallo noch mal! Also, hier nun das Log des TDSSKillers:

10:43:08:968 4820 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
10:43:08:968 4820 ================================================================================
10:43:08:968 4820 SystemInfo:

10:43:08:968 4820 OS Version: 5.1.2600 ServicePack: 3.0
10:43:08:968 4820 Product type: Workstation
10:43:08:968 4820 ComputerName: WILM
10:43:08:968 4820 UserName: Herr Wum
10:43:08:968 4820 Windows directory: C:\WINDOWS
10:43:08:968 4820 Processor architecture: Intel x86
10:43:08:968 4820 Number of processors: 2
10:43:08:968 4820 Page size: 0x1000
10:43:08:968 4820 Boot type: Normal boot
10:43:08:968 4820 ================================================================================
10:43:08:968 4820 UnloadDriverW: NtUnloadDriver error 2
10:43:08:968 4820 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
10:43:09:062 4820 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
10:43:09:078 4820 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
10:43:09:078 4820 wfopen_ex: Trying to KLMD file open
10:43:09:078 4820 wfopen_ex: File opened ok (Flags 2)
10:43:09:078 4820 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
10:43:09:078 4820 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
10:43:09:078 4820 wfopen_ex: Trying to KLMD file open
10:43:09:078 4820 wfopen_ex: File opened ok (Flags 2)
10:43:09:078 4820 Initialize success
10:43:09:078 4820
10:43:09:078 4820 Scanning Services ...
10:43:09:687 4820 Raw services enum returned 377 services
10:43:09:703 4820
10:43:09:703 4820 Scanning Kernel memory ...
10:43:09:703 4820 Devices to scan: 5
10:43:09:703 4820
10:43:09:703 4820 Driver Name: Disk
10:43:09:703 4820 IRP_MJ_CREATE : BA0EEBB0
10:43:09:703 4820 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
10:43:09:703 4820 IRP_MJ_CLOSE : BA0EEBB0
10:43:09:703 4820 IRP_MJ_READ : BA0E8D1F
10:43:09:703 4820 IRP_MJ_WRITE : BA0E8D1F
10:43:09:703 4820 IRP_MJ_QUERY_INFORMATION : 804F4562
10:43:09:703 4820 IRP_MJ_SET_INFORMATION : 804F4562
10:43:09:703 4820 IRP_MJ_QUERY_EA : 804F4562
10:43:09:703 4820 IRP_MJ_SET_EA : 804F4562
10:43:09:703 4820 IRP_MJ_FLUSH_BUFFERS : BA0E92E2
10:43:09:703 4820 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
10:43:09:703 4820 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
10:43:09:703 4820 IRP_MJ_DIRECTORY_CONTROL : 804F4562
10:43:09:703 4820 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
10:43:09:703 4820 IRP_MJ_DEVICE_CONTROL : BA0E93BB
10:43:09:703 4820 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
10:43:09:703 4820 IRP_MJ_SHUTDOWN : BA0E92E2
10:43:09:703 4820 IRP_MJ_LOCK_CONTROL : 804F4562
10:43:09:703 4820 IRP_MJ_CLEANUP : 804F4562
10:43:09:703 4820 IRP_MJ_CREATE_MAILSLOT : 804F4562
10:43:09:703 4820 IRP_MJ_QUERY_SECURITY : 804F4562
10:43:09:703 4820 IRP_MJ_SET_SECURITY : 804F4562
10:43:09:703 4820 IRP_MJ_POWER : BA0EAC82
10:43:09:703 4820 IRP_MJ_SYSTEM_CONTROL : BA0EF99E
10:43:09:703 4820 IRP_MJ_DEVICE_CHANGE : 804F4562
10:43:09:703 4820 IRP_MJ_QUERY_QUOTA : 804F4562
10:43:09:703 4820 IRP_MJ_SET_QUOTA : 804F4562
10:43:09:750 4820 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
10:43:09:750 4820
10:43:09:750 4820 Driver Name: Disk
10:43:09:750 4820 IRP_MJ_CREATE : BA0EEBB0
10:43:09:750 4820 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
10:43:09:750 4820 IRP_MJ_CLOSE : BA0EEBB0
10:43:09:750 4820 IRP_MJ_READ : BA0E8D1F
10:43:09:750 4820 IRP_MJ_WRITE : BA0E8D1F
10:43:09:750 4820 IRP_MJ_QUERY_INFORMATION : 804F4562
10:43:09:750 4820 IRP_MJ_SET_INFORMATION : 804F4562
10:43:09:750 4820 IRP_MJ_QUERY_EA : 804F4562
10:43:09:750 4820 IRP_MJ_SET_EA : 804F4562
10:43:09:750 4820 IRP_MJ_FLUSH_BUFFERS : BA0E92E2
10:43:09:750 4820 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
10:43:09:750 4820 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
10:43:09:750 4820 IRP_MJ_DIRECTORY_CONTROL : 804F4562
10:43:09:750 4820 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
10:43:09:750 4820 IRP_MJ_DEVICE_CONTROL : BA0E93BB
10:43:09:750 4820 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
10:43:09:750 4820 IRP_MJ_SHUTDOWN : BA0E92E2
10:43:09:750 4820 IRP_MJ_LOCK_CONTROL : 804F4562
10:43:09:750 4820 IRP_MJ_CLEANUP : 804F4562
10:43:09:750 4820 IRP_MJ_CREATE_MAILSLOT : 804F4562
10:43:09:750 4820 IRP_MJ_QUERY_SECURITY : 804F4562
10:43:09:750 4820 IRP_MJ_SET_SECURITY : 804F4562
10:43:09:750 4820 IRP_MJ_POWER : BA0EAC82
10:43:09:750 4820 IRP_MJ_SYSTEM_CONTROL : BA0EF99E
10:43:09:750 4820 IRP_MJ_DEVICE_CHANGE : 804F4562
10:43:09:750 4820 IRP_MJ_QUERY_QUOTA : 804F4562
10:43:09:750 4820 IRP_MJ_SET_QUOTA : 804F4562
10:43:09:750 4820 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
10:43:09:750 4820
10:43:09:750 4820 Driver Name: viamraid
10:43:09:750 4820 IRP_MJ_CREATE : 8A6E21F8
10:43:09:750 4820 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
10:43:09:750 4820 IRP_MJ_CLOSE : 8A6E21F8
10:43:09:750 4820 IRP_MJ_READ : 804F4562
10:43:09:750 4820 IRP_MJ_WRITE : 804F4562
10:43:09:750 4820 IRP_MJ_QUERY_INFORMATION : 804F4562
10:43:09:750 4820 IRP_MJ_SET_INFORMATION : 804F4562
10:43:09:750 4820 IRP_MJ_QUERY_EA : 804F4562
10:43:09:750 4820 IRP_MJ_SET_EA : 804F4562
10:43:09:750 4820 IRP_MJ_FLUSH_BUFFERS : 804F4562
10:43:09:750 4820 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
10:43:09:750 4820 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
10:43:09:750 4820 IRP_MJ_DIRECTORY_CONTROL : 804F4562
10:43:09:750 4820 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
10:43:09:750 4820 IRP_MJ_DEVICE_CONTROL : 8A6E21F8
10:43:09:750 4820 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A6E21F8
10:43:09:750 4820 IRP_MJ_SHUTDOWN : 804F4562
10:43:09:750 4820 IRP_MJ_LOCK_CONTROL : 804F4562
10:43:09:750 4820 IRP_MJ_CLEANUP : 804F4562
10:43:09:750 4820 IRP_MJ_CREATE_MAILSLOT : 804F4562
10:43:09:750 4820 IRP_MJ_QUERY_SECURITY : 804F4562
10:43:09:750 4820 IRP_MJ_SET_SECURITY : 804F4562
10:43:09:750 4820 IRP_MJ_POWER : 8A6E21F8
10:43:09:750 4820 IRP_MJ_SYSTEM_CONTROL : 8A6E21F8
10:43:09:750 4820 IRP_MJ_DEVICE_CHANGE : 804F4562
10:43:09:750 4820 IRP_MJ_QUERY_QUOTA : 804F4562
10:43:09:750 4820 IRP_MJ_SET_QUOTA : 804F4562
10:43:09:765 4820 C:\WINDOWS\system32\DRIVERS\viamraid.sys - Verdict: 1
10:43:09:765 4820
10:43:09:765 4820 Driver Name: atapi
10:43:09:765 4820 IRP_MJ_CREATE : B9DFEB40
10:43:09:765 4820 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
10:43:09:765 4820 IRP_MJ_CLOSE : B9DFEB40
10:43:09:765 4820 IRP_MJ_READ : 804F4562
10:43:09:765 4820 IRP_MJ_WRITE : 804F4562
10:43:09:765 4820 IRP_MJ_QUERY_INFORMATION : 804F4562
10:43:09:765 4820 IRP_MJ_SET_INFORMATION : 804F4562
10:43:09:765 4820 IRP_MJ_QUERY_EA : 804F4562
10:43:09:765 4820 IRP_MJ_SET_EA : 804F4562
10:43:09:765 4820 IRP_MJ_FLUSH_BUFFERS : 804F4562
10:43:09:765 4820 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
10:43:09:765 4820 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
10:43:09:765 4820 IRP_MJ_DIRECTORY_CONTROL : 804F4562
10:43:09:765 4820 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
10:43:09:765 4820 IRP_MJ_DEVICE_CONTROL : B9DFEB40
10:43:09:765 4820 IRP_MJ_INTERNAL_DEVICE_CONTROL : B9DFEB40
10:43:09:765 4820 IRP_MJ_SHUTDOWN : 804F4562
10:43:09:765 4820 IRP_MJ_LOCK_CONTROL : 804F4562
10:43:09:765 4820 IRP_MJ_CLEANUP : 804F4562
10:43:09:765 4820 IRP_MJ_CREATE_MAILSLOT : 804F4562
10:43:09:765 4820 IRP_MJ_QUERY_SECURITY : 804F4562
10:43:09:765 4820 IRP_MJ_SET_SECURITY : 804F4562
10:43:09:765 4820 IRP_MJ_POWER : B9DFEB40
10:43:09:765 4820 IRP_MJ_SYSTEM_CONTROL : B9DFEB40
10:43:09:765 4820 IRP_MJ_DEVICE_CHANGE : 804F4562
10:43:09:765 4820 IRP_MJ_QUERY_QUOTA : 804F4562
10:43:09:765 4820 IRP_MJ_SET_QUOTA : 804F4562
10:43:09:781 4820 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
10:43:09:781 4820
10:43:09:781 4820 Driver Name: atapi
10:43:09:781 4820 IRP_MJ_CREATE : B9DFEB40
10:43:09:781 4820 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
10:43:09:781 4820 IRP_MJ_CLOSE : B9DFEB40
10:43:09:781 4820 IRP_MJ_READ : 804F4562
10:43:09:781 4820 IRP_MJ_WRITE : 804F4562
10:43:09:781 4820 IRP_MJ_QUERY_INFORMATION : 804F4562
10:43:09:781 4820 IRP_MJ_SET_INFORMATION : 804F4562
10:43:09:781 4820 IRP_MJ_QUERY_EA : 804F4562
10:43:09:781 4820 IRP_MJ_SET_EA : 804F4562
10:43:09:781 4820 IRP_MJ_FLUSH_BUFFERS : 804F4562
10:43:09:781 4820 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
10:43:09:781 4820 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
10:43:09:781 4820 IRP_MJ_DIRECTORY_CONTROL : 804F4562
10:43:09:781 4820 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
10:43:09:781 4820 IRP_MJ_DEVICE_CONTROL : B9DFEB40
10:43:09:781 4820 IRP_MJ_INTERNAL_DEVICE_CONTROL : B9DFEB40
10:43:09:781 4820 IRP_MJ_SHUTDOWN : 804F4562
10:43:09:781 4820 IRP_MJ_LOCK_CONTROL : 804F4562
10:43:09:781 4820 IRP_MJ_CLEANUP : 804F4562
10:43:09:781 4820 IRP_MJ_CREATE_MAILSLOT : 804F4562
10:43:09:781 4820 IRP_MJ_QUERY_SECURITY : 804F4562
10:43:09:781 4820 IRP_MJ_SET_SECURITY : 804F4562
10:43:09:781 4820 IRP_MJ_POWER : B9DFEB40
10:43:09:781 4820 IRP_MJ_SYSTEM_CONTROL : B9DFEB40
10:43:09:781 4820 IRP_MJ_DEVICE_CHANGE : 804F4562
10:43:09:781 4820 IRP_MJ_QUERY_QUOTA : 804F4562
10:43:09:781 4820 IRP_MJ_SET_QUOTA : 804F4562
10:43:09:796 4820 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
10:43:09:796 4820
10:43:09:796 4820 Completed
10:43:09:796 4820
10:43:09:796 4820 Results:
10:43:09:796 4820 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
10:43:09:796 4820 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
10:43:09:796 4820 File objects infected / cured / cured on reboot: 0 / 0 / 0
10:43:09:796 4820
10:43:09:796 4820 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
10:43:09:796 4820 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
10:43:09:796 4820 KLMD(ARK) unloaded successfully

Hi,

sieht gut aus...

chris

Puuuuh- wenn du wüsstest wie diese Worte runter gehen! Prima, fühle mich jetzt wieder etwas besser, toll dass es Leute wie dich gibt!

Ganz großes Danke an dich, Kompliment an die gesamte Community- echt großer Sport hier!

Gruß