Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   ebay Account missbraucht, Quelle unbekannt. (https://www.trojaner-board.de/84369-ebay-account-missbraucht-quelle-unbekannt.html)

Marco90 31.03.2010 19:15
ebay Account missbraucht, Quelle unbekannt.
 
Ich hab heute festgestellt, dass gestern über meinen ebay-Account ein Artikel ersteigert wurde. ebay ist benachrichtigt, ebenso wie der Verkäufer.
Passwort wurde sofort geändert.

Natürlich mache ich mir jetzt sorgen und versuche irgendwie an den Mittler zwischen mir und dem Hacker zu kommen. Eine Datei oder ähnliches.

Ich hab erstmal MB Anti-Malware durchlaufen lassen.
Code:
Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2775
Windows 5.1.2600 Service Pack 3

31.03.2010 20:10:04
mbam-log-2010-03-31 (20-10-04).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|F:\|)
Durchsuchte Objekte: 440705
Laufzeit: 1 hour(s), 20 minute(s), 39 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
HijackThis wird folgen.

Marco90 31.03.2010 19:20
Hier das HijackThis Logfile

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:17:53, on 31.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\Logitech\Gaming Software\LWEMon.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
F:\itunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Vtune\TBPanel.exe
F:\Rainlendar2\Rainlendar2.exe
F:\Nettalk6\Nettalk.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Application Updater\ApplicationUpdater.exe
C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Bonjour\mDNSResponder.exe
F:\hamachi\hamachi-2.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Java\jre6\bin\jucheck.exe
C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Dokumente und Einstellungen\marco\Desktop\Darkfix.exe
F:\Steam\Steam.exe
F:\Trillian\trillian.exe
F:\Winamp\winamp.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://p.yigao.com/servlet/clickHandler?uid=21362&zid=83876&zsid=e8522095003e2976ae6f90b0ff5ca27a&atid=100000&cid=28809&at=2&aid=14782&cyid=20091109_3&ct=2&bt=1&sid=c0d73700cae2dedf0b391766f942fd34&url=http%3A%2F%2Fp.yiqifa.com%2Fc%3Fs%3Daded5f32%26w%3D72244%26c%3D4264%26i%3D4562%26l%3D0%26e%3Dyigao_%7B0%7D%26t%3Dhttp%3A%2F%2Fhome.3gm.com.cn%2Fdo.php%3Fac%3Dfswd&referUrl=http%3A%2F%2F116.76.255.122%2Ftvantsad%2Fyiqifa2.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TBPanel] C:\Programme\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [Rainlendar2] F:\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Nettalk.lnk = F:\Nettalk6\Nettalk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programme\Application Updater\ApplicationUpdater.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - F:\hamachi\hamachi-2.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10762 bytes

P.S: Ich hab von ebay schon eine Mail gekriegt, dass ich den Artikel nicht zahlen muss!

StLB 31.03.2010 19:43
Hallo,

typisch hierfür wäre ein sog. Keylogger, der sämtliches Geschriebenes mitliest.

Zitat:
Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2775
Windows 5.1.2600 Service Pack 3
Das bringt nichts - aktuell wäre Version 1.45, DB-Version: 3933 (oder höher).
Am besten deinstallieren, Malwarebytes neuinstallieren - auf aktuelle Datenbank-Version achten - und einen erneuten Vollscan machen. :)
Mache bitte noch zusätzlich einen Systemscan mit RSIT und poste die Logfiles hier.

Ich würde auf jeden Fall mal alle Passwörter von einem sauberen Rechner aus ändern (E-Mail, ev. Online-Banking, etc.).

Marco90 31.03.2010 21:13
Hier das neue Anti-Malware Log

Code:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3938

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31.03.2010 22:09:47
mbam-log-2010-03-31 (22-09-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 423463
Laufzeit: 1 Stunde(n), 20 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\marco\Eigene Dateien\Downloads\CryptLoad_1.1.8\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Temp\data\venmix.exe (Trojan.Wreckit) -> Not selected for removal.
Anmerkung: Die erste Datei ist 100pro nur eine BAT-Datei die ich damals als reconnecter für meinen Router hatte.
Die zweite Dateil ist der bekannte Ventrilomix. Also eigentlich nichts besonderes...
Da ich die erste Datei auf jedenfall nicht mehr brauche hab ich die mal deleted.

Das angekündigte RSIT Logfile
Code:
Logfile of random's system information tool 1.06 (written by random/random)
Run by marco at 2010-03-31 22:13:34
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (16%) free of 50 GB
Total RAM: 3326 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:43, on 31.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\Logitech\Gaming Software\LWEMon.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
F:\itunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Vtune\TBPanel.exe
F:\Rainlendar2\Rainlendar2.exe
F:\Nettalk6\Nettalk.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Application Updater\ApplicationUpdater.exe
C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Bonjour\mDNSResponder.exe
F:\hamachi\hamachi-2.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Java\jre6\bin\jucheck.exe
C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe
F:\Steam\Steam.exe
F:\Trillian\trillian.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\marco\Eigene Dateien\Downloads\RSIT.exe
C:\Programme\Trend Micro\HijackThis\marco.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://p.yigao.com/servlet/clickHandler?uid=21362&zid=83876&zsid=e8522095003e2976ae6f90b0ff5ca27a&atid=100000&cid=28809&at=2&aid=14782&cyid=20091109_3&ct=2&bt=1&sid=c0d73700cae2dedf0b391766f942fd34&url=http%3A%2F%2Fp.yiqifa.com%2Fc%3Fs%3Daded5f32%26w%3D72244%26c%3D4264%26i%3D4562%26l%3D0%26e%3Dyigao_%7B0%7D%26t%3Dhttp%3A%2F%2Fhome.3gm.com.cn%2Fdo.php%3Fac%3Dfswd&referUrl=http%3A%2F%2F116.76.255.122%2Ftvantsad%2Fyiqifa2.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TBPanel] C:\Programme\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [Rainlendar2] F:\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Nettalk.lnk = F:\Nettalk6\Nettalk.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Nettalk.lnk = F:\Nettalk6\Nettalk.exe (User 'Default user')
O4 - Startup: Nettalk.lnk = F:\Nettalk6\Nettalk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programme\Application Updater\ApplicationUpdater.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - F:\hamachi\hamachi-2.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10907 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Internet Security Online - Systemprüfung ausführen - marco.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [2007-08-25 316784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\GEMEIN~1\SYMANT~1\IDS\IPSBHO.dll [2009-10-30 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Programme\Ask.com\GenericAskToolbar.dll [2010-01-20 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Programme\pdfforge Toolbar\SearchSettings.dll [2010-01-08 1109504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton-Symbolleiste anzeigen - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 316784]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Programme\Ask.com\GenericAskToolbar.dll [2010-01-20 1197448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
"ccApp"=C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck"=C:\Programme\Norton Internet Security\osCheck.exe [2007-08-25 714608]
"CTDVDDET"=C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]
"CTSysVol"=C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe [2005-02-15 57344]
"AudioDrvEmulator"=C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe [2005-06-16 49152]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2005-06-18 16384]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"AVMWlanClient"=C:\Programme\avmwlanstick\wlangui.exe [2008-09-05 1794048]
"Start WingMan Profiler"=C:\Programme\Logitech\Gaming Software\LWEMon.exe [2009-09-16 153608]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"HP Component Manager"=C:\Programme\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]
"HP Software Update"=C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-02-18 49152]
"Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-12-08 18789920]
"SearchSettings"=C:\Programme\pdfforge Toolbar\SearchSettings.exe [2010-01-08 974848]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-11-11 417792]
"iTunesHelper"=F:\itunes\iTunesHelper.exe [2010-02-15 141608]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-30 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"TBPanel"=C:\Programme\Vtune\TBPanel.exe [2009-05-12 2158592]
"AdobeBridge"= []
"Rainlendar2"=F:\Rainlendar2\Rainlendar2.exe [2009-08-22 5148672]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE

C:\Dokumente und Einstellungen\marco\Startmenü\Programme\Autostart
Nettalk.lnk - F:\Nettalk6\Nettalk.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\Football2009\fm.exe"="F:\Football2009\fm.exe:*:Enabled:Football Manager 2010 Demo"
"F:\Footman10\fm.exe"="F:\Footman10\fm.exe:*:Enabled:Football Manager 2010"
"F:\Steam\Steam.exe"="F:\Steam\Steam.exe:*:Enabled:Steam"
"F:\League of Legends\Air\LolClient.exe"="F:\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby"
"F:\League of Legends\Game\League of Legends.exe"="F:\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"F:\Dirt2\dirt2.exe"="F:\Dirt2\dirt2.exe:*:Enabled:DiRT2 Demo"
"F:\Dirt 2\dirt2_game.exe"="F:\Dirt 2\dirt2_game.exe:*:Enabled:DiRT2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"F:\LimeWire\LimeWire.exe"="F:\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"F:\bioshock2\SP\Builds\Binaries\Bioshock2.exe"="F:\bioshock2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2"
"F:\bioshock2\MP\Builds\Binaries\Bioshock2.exe"="F:\bioshock2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\itunes\iTunes.exe"="F:\itunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\Ventrilo\Ventrilo.exe"="C:\Programme\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"F:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe"="F:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-03-31 20:49:30 ----D---- C:\rsit
2010-03-31 20:45:05 ----A---- C:\mbam-error.txt
2010-03-31 20:14:54 ----D---- C:\WINDOWS\LastGood
2010-03-31 15:09:20 ----A---- C:\WINDOWS\system32\SET150.tmp
2010-03-31 15:09:19 ----A---- C:\WINDOWS\system32\SET154.tmp
2010-03-31 15:09:19 ----A---- C:\WINDOWS\system32\SET14F.tmp
2010-03-31 15:09:19 ----A---- C:\WINDOWS\system32\SET14C.tmp
2010-03-31 15:09:19 ----A---- C:\WINDOWS\system32\SET14B.tmp
2010-03-31 15:09:18 ----A---- C:\WINDOWS\system32\SET151.tmp
2010-03-19 19:49:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVU Networks
2010-03-19 19:48:04 ----D---- C:\WINDOWS\system32\TVUAx
2010-03-18 22:48:31 ----A---- C:\WINDOWS\IsUn0407.exe
2010-03-17 11:13:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
2010-03-15 02:27:07 ----D---- C:\Programme\Ventrilo
2010-03-15 02:27:03 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2010-03-14 18:32:20 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Ubisoft
2010-03-14 02:27:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-13 19:22:26 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-04 21:38:38 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Apple Computer
2010-03-04 21:38:29 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2010-03-04 21:37:52 ----D---- C:\Programme\iPod
2010-03-04 21:37:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-04 21:36:59 ----D---- C:\Programme\QuickTime
2010-03-04 21:36:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2010-03-04 21:36:49 ----D---- C:\Programme\Apple Software Update
2010-03-04 21:36:40 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2010-03-04 21:36:13 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2010-03-04 21:36:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2010-03-04 21:27:37 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-03-04 21:27:36 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-03-02 12:30:31 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\HLSW
2010-03-01 22:28:26 ----A---- C:\WINDOWS\system32\prospeed_bmp2jpg.dll
2010-03-01 22:07:38 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\MMJ_BABYBOX

======List of files/folders modified in the last 1 months======

2010-03-31 22:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974455_1$
2010-03-31 22:10:12 ----D---- C:\WINDOWS\system32\drivers
2010-03-31 21:45:10 ----D---- C:\Programme\Mozilla Firefox
2010-03-31 21:28:02 ----D---- C:\Programme\Mozilla Thunderbird
2010-03-31 20:49:35 ----D---- C:\WINDOWS\Prefetch
2010-03-31 20:49:33 ----D---- C:\WINDOWS\Temp
2010-03-31 20:49:32 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared
2010-03-31 20:45:04 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-03-31 20:15:40 ----HD---- C:\WINDOWS\inf
2010-03-31 20:15:39 ----D---- C:\WINDOWS
2010-03-31 20:15:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-31 20:15:34 ----D---- C:\WINDOWS\system32
2010-03-31 20:15:34 ----D---- C:\Programme\Internet Explorer
2010-03-31 20:14:55 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-31 15:07:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-30 20:42:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-30 20:42:43 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Nettalk
2010-03-30 20:42:42 ----A---- C:\WINDOWS\{00000003-00000000-00000007-00001102-00000008-10211102}.BAK
2010-03-28 19:07:11 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\teamspeak2
2010-03-26 18:52:39 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2010-03-26 18:46:02 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-24 23:14:39 ----D---- C:\Programme\FTP Commander
2010-03-24 23:13:33 ----SD---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Microsoft
2010-03-23 16:03:52 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-23 15:56:00 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2010-03-23 09:23:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2010-03-19 02:06:51 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Adobe
2010-03-18 17:32:34 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\LimeWire
2010-03-18 13:04:07 ----D---- C:\WINDOWS\Minidump
2010-03-17 12:25:42 ----RD---- C:\Programme
2010-03-17 12:24:35 ----HD---- C:\Programme\InstallShield Installation Information
2010-03-17 04:04:54 ----SHD---- C:\WINDOWS\Installer
2010-03-17 04:04:54 ----D---- C:\WINDOWS\WinSxS
2010-03-17 04:03:28 ----RSD---- C:\WINDOWS\assembly
2010-03-17 04:03:07 ----D---- C:\WINDOWS\system32\DirectX
2010-03-17 02:57:37 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mumble
2010-03-15 02:26:56 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2010-03-14 02:27:16 ----A---- C:\WINDOWS\imsins.BAK
2010-03-14 02:27:10 ----D---- C:\Programme\Movie Maker
2010-03-05 21:21:51 ----A---- C:\WINDOWS\PROFED32.INI
2010-03-05 19:55:03 ----D---- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\XLEHRBUCH
2010-03-04 21:38:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-04 21:37:33 ----D---- C:\Programme\Bonjour
2010-03-04 21:36:13 ----D---- C:\Programme\Gemeinsame Dateien
2010-03-02 07:30:12 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys []
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-12-01 279088]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-12-01 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-02-19 184496]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-06-18 501760]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-06-18 438784]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-06-18 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-06-18 142336]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-06-18 77824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 fwlanusbn;FRITZ!WLAN N; C:\WINDOWS\system32\DRIVERS\fwlanusbn.sys [2008-09-05 419328]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2005-06-18 751104]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2005-06-18 178688]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-12-08 6017568]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20100330.048\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20100330.048\NAVEX15.SYS []
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-03 8087712]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-06-18 114688]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-31 47360]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2009-02-19 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2009-02-19 96560]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2009-02-19 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\ipsdefs\20100320.001\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-19 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2009-02-19 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-02-19 22320]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2009-09-11 22792]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2009-09-11 35592]
R3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2009-09-11 31752]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2009-09-11 14984]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2009-09-11 66056]
S3 ai4nwwsx;ai4nwwsx; C:\WINDOWS\system32\drivers\ai4nwwsx.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 avmeject;AVM Eject; C:\WINDOWS\system32\drivers\avmeject.sys [2008-09-05 4352]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-06-07 340176]
S3 dxdiag.sys;dxdiag.sys; \??\C:\DOKUME~1\marco\LOKALE~1\Temp\dxdiag.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2005-06-18 153088]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-12-01 317616]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-19 31280]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Application Updater;Application Updater; C:\Programme\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 Automatic LiveUpdate Scheduler;Automatisches LiveUpdate - Scheduler; C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-31 243064]
R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Programme\avmwlanstick\WlanNetService.exe [2008-09-05 364544]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; F:\hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-01-26 75064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-10-11 38912]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2010-02-15 545576]
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2009-10-30 1251720]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 comHost;COM Host; C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-17 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
P.S: Es ist nicht 100pro sicher, ob mein Rechner infiziert ist da mein Vater über den Laptop auch aufs Internet zugreifen kann.

StLB 31.03.2010 21:50
Also ein Keylogger ist da definitiv nicht drauf.
Die Logs sind - bis auf unnütze IE-Toolbars - sauber.
Um wirklich sicherzugehen, bitte noch einen Rootkitscan mit GMER durchführen.

Evtl. hat jemand Dein eBay Passwort durch Ausprobieren geknackt.
Hattest Du ein Passwort ala "passwort" oder ala "$passwd146"?

Marco90 17.04.2010 15:24
Ein neuer Vorfall, diesmal wurde mein svz account missbraucht und folgende Nachricht geschrieben.

Zitat:
Hier meine Zugangsdaten, heute ist echt so ein geiler Tag!!!

Amateurpornos - Amateure haben Amateursex - my-dirty-hobby.com User: Maradonna90 PW: zocken
Cams – Live Cams, Erotik-Webcams & Erotikchat-Shows User: muhQ23 PW: L9QDK
Tatsächlich hab ich vor Jahren mal die Accounts bei den Seiten angelegt und die Daten stimmen auch noch. Sprich da war keiner dran der ein bissl rumprobiert hat.

Da die Nachrichten ein wenig in der Punktierung variieren kann es also kein Bot etc sein. Zum Glück loggt svz auch die IP.

/EDIT:
Per "IP Address Lookup" habe ich sogar weiter Infos finden können.

Zitat:
Host name e181204160.adsl.alicedsl.de
Country Germany Germany
Country Code DE
Region Hessen
City Bad Homburg
Latitude 50.2167
Longitude 8.6167


Der komplette Link zum whois -> hxxp://ip-address-lookup-v4.com/lookup.php?ip=85.181.204.160
Die IP lautet 85.181.204.160.

Sollte ich vllt rechtliche Schritte einleiten?

StLB 17.04.2010 20:11
Hm...

Bitte folgendes durchführen:

1.) Vollständiger Scan mit Malwarebytes Anti-Malware (zuvor Datenbank aktualisieren!)

2.) Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

3.) Rootkitscan mit GMER


Hat außer dir noch jemand anderer Zugriff auf deinen Rechner?
Ändere am besten von einem sauberen Rechner aus alle deine Zugangsdaten. (E-Mail, eBay, StudiVZ, etc.)
Betreibe von deinem "Keylogger-Rechner" keine oben genannten Aktivitäten mehr.

Marco90 18.04.2010 10:54
Ich haben eben vor dem Scan von Malwarebytes nach dem Datenbankupdate mal die Reiter durchgeschaut und gesehen, dass bei Quarantäne zwei Keylogger registriert wurden. Der eine war datiert mit dem 29.11.2009 *schock*
Hab direkt alles entfernt und bin jetzt dabei den Scan durchlaufen zu lassen.
So far...

Marco90 18.04.2010 12:00
Malwarebytes Log
Code:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4003

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18.04.2010 12:59:07
mbam-log-2010-04-18 (12-59-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 422161
Laufzeit: 1 Stunde(n), 21 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\marco\Eigene Dateien\Downloads\CryptLoad_1.1.8\ocr\filer.net\ocr_by_spider_b\Version4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Temp\data\venmix.exe (Trojan.Wreckit) -> Quarantined and deleted successfully.
OTL-Log
Code:
OTL logfile created on: 18.04.2010 13:14:53 - Run 1
OTL by OldTimer - Version 3.2.1.2    Folder = C:\Dokumente und Einstellungen\marco\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 18,76 Gb Free Space | 38,42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 146,48 Gb Total Space | 90,32 Gb Free Space | 61,66% Space Free | Partition Type: NTFS
Drive F: | 270,44 Gb Total Space | 179,08 Gb Free Space | 66,22% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARCO-ED193E38F
Current User Name: marco
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - F:\hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - F:\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Programme\Vtune\TBPANEL.exe ()
PRC - F:\Nettalk6\Nettalk.exe (Nicolas Kruse)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
PRC - C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Company)
PRC - C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Symantec Core LC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (Hamachi2Svc) -- F:\hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (LiveUpdate Notice) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (comHost) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20100417.020\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20100417.020\NAVENG.SYS (Symantec Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SYMIDSCO) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SymcData\ipsdefs\20100415.001\SymIDSCo.sys (Symantec Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (fwlanusbn) -- C:\WINDOWS\system32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys (Symantec Corporation)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (TBPanel) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (Cardex) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: firefoxstats@matthew.hambly:1.2.2n
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks_remote_dns: true
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.02 00:20:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.12 15:56:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.17 20:51:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.04.12 15:56:20 | 000,000,000 | ---D | M]
 
[2009.12.22 17:28:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Extensions
[2009.12.22 17:28:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org
[2010.04.17 16:07:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions
[2009.11.02 21:10:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.05 16:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2009.10.30 21:52:33 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010.01.04 21:27:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\battlefieldheroespatcher@ea.com
[2010.03.19 19:49:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\firefox@tvunetworks.com
[2009.12.19 19:47:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\firefoxstats@matthew.hambly
[2010.02.18 23:22:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\toolbar@ask.com
[2010.04.17 16:07:36 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.08.24 21:25:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 21:25:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.24 21:25:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.08.24 21:25:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.24 21:25:19 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.11.17 10:14:14 | 000,000,853 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1                                activate.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Gemeinsame Dateien\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [osCheck] C:\Programme\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Rainlendar2] F:\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [TBPanel] C:\Programme\Vtune\TBPanel.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\marco\Startmenü\Programme\Autostart\Nettalk.lnk = F:\Nettalk6\Nettalk.exe (Nicolas Kruse)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.30 19:20:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.11.14 21:00:43 | 000,000,000 | ---D | M] - F:\Autoupdate -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.04.18 13:12:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\LogMeIn Hamachi
[2010.04.18 11:25:25 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe
[2010.04.12 15:55:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.04.10 18:44:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
[2010.03.31 20:49:30 | 000,000,000 | ---D | C] -- C:\rsit
[2010.03.24 23:01:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\tril
[2010.03.19 21:36:22 | 000,004,352 | R--- | C] (AVM Berlin) -- C:\WINDOWS\System32\drivers\avmeject.sys
[2010.03.19 21:36:15 | 000,077,824 | R--- | C] (AVM Berlin) -- C:\WINDOWS\System32\fwusbnci.org
[2010.03.19 19:49:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\TVU Networks
[2010.03.19 19:49:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVU Networks
[2010.03.19 19:49:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\LocalLow
[2010.03.19 19:48:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\TVUAx
[2010.03.19 13:47:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\.rainlendar2
[2010.01.02 18:05:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2009.12.31 16:06:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.sys
[2009.11.08 18:59:25 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2009.10.30 19:22:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2009.10.30 19:20:33 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2005.06.18 08:04:56 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.04.18 13:12:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.18 13:10:37 | 004,959,414 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000007-00001102-00000008-10211102}.CDF
[2010.04.18 13:09:51 | 000,235,380 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.04.18 13:09:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.18 13:09:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.18 13:08:15 | 000,030,432 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx
[2010.04.18 13:08:15 | 000,030,432 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx
[2010.04.18 13:08:15 | 000,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx
[2010.04.18 13:08:15 | 000,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx
[2010.04.18 13:08:15 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx
[2010.04.18 13:08:15 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.04.18 13:08:15 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.04.18 13:07:59 | 009,175,040 | -H-- | M] () -- C:\Dokumente und Einstellungen\marco\NTUSER.DAT
[2010.04.18 13:07:59 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\marco\ntuser.ini
[2010.04.18 13:07:52 | 004,959,414 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000007-00001102-00000008-10211102}.BAK
[2010.04.18 13:01:02 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.04.18 12:39:50 | 000,024,576 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\Rationalismus.doc
[2010.04.18 11:25:26 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe
[2010.04.18 00:47:33 | 002,115,480 | -H-- | M] () -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.04.17 22:22:01 | 000,050,688 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.17 21:56:02 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.15 19:32:23 | 000,027,136 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\3.doc
[2010.04.14 21:35:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.04.14 10:58:34 | 262,971,603 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\House&Electro - Q1.mp3
[2010.04.14 09:06:06 | 000,034,481 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\House&Electro XI -Dezember 2009.mp3
[2010.04.12 20:07:55 | 000,000,672 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security Online - Systemprüfung ausführen - marco.job
[2010.04.12 15:57:10 | 000,001,716 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.04.11 20:46:49 | 000,005,052 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\q1.m3u
[2010.04.11 02:39:48 | 000,000,715 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Allods Online.lnk
[2010.04.06 21:28:21 | 000,030,208 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\GMK0704.doc
[2010.04.04 00:20:05 | 000,002,027 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steam.lnk
[2010.04.03 16:55:55 | 000,000,417 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Desktop\Play PKR.lnk
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.24 23:13:01 | 000,835,584 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\gandhi.ppt
[2010.03.24 22:46:14 | 000,035,840 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\mahatma.doc
[2010.03.19 18:05:50 | 004,874,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll
[2010.03.19 13:47:11 | 000,000,555 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Rainlendar2.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.04.18 12:26:49 | 000,024,576 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\Rationalismus.doc
[2010.04.15 19:32:23 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\3.doc
[2010.04.14 09:07:00 | 262,971,603 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\House&Electro - Q1.mp3
[2010.04.14 09:06:05 | 000,034,481 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\House&Electro XI -Dezember 2009.mp3
[2010.04.12 15:56:20 | 000,001,716 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.04.11 02:39:47 | 000,000,715 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Allods Online.lnk
[2010.04.06 20:18:57 | 000,030,208 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\GMK0704.doc
[2010.04.03 16:55:55 | 000,000,417 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Desktop\Play PKR.lnk
[2010.04.02 20:35:58 | 000,005,052 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\q1.m3u
[2010.03.24 23:13:01 | 000,835,584 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\gandhi.ppt
[2010.03.21 23:00:19 | 000,035,840 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\mahatma.doc
[2010.03.19 13:47:11 | 000,000,555 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Rainlendar2.lnk
[2010.03.16 21:05:32 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\chrtmp
[2010.03.15 02:27:03 | 000,000,258 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.03.01 22:28:26 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\prospeed_bmp2jpg.dll
[2010.02.27 02:35:09 | 000,510,888 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.02.22 20:19:14 | 000,000,177 | ---- | C] () -- C:\WINDOWS\ROCSETUP.INI
[2010.02.21 22:29:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\PROFED32.INI
[2010.02.02 16:18:17 | 000,010,650 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\hs_err_pid664.log
[2010.02.02 16:15:07 | 000,010,650 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\hs_err_pid3696.log
[2010.02.02 16:03:42 | 000,010,708 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\hs_err_pid3040.log
[2010.01.04 21:38:45 | 000,138,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.01.04 21:38:45 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\PnkBstrK.sys
[2009.12.31 16:07:22 | 000,001,041 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\vso_ts_preview.xml
[2009.12.31 16:06:21 | 000,000,034 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.log
[2009.12.31 16:06:12 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\inst.exe
[2009.12.31 16:06:12 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.cat
[2009.12.31 16:06:12 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.inf
[2009.12.28 18:31:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.11.07 17:28:53 | 000,010,794 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.11.05 20:24:39 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.11.01 03:46:02 | 000,050,688 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.31 22:33:21 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.10.30 22:27:04 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.10.30 21:10:16 | 000,046,593 | R--- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2009.10.30 21:10:16 | 000,000,193 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009.10.30 20:23:36 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.10.30 20:23:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.10.30 19:25:12 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\marco\ntuser.dat.LOG
[2009.10.30 19:25:12 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\marco\ntuser.ini
[2009.10.30 19:25:11 | 009,175,040 | -H-- | C] () -- C:\Dokumente und Einstellungen\marco\NTUSER.DAT
[2009.06.10 09:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.06.10 09:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.06.10 09:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.06.10 09:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005.07.11 06:44:12 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005.06.07 15:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2003.03.21 11:56:12 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:888AFB86
< End of report >
Hier noch das Log welche als extra.txt angezeigt wurde.
Code:
OTL Extras logfile created on: 18.04.2010 13:14:53 - Run 1
OTL by OldTimer - Version 3.2.1.2    Folder = C:\Dokumente und Einstellungen\marco\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 18,76 Gb Free Space | 38,42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 146,48 Gb Total Space | 90,32 Gb Free Space | 61,66% Space Free | Partition Type: NTFS
Drive F: | 270,44 Gb Total Space | 179,08 Gb Free Space | 66,22% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARCO-ED193E38F
Current User Name: marco
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "F:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "F:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "F:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Football2009\fm.exe" = F:\Football2009\fm.exe:*:Enabled:Football Manager 2010 Demo -- (Sports Interactive)
"F:\Footman10\fm.exe" = F:\Footman10\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"F:\Steam\Steam.exe" = F:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"F:\League of Legends\Air\LolClient.exe" = F:\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"F:\League of Legends\Game\League of Legends.exe" = F:\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"F:\Dirt2\dirt2.exe" = F:\Dirt2\dirt2.exe:*:Enabled:DiRT2 Demo -- (Codemasters)
"F:\Dirt 2\dirt2_game.exe" = F:\Dirt 2\dirt2_game.exe:*:Enabled:DiRT2 -- (Codemasters)
"F:\LimeWire\LimeWire.exe" = F:\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"F:\bioshock2\SP\Builds\Binaries\Bioshock2.exe" = F:\bioshock2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 -- (Take-Two Interactive Software)
"F:\bioshock2\MP\Builds\Binaries\Bioshock2.exe" = F:\bioshock2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer -- (2K Games)
"F:\itunes\iTunes.exe" = F:\itunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Ventrilo\Ventrilo.exe" = C:\Programme\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- File not found
"F:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe" = F:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta -- ()
"F:\Allods\Allods Online\bin\Launcher.exe" = F:\Allods\Allods Online\bin\Launcher.exe:*:Enabled:Allods Online launcher.exe -- (© 2008 - 2009 Astrum Nival, LLC)
"F:\Allods\Allods Online\bin\AOgame.exe" = F:\Allods\Allods Online\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe -- (© 2008 - 2009 Astrum Nival, LLC)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22C29E59-2EF5-4B64-9B7F-9F7A69BC7D1A}" = FMRTE
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{626C32A3-0F0F-41B3-9F53-75E16B2D8925}" = SymNet
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8610FF9A-8FEE-4509-ADCD-AF68157B562A}" = Symantec Real Time Storage Protection Component
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AD6CB8-DE96-43FA-9B73-5FB873DD1CAE}" = Sound Blaster Audigy 4
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AE04B8FC-4CD9-4A94-BE8F-C2434470FB11}" = DiRT2 Demo
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E5}" = Need for Speed™ SHIFT Demo
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BF0BC679-A503-43AF-9104-E8842999955E}_is1" = CTDP's ChampionShipManager NX 2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0C85A83-296E-4813-86A6-DA8DA6A92D6D}" = Left 4 Dead 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB75FFBB-67AA-4AF5-840C-B60D76720AC1}" = MoTeC i2 Pro
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1" = Mass Effect 2
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.313
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF481D3E-FF15-4EE7-B36B-53C9E4021E8B}" = TMPGEnc 4.0 XPress Testversion
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"AMIP" = AMIP (remove only)
"Ashampoo ClipFinder HD_is1" = Ashampoo ClipFinder HD 2.02
"Ashampoo ClipFinder_is1" = Ashampoo ClipFinder 1.55
"AstrumNival Allods" = Allods Online 1.0.05.41
"Audacity_is1" = Audacity 1.2.6
"AudioConverter Studio_is1" = AudioConverter Studio 6.0
"AVMWLANCLI" = AVM FRITZ!WLAN
"CamStudio" = CamStudio
"cdrtools Frontend_is1" = cdrtfe 1.3.6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESL Wire_is1" = ESL Wire 1.3
"F1 DLM 2009 Trackpack" = F1 DLM 2009 Trackpack
"F1 Official Team Manager" = F1 Official Team Manager
"Football Manager 2010" = Football Manager 2010
"Football Manager 2010 Demo" = Football Manager 2010 Demo
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FTP Commander" = FTP Commander
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.2.1
"ie8" = Windows Internet Explorer 8
"IsoBuster_is1" = IsoBuster 2.7
"League of Legends_is1" = League of Legends
"LimeWire" = LimeWire 5.4.6
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MMJ-Quellcodesammlung_is1" = MMJ-Quellcodesammlung
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Mumble" = Mumble and Murmur
"Need For Speed SHIFT_is1" = Need For Speed SHIFT
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Nettalk_is1" = Nettalk 6.6
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PKR" = PKR
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"PunkBusterSvc" = PunkBuster Services
"Rainlendar2" = Rainlendar2 (remove only)
"Real-Time Racing_is1" = Real-Time Racing
"rF Tv Style_is1" = Tv Style Beta 0.9
"rFactor" = rFactor (remove only)
"Runic Games Torchlight" = Torchlight
"SopCast" = SopCast 3.2.4
"Steam App 10" = Counter-Strike
"Steam App 33310" = R.U.S.E. Beta
"Steam App 8600" = RACE 07
"Steam App 8640" = RACE On
"Steam App 8760" = RACE On - DEMO
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security Online (Symantec Corporation)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Total Video Converter 3.21_is1" = Total Video Converter 3.21 090220
"Trillian" = Trillian
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VentriloMIX" = VentriloMIX
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Vtune_is1" = Vtune 7.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"wxPython2.8-unicode-py26_is1" = wxPython 2.8.9.1 (unicode) for Python 2.6
"XProfan-Lehrbuch_is1" = XProfan-Lehrbuch
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (marco)
"GeoGebra" = GeoGebra
"Grand Prix 1979 for Rfactor v2.0" = Grand Prix 1979 for Rfactor v2.0
"MOD F1RL09 FINAL VERSION" = MOD F1RL09 FINAL VERSION
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.04.2010 13:26:11 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 04.04.2010 13:26:11 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 04.04.2010 13:26:11 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 10.04.2010 20:13:25 | Computer Name = MARCO-ED193E38F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Allods-EU_Deutsch.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 10.04.2010 20:43:44 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung COH32.exe, Version 6.1.7.18, fehlgeschlagenes
 Modul COH32.exe, Version 6.1.7.18, Fehleradresse 0x000732d6.
 
Error - 10.04.2010 20:43:50 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung COH32.exe, Version 6.1.7.18, fehlgeschlagenes
 Modul COH32.exe, Version 6.1.7.18, Fehleradresse 0x000732d6.
 
Error - 10.04.2010 20:44:55 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung COH32.exe, Version 6.1.7.18, fehlgeschlagenes
 Modul COH32.exe, Version 6.1.7.18, Fehleradresse 0x000732d6.
 
Error - 11.04.2010 05:56:51 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung COH32.exe, Version 6.1.7.18, fehlgeschlagenes
 Modul COH32.exe, Version 6.1.7.18, Fehleradresse 0x000732d6.
 
Error - 12.04.2010 12:14:57 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung COH32.exe, Version 6.1.7.18, fehlgeschlagenes
 Modul COH32.exe, Version 6.1.7.18, Fehleradresse 0x000732d6.
 
Error - 12.04.2010 12:15:12 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung COH32.exe, Version 6.1.7.18, fehlgeschlagenes
 Modul COH32.exe, Version 6.1.7.18, Fehleradresse 0x000732d6.
 
[ System Events ]
Error - 15.04.2010 11:57:56 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7034
Description = Dienst "AVM WLAN Connection Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 15.04.2010 12:45:57 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%183
 
Error - 15.04.2010 12:46:07 | Computer Name = MARCO-ED193E38F | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{A0E748A1-DE06-456A-B6C6-F66E2267059C} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 15.04.2010 15:13:55 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%183
 
Error - 15.04.2010 15:14:26 | Computer Name = MARCO-ED193E38F | Source = NetBT | ID = 4321
Description = Der Name "ARBEITSGRUPPE  :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.21  registriert werden. Der Computer mit IP-Adresse 192.168.178.23
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 16.04.2010 09:47:09 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%183
 
Error - 17.04.2010 09:45:40 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%183
 
Error - 18.04.2010 05:19:28 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%183
 
Error - 18.04.2010 07:09:54 | Computer Name = MARCO-ED193E38F | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 18.04.2010 07:12:03 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%183
 
 
< End of report >

StLB 18.04.2010 12:24
Hi,

es wäre gut zu wissen, was Malwarebytes da für Keylogger gefunden hat.
Suche mal im Reiter "Logdateien" nach einem Logfile vom 29.11.2009 und poste es.

OTL schau ich mit gleich noch an.

Marco90 18.04.2010 12:34
So sah der Eintrag damals aus
Zitat:
C:\System Volume Information\_restore{7972D57B-F40D-4A44-B649-96DCD9C926BD}\RP49\A0004193.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.

StLB 18.04.2010 13:29
Ok, der Keylogger war 'nur' in der Systemwiederherstellung - der war also nicht mehr aktiv.
Bitte einen Rootkitscan mit GMER machen und das Logfile posten.

Marco90 18.04.2010 14:39
Geht das auch mit einem anderen Tool?
GMER stürzt bei mir immer ab.

StLB 18.04.2010 14:44
GMER neigt leider oft zu Abstürzen :(


Rootkitscan mit RootRepeal

Lade RootRepeal.zip herunter und entpacke es auf Deinen Desktop
  • Doppelklicke auf RootRepeal.exe um das Programm zu starten.
  • Klick auf den Reiter Report am unteren Ende des Programmfensters.
  • Klicke den Scan Button.
  • Wähle in dem Select Scan Dialog aus:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Klicke auf OK
  • Wähle in dem nächsten Dialog alle angezeigten Laufwerke aus.
  • Klicke auf OK, um den Scan zu starten.

    Der Scan kann eine Zeit lang dauern. Starte keine anderen Programme, solange der Scan läuft.
  • Wenn der Scan beendet ist, erscheint der Save Report Button.
  • Klicke auf diesen und speichere den Bericht auf Deinen Desktop als RootRepeal.txt.
  • Poste den Bericht bitte in Deiner nächsten Antwort.
  • Gehe auf File, dann auf Exit, um das Programm zu beenden.

Marco90 18.04.2010 15:06
So hier das RootRepeal Log.

Code:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:                2010/04/18 15:48
Program Version:                Version 1.3.5.0
Windows Version:                Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB03C1000        Size: 98304        File Visible: No        Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB8614000        Size: 8192        File Visible: No        Signed: -
Status: -

Name: PCI_PNP0734
Image Path: \Driver\PCI_PNP0734
Address: 0x00000000        Size: 0        File Visible: No        Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000        Size: 0        File Visible: No        Signed: -
Status: -

Name: spvu.sys
Image Path: spvu.sys
Address: 0xB7EB4000        Size: 995328        File Visible: No        Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\dokumente und einstellungen\marco\anwendungsdaten\mozilla\firefox\profiles\fsi8u378.default\sessionstore.js
Status: Size mismatch (API: 32979, Raw: 32977)

SSDT
-------------------
#: 012        Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x892cfe08

#: 013        Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x892cfec8

#: 017        Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x892d0998

#: 031        Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x89ce21c8

#: 041        Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb06ee020

#: 043        Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x892cf9c8

#: 053        Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x892d0b28

#: 057        Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x892cf728

#: 063        Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb06ee2a0

#: 065        Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb06ee800

#: 071        Function Name: NtEnumerateKey
Status: Hooked by "spvu.sys" at address 0xb7ecdda4

#: 073        Function Name: NtEnumerateValueKey
Status: Hooked by "spvu.sys" at address 0xb7ece132

#: 083        Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x892d07f8

#: 089        Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x892cfab8

#: 091        Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x892cfb98

#: 108        Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x892d0718

#: 114        Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x892cf8e8

#: 119        Function Name: NtOpenKey
Status: Hooked by "spvu.sys" at address 0xb7eb50c0

#: 123        Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x892d0a68

#: 125        Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x8804df20

#: 129        Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x892d04b8

#: 160        Function Name: NtQueryKey
Status: Hooked by "spvu.sys" at address 0xb7ece20a

#: 177        Function Name: NtQueryValueKey
Status: Hooked by "spvu.sys" at address 0xb7ece08a

#: 206        Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x892e7320

#: 213        Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x892d03f8

#: 228        Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x892d0588

#: 229        Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x892d0328

#: 247        Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb06eea50

#: 253        Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x892cf808

#: 254        Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x892cffd0

#: 257        Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x89331750

#: 258        Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x892d0268

#: 267        Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x892d0658

#: 277        Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x892d08c8

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System        Address: 0x8b0051f8        Size: 121

Object: Hidden Code [Driver: pcou, IRP_MJ_CREATE]
Process: System        Address: 0x8ad93500        Size: 121

Object: Hidden Code [Driver: pcou, IRP_MJ_CLOSE]
Process: System        Address: 0x8ad93500        Size: 121

Object: Hidden Code [Driver: pcou, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8ad93500        Size: 121

Object: Hidden Code [Driver: pcou, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8ad93500        Size: 121

Object: Hidden Code [Driver: pcou, IRP_MJ_POWER]
Process: System        Address: 0x8ad93500        Size: 121

Object: Hidden Code [Driver: pcou, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8ad93500        Size: 121

Object: Hidden Code [Driver: pcou, IRP_MJ_PNP]
Process: System        Address: 0x8ad93500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System        Address: 0x8ad9d500        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System        Address: 0x8af931f8        Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System        Address: 0x8ae4c500        Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System        Address: 0x8ae4c500        Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8ae4c500        Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8ae4c500        Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System        Address: 0x8ae4c500        Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8ae4c500        Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System        Address: 0x8ae4c500        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System        Address: 0x8b0071f8        Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System        Address: 0x892f71f8        Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System        Address: 0x892f71f8        Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x892f71f8        Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x892f71f8        Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System        Address: 0x892f71f8        Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System        Address: 0x892f71f8        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System        Address: 0x8ad8d500        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System        Address: 0x8ad8d500        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8ad8d500        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8ad8d500        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System        Address: 0x8ad8d500        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8ad8d500        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System        Address: 0x8ad8d500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System        Address: 0x892da500        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_CREATE]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_CLOSE]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_READ]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_LOCK_CONTROL]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_CLEANUP]
Process: System        Address: 0x892a41f8        Size: 121

Object: Hidden Code [Driver: Cdfs؅ఈ浍浓⎨褪@, IRP_MJ_PNP]
Process: System        Address: 0x892a41f8        Size: 121

==EOF==

StLB 18.04.2010 17:35
Ok, habe gerade erfahren, dass RootRepeal untauglich ist. :rolleyes:

Deaktiviere bitte deine Daemon-Tools und versuch erneut einen Scan mit GMER.

Marco90 14.05.2010 04:32
Es hat sehr lange gedauert bis ich GMER wieder versucht habe und es ist mir wieder abgestürzt bzw. hatte ich nen Bluescreen mit der Meldung Bad_Pool_Caller.
Mein System läuft schon sehr lange stabil ohne Bluescreen.
Deshalb kann ich mit GMER keinen Scan machen. Ich habe, aber das Gefühl, dass immer noch nen Keylogger im System ist.
Hab auch nochmal mit der aktuellen Version von Malwarebytes gescant und er hat nichts gefunden.

Marco90 14.05.2010 13:03
Ich hab mal mit GMER nur meine Partition F:/ ausgewählt, dabei ist er aber auch den Windows Ordner auf meiner Partition C:/ durchlaufen. So haben wir wenigstens schonmal ein Teilergebnis. Ich werd nochmal am heutigen Tag versuchen nur die Partition C:/ scannen zu lassen.
Hier schonmal das LogFile

Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-14 13:49:55
Windows 5.1.2600 Service Pack 3
Running: 1nxc10om.exe; Driver: C:\DOKUME~1\marco\LOKALE~1\Temp\pwwyikob.sys


---- System - GMER 1.0.15 ----

SSDT            89152650                                                                                                                            ZwAlertResumeThread
SSDT            89150CF0                                                                                                                            ZwAlertThread
SSDT            891BD720                                                                                                                            ZwAllocateVirtualMemory
SSDT            89232A28                                                                                                                            ZwConnectPort
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                          ZwCreateKey [0xB063D020]
SSDT            89153D78                                                                                                                            ZwCreateMutant
SSDT            89152C18                                                                                                                            ZwCreateThread
SSDT            89149F28                                                                                                                            ZwDebugActiveProcess
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                          ZwDeleteKey [0xB063D2A0]
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                          ZwDeleteValueKey [0xB063D800]
SSDT            spib.sys                                                                                                                            ZwEnumerateKey [0xB7ECDDA4]
SSDT            spib.sys                                                                                                                            ZwEnumerateValueKey [0xB7ECE132]
SSDT            891DF088                                                                                                                            ZwFreeVirtualMemory
SSDT            89153E48                                                                                                                            ZwImpersonateAnonymousToken
SSDT            89152590                                                                                                                            ZwImpersonateThread
SSDT            8915BB98                                                                                                                            ZwMapViewOfSection
SSDT            89154E88                                                                                                                            ZwOpenEvent
SSDT            spib.sys                                                                                                                            ZwOpenKey [0xB7EB50C0]
SSDT            8915F128                                                                                                                            ZwOpenProcessToken
SSDT            89154CE8                                                                                                                            ZwOpenSection
SSDT            890CF2F0                                                                                                                            ZwOpenThreadToken
SSDT            spib.sys                                                                                                                            ZwQueryKey [0xB7ECE20A]
SSDT            spib.sys                                                                                                                            ZwQueryValueKey [0xB7ECE08A]
SSDT            891519A8                                                                                                                            ZwResumeThread
SSDT            89150B08                                                                                                                            ZwSetContextThread
SSDT            890CF3C0                                                                                                                            ZwSetInformationProcess
SSDT            89162EB0                                                                                                                            ZwSetInformationThread
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                          ZwSetValueKey [0xB063DA50]
SSDT            89154DC8                                                                                                                            ZwSuspendProcess
SSDT            89162E30                                                                                                                            ZwSuspendThread
SSDT            \??\C:\WINDOWS\system32\drivers\CO_Mon.sys (Behavior Blocker v2007.1 WDM driver (2007.1.1.99)/Symantec Corporation)                ZwTerminateProcess [0xB835C760]
SSDT            890CF2B8                                                                                                                            ZwTerminateThread
SSDT            8914EDF8                                                                                                                            ZwUnmapViewOfSection
SSDT            891DF008                                                                                                                            ZwWriteVirtualMemory

INT 0x62        ?                                                                                                                                  8AF91BF8
INT 0x63        ?                                                                                                                                  8AE4AF00
INT 0x63        ?                                                                                                                                  8AE4AF00
INT 0x63        ?                                                                                                                                  8AE4AF00
INT 0x73        ?                                                                                                                                  8AF91BF8
INT 0x73        ?                                                                                                                                  8AF91BF8
INT 0x82        ?                                                                                                                                  8AF91BF8
INT 0x83        ?                                                                                                                                  8AE4AF00
INT 0x83        ?                                                                                                                                  8AE4AF00
INT 0x83        ?                                                                                                                                  8AE4AF00
INT 0xA4        ?                                                                                                                                  8AE4AF00
INT 0xB4        ?                                                                                                                                  8AE4AF00

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwCallbackReturn + 2DC4                                                                                                80504660 4 Bytes  CALL AED95BB1
?              spib.sys                                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text          C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                            section is writeable [0xB3495360, 0x3D46A5, 0xE8000020]
.text          USBPORT.SYS!DllUnload                                                                                                              B34588AC 5 Bytes  JMP 8AE4A4E0
.text          a8gnp6fy.SYS                                                                                                                        B32FA386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text          a8gnp6fy.SYS                                                                                                                        B32FA3AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text          a8gnp6fy.SYS                                                                                                                        B32FA3C4 3 Bytes  [00, 80, 02]
.text          a8gnp6fy.SYS                                                                                                                        B32FA3C9 1 Byte  [30]
.text          a8gnp6fy.SYS                                                                                                                        B32FA3C9 11 Bytes  [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text          ...                                                                                                                               

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                  [B7EB6042] spib.sys
IAT            atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                          [B7EB613E] spib.sys
IAT            atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                                [B7EB60C0] spib.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                        [B7EB6800] spib.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                                [B7EB66D6] spib.sys
IAT            \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!KfAcquireSpinLock]                                                                18C4830E
IAT            \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!READ_PORT_UCHAR]                                                                  1C959E88
IAT            \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!KeGetCurrentIrql]                                                                9E880000
IAT            \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!KfRaiseIrql]                                                                      00001CB1
IAT            \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!KfLowerIrql]                                                                      0E798366
IAT            \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!HalGetInterruptVector]                                                            74AAB000
IAT            \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!HalTranslateBusAddress]                                                          8986C636
IAT            \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!KeStallExecutionProcessor]                                                        1A00001C
IAT            \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!KfReleaseSpinLock]                                                                1C8B86C6
IAT            \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                                          C6020000
IAT            \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!READ_PORT_USHORT]                                                                001C9686
IAT            \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                        86C60200
IAT            \SystemRoot\System32\Drivers\a8gnp6fy.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                                00001CB2
IAT            \SystemRoot\System32\Drivers\a8gnp6fy.SYS[WMILIB.SYS!WmiSystemControl]                                                              8800001C
IAT            \SystemRoot\System32\Drivers\a8gnp6fy.SYS[WMILIB.SYS!WmiCompleteRequest]                                                            001CB99E
IAT            \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                                  [B7EC5B90] spib.sys

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                              8AF901F8
Device          \FileSystem\Fastfat \FatCdrom                                                                                                      89128500
Device          \Driver\sptd \Device\07863192                                                                                                      spib.sys

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                            SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\usbohci \Device\USBPDO-0                                                                                                    8AD85500
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                                          8B0081F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                                            8B0081F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                                8B0081F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                              8B0081F8
Device          \Driver\usbohci \Device\USBPDO-1                                                                                                    8AD85500
Device          \Driver\usbehci \Device\USBPDO-2                                                                                                    8ADB8500
Device          \Driver\usbohci \Device\USBPDO-3                                                                                                    8AD85500
Device          \Driver\usbohci \Device\USBPDO-4                                                                                                    8AD85500
Device          \Driver\NetBT \Device\NetBT_Tcpip_{83EB6765-5382-4565-BAEB-B26115882A90}                                                            89017500

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                          SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\usbehci \Device\USBPDO-5                                                                                                    8ADB8500
Device          \Driver\usbohci \Device\USBPDO-6                                                                                                    8AD85500
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                              8AF921F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{8859F334-9827-4BD1-80A8-BEC3E41AD09B}                                                            89017500
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                              8AF921F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                                        8AE61500
Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                                              8AF921F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                  [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                  [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                  [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                  [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-7                                                                                        [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12                                                                                        [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\PCI_PNP6942 \Device\00000066                                                                                                spib.sys
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                            89017500
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                                    89017500

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                          SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                        SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\usbohci \Device\USBFDO-0                                                                                                    8AD85500
Device          \Driver\usbohci \Device\USBFDO-1                                                                                                    8AD85500
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                  89121500
Device          \Driver\usbehci \Device\USBFDO-2                                                                                                    8ADB8500
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                        89121500
Device          \Driver\usbohci \Device\USBFDO-3                                                                                                    8AD85500
Device          \Driver\usbohci \Device\USBFDO-4                                                                                                    8AD85500
Device          \Driver\Ftdisk \Device\FtControl                                                                                                    8AF921F8
Device          \Driver\usbehci \Device\USBFDO-5                                                                                                    8ADB8500
Device          \Driver\usbohci \Device\USBFDO-6                                                                                                    8AD85500
Device          \Driver\a8gnp6fy \Device\Scsi\a8gnp6fy1                                                                                            8ACDC500
Device          \FileSystem\Fastfat \Fat                                                                                                            89128500

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                                              890DB500

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                  771343423
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                  285507792
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                F:\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                              0x19 0x76 0xDA 0xAB ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                         
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                    0x41 0x1F 0xC7 0xDB ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                0x8B 0x3C 0xA5 0x36 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                0x8E 0xD7 0x40 0xA9 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                               
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                    F:\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                    0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                    0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                  0x19 0x76 0xDA 0xAB ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                     
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                        0xE7 0x0A 0xA6 0x32 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                    0xD7 0xF9 0xB3 0xBE ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                               
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                    F:\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                    0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                    0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                  0x19 0x76 0xDA 0xAB ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                     
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                        0x41 0x1F 0xC7 0xDB ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                    0x8B 0x3C 0xA5 0x36 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                    0x8E 0xD7 0x40 0xA9 ...
Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05EAFD30-1597-C47D-8F17-8C462BFAF53A}                   
Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05EAFD30-1597-C47D-8F17-8C462BFAF53A}@iajjeleicdcbmalfgc  0x6B 0x61 0x6D 0x61 ...
Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05EAFD30-1597-C47D-8F17-8C462BFAF53A}@hapjcebafhpiaede    0x6B 0x61 0x6D 0x61 ...

---- EOF - GMER 1.0.15 ----

Marco90 14.05.2010 15:16
Hier das Log der Partition E:/

Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-14 16:08:46
Windows 5.1.2600 Service Pack 3
Running: n2ws5d6u.exe; Driver: C:\DOKUME~1\marco\LOKALE~1\Temp\pwwyikob.sys


---- System - GMER 1.0.15 ----

SSDT            892EAE40                                                                                                                            ZwAlertResumeThread
SSDT            892EAF00                                                                                                                            ZwAlertThread
SSDT            892EB810                                                                                                                            ZwAllocateVirtualMemory
SSDT            8ACE9EB8                                                                                                                            ZwConnectPort
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                          ZwCreateKey [0xB06F0020]
SSDT            892EABF0                                                                                                                            ZwCreateMutant
SSDT            892EB8E8                                                                                                                            ZwCreateThread
SSDT            892EA9B0                                                                                                                            ZwDebugActiveProcess
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                          ZwDeleteKey [0xB06F02A0]
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                          ZwDeleteValueKey [0xB06F0800]
SSDT            spig.sys                                                                                                                            ZwEnumerateKey [0xB7ECDDA4]
SSDT            spig.sys                                                                                                                            ZwEnumerateValueKey [0xB7ECE132]
SSDT            892EB6F0                                                                                                                            ZwFreeVirtualMemory
SSDT            892EACC0                                                                                                                            ZwImpersonateAnonymousToken
SSDT            892EAD80                                                                                                                            ZwImpersonateThread
SSDT            892EB650                                                                                                                            ZwMapViewOfSection
SSDT            892EAB30                                                                                                                            ZwOpenEvent
SSDT            spig.sys                                                                                                                            ZwOpenKey [0xB7EB50C0]
SSDT            892F65E0                                                                                                                            ZwOpenProcessToken
SSDT            89066358                                                                                                                            ZwOpenSection
SSDT            892EB4E8                                                                                                                            ZwOpenThreadToken
SSDT            spig.sys                                                                                                                            ZwQueryKey [0xB7ECE20A]
SSDT            spig.sys                                                                                                                            ZwQueryValueKey [0xB7ECE08A]
SSDT            892F7220                                                                                                                            ZwResumeThread
SSDT            892EB428                                                                                                                            ZwSetContextThread
SSDT            892EB578                                                                                                                            ZwSetInformationProcess
SSDT            892EB358                                                                                                                            ZwSetInformationThread
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                          ZwSetValueKey [0xB06F0A50]
SSDT            892EAA70                                                                                                                            ZwSuspendProcess
SSDT            892EA008                                                                                                                            ZwSuspendThread
SSDT            892ED058                                                                                                                            ZwTerminateProcess
SSDT            892EB298                                                                                                                            ZwTerminateThread
SSDT            893484F8                                                                                                                            ZwUnmapViewOfSection
SSDT            892EB780                                                                                                                            ZwWriteVirtualMemory

INT 0x62        ?                                                                                                                                  8AF91BF8
INT 0x63        ?                                                                                                                                  8AE5EF00
INT 0x63        ?                                                                                                                                  8AE5EF00
INT 0x63        ?                                                                                                                                  8AE5EF00
INT 0x73        ?                                                                                                                                  8AF91BF8
INT 0x73        ?                                                                                                                                  8AF91BF8
INT 0x82        ?                                                                                                                                  8AF91BF8
INT 0x83        ?                                                                                                                                  8AE5EF00
INT 0x83        ?                                                                                                                                  8AE5EF00
INT 0x83        ?                                                                                                                                  8AE5EF00
INT 0xA4        ?                                                                                                                                  8AE5EF00
INT 0xB4        ?                                                                                                                                  8AE5EF00

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwCallbackReturn + 2CA4                                                                                                80504540 4 Bytes  CALL C6D973FD
.text          ntkrnlpa.exe!ZwCallbackReturn + 2DD4                                                                                                80504670 4 Bytes  CALL 5AD97529
?              spig.sys                                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text          C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                            section is writeable [0xB3495360, 0x3D46A5, 0xE8000020]
.text          USBPORT.SYS!DllUnload                                                                                                              B34588AC 5 Bytes  JMP 8AE5E4E0
.text          aze8xyy6.SYS                                                                                                                        B32FA386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text          aze8xyy6.SYS                                                                                                                        B32FA3AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text          aze8xyy6.SYS                                                                                                                        B32FA3C4 3 Bytes  [00, 80, 02]
.text          aze8xyy6.SYS                                                                                                                        B32FA3C9 1 Byte  [30]
.text          aze8xyy6.SYS                                                                                                                        B32FA3C9 11 Bytes  [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text          ...                                                                                                                               

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                  [B7EB6042] spig.sys
IAT            atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                          [B7EB613E] spig.sys
IAT            atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                                [B7EB60C0] spig.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                        [B7EB6800] spig.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                                [B7EB66D6] spig.sys
IAT            \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!KfAcquireSpinLock]                                                                18C4830E
IAT            \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!READ_PORT_UCHAR]                                                                  1C959E88
IAT            \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!KeGetCurrentIrql]                                                                9E880000
IAT            \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!KfRaiseIrql]                                                                      00001CB1
IAT            \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!KfLowerIrql]                                                                      0E798366
IAT            \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!HalGetInterruptVector]                                                            74AAB000
IAT            \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!HalTranslateBusAddress]                                                          8986C636
IAT            \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!KeStallExecutionProcessor]                                                        1A00001C
IAT            \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!KfReleaseSpinLock]                                                                1C8B86C6
IAT            \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                                          C6020000
IAT            \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!READ_PORT_USHORT]                                                                001C9686
IAT            \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                        86C60200
IAT            \SystemRoot\System32\Drivers\aze8xyy6.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                                00001CB2
IAT            \SystemRoot\System32\Drivers\aze8xyy6.SYS[WMILIB.SYS!WmiSystemControl]                                                              8800001C
IAT            \SystemRoot\System32\Drivers\aze8xyy6.SYS[WMILIB.SYS!WmiCompleteRequest]                                                            001CB99E
IAT            \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                                  [B7EC5B90] spig.sys

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                              8AF901F8
Device          \FileSystem\Fastfat \FatCdrom                                                                                                      89290500

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                            SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\sptd \Device\2553353752                                                                                                    spig.sys
Device          \Driver\usbohci \Device\USBPDO-0                                                                                                    8AE21500
Device          \Driver\usbohci \Device\USBPDO-1                                                                                                    8AE21500
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                                          8B0081F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                                            8B0081F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                                8B0081F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                              8B0081F8
Device          \Driver\usbehci \Device\USBPDO-2                                                                                                    8ACE8500
Device          \Driver\usbohci \Device\USBPDO-3                                                                                                    8AE21500
Device          \Driver\usbohci \Device\USBPDO-4                                                                                                    8AE21500
Device          \Driver\NetBT \Device\NetBT_Tcpip_{83EB6765-5382-4565-BAEB-B26115882A90}                                                            892FD1F8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                          SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\usbehci \Device\USBPDO-5                                                                                                    8ACE8500
Device          \Driver\usbohci \Device\USBPDO-6                                                                                                    8AE21500
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                              8AF921F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{8859F334-9827-4BD1-80A8-BEC3E41AD09B}                                                            892FD1F8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                              8AF921F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                                        8ACD51F8
Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                                              8AF921F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                  [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                  [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                  [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                  [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-7                                                                                        [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12                                                                                        [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\PCI_PNP7502 \Device\00000066                                                                                                spig.sys
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                            892FD1F8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                                    892FD1F8

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                          SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                        SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\usbohci \Device\USBFDO-0                                                                                                    8AE21500
Device          \Driver\usbohci \Device\USBFDO-1                                                                                                    8AE21500
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                  892E8500
Device          \Driver\usbehci \Device\USBFDO-2                                                                                                    8ACE8500
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                        892E8500
Device          \Driver\usbohci \Device\USBFDO-3                                                                                                    8AE21500
Device          \Driver\usbohci \Device\USBFDO-4                                                                                                    8AE21500
Device          \Driver\Ftdisk \Device\FtControl                                                                                                    8AF921F8
Device          \Driver\usbehci \Device\USBFDO-5                                                                                                    8ACE8500
Device          \Driver\usbohci \Device\USBFDO-6                                                                                                    8AE21500
Device          \Driver\aze8xyy6 \Device\Scsi\aze8xyy61                                                                                            8ADC61F8
Device          \FileSystem\Fastfat \Fat                                                                                                            89290500

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                                              89299500

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                  771343423
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                  285507792
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                F:\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                              0x19 0x76 0xDA 0xAB ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                         
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                    0x41 0x1F 0xC7 0xDB ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                0x8B 0x3C 0xA5 0x36 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                0x8E 0xD7 0x40 0xA9 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                               
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                    F:\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                    0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                    0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                  0x19 0x76 0xDA 0xAB ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                     
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                        0xE7 0x0A 0xA6 0x32 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                    0xD7 0xF9 0xB3 0xBE ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                               
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                    F:\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                    0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                    0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                  0x19 0x76 0xDA 0xAB ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                     
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                        0x41 0x1F 0xC7 0xDB ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                    0x8B 0x3C 0xA5 0x36 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                    0x8E 0xD7 0x40 0xA9 ...
Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05EAFD30-1597-C47D-8F17-8C462BFAF53A}                   
Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05EAFD30-1597-C47D-8F17-8C462BFAF53A}@iajjeleicdcbmalfgc  0x6B 0x61 0x6D 0x61 ...
Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{05EAFD30-1597-C47D-8F17-8C462BFAF53A}@hapjcebafhpiaede    0x6B 0x61 0x6D 0x61 ...

---- EOF - GMER 1.0.15 ----

StLB 14.05.2010 17:50
Hi,

das ganze ist jetzt knapp nen Monat her, da kann sich viel getan haben auf Deinem System.

Erstell mir bitte ein neues OTL-Logfile und lass noch mal Malwarebytes durchlaufen.

Die GMER-Logs sind imho sauber.

Marco90 14.05.2010 20:42
Das Malwarebytes Log
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4096

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13.05.2010 19:38:55
mbam-log-2010-05-13 (19-38-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 439157
Laufzeit: 1 Stunde(n), 35 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL-Log
Code:
OTL logfile created on: 14.05.2010 21:45:51 - Run 2
OTL by OldTimer - Version 3.2.1.2    Folder = C:\Dokumente und Einstellungen\marco\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 16,21 Gb Free Space | 33,20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 146,48 Gb Total Space | 90,34 Gb Free Space | 61,68% Space Free | Partition Type: NTFS
Drive F: | 270,44 Gb Total Space | 169,49 Gb Free Space | 62,67% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARCO-ED193E38F
Current User Name: marco
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - F:\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - F:\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - F:\hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - F:\Rainlendar2\Rainlendar2.exe ()
PRC - F:\Winamp\winamp.exe (Nullsoft)
PRC - C:\Programme\Vtune\TBPANEL.exe ()
PRC - F:\Nettalk6\Nettalk.exe (Nicolas Kruse)
PRC - C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
PRC - C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Company)
PRC - C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Symantec Core LC) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (Hamachi2Svc) -- F:\hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (LiveUpdate Notice) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (comHost) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NAVEX15) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20100514.005\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20100514.005\NAVENG.SYS (Symantec Corporation)
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SYMIDSCO) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SymcData\ipsdefs\20100510.001\SymIDSCo.sys (Symantec Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (fwlanusbn) -- C:\WINDOWS\system32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys (Symantec Corporation)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (TBPanel) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (Cardex) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: firefoxstats@matthew.hambly:1.2.2n
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks_remote_dns: true
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.02 00:20:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.24 13:42:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.17 20:51:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.04.24 13:40:23 | 000,000,000 | ---D | M]
 
[2009.12.22 17:28:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Extensions
[2009.12.22 17:28:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org
[2010.05.14 19:34:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions
[2009.11.02 21:10:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.05 16:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2009.10.30 21:52:33 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010.04.30 16:37:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\battlefieldheroespatcher@ea.com
[2010.03.19 19:49:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\firefox@tvunetworks.com
[2009.12.19 19:47:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\firefoxstats@matthew.hambly
[2010.02.18 23:22:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\Mozilla\Firefox\Profiles\fsi8u378.default\extensions\toolbar@ask.com
[2010.05.13 19:28:59 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.24 13:42:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.08.24 21:25:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 21:25:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.24 21:25:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.08.24 21:25:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.24 21:25:19 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.11.17 10:14:14 | 000,000,853 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1                                activate.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Gemeinsame Dateien\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [osCheck] C:\Programme\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Rainlendar2] F:\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [TBPanel] C:\Programme\Vtune\TBPanel.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\marco\Startmenü\Programme\Autostart\Nettalk.lnk = F:\Nettalk6\Nettalk.exe (Nicolas Kruse)
O4 - Startup: C:\Dokumente und Einstellungen\marco\Startmenü\Programme\Autostart\TimeLeft.lnk = F:\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.30 19:20:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.11.14 21:00:43 | 000,000,000 | ---D | M] - F:\Autoupdate -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.14 16:13:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\LogMeIn Hamachi
[2010.05.10 17:43:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\NesterSoft
[2010.05.09 20:17:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\marxio-tools
[2010.05.09 20:17:45 | 000,000,000 | ---D | C] -- C:\Programme\Marxio Timer
[2010.05.02 22:11:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\StarCraft II Beta
[2010.05.02 22:11:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\Blizzard Entertainment
[2010.05.02 22:11:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment
[2010.05.02 22:11:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Blizzard
[2010.05.02 19:37:35 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment
[2010.05.02 16:59:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\Procaster
[2010.05.02 16:59:46 | 000,000,000 | ---D | C] -- C:\Programme\Livestream Procaster
[2010.05.01 20:11:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010.04.27 19:52:51 | 000,000,000 | ---D | C] -- C:\Programme\VDMSound
[2010.04.27 19:45:50 | 000,000,000 | ---D | C] -- C:\spiele
[2010.04.27 18:29:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\DOSBox
[2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010.04.25 13:13:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\DISCOSCHLAMPEN
[2010.04.24 13:43:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.04.24 13:42:59 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2010.04.24 13:42:34 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.04.24 13:42:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.04.24 13:42:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.04.24 13:42:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.04.20 13:46:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IsolatedStorage
[2010.04.19 16:58:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX
[2010.04.18 11:25:25 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe
[2010.01.02 18:05:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2009.12.31 16:06:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.sys
[2009.11.08 18:59:25 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2009.10.30 19:22:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2009.10.30 19:20:33 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2005.06.18 08:04:56 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.14 21:01:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.05.14 16:12:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.14 16:12:20 | 004,959,414 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000007-00001102-00000008-10211102}.CDF
[2010.05.14 16:12:01 | 000,235,380 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.05.14 16:11:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.14 16:11:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.14 15:21:05 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Desktop\n2ws5d6u.exe
[2010.05.14 13:52:59 | 004,959,414 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000007-00001102-00000008-10211102}.BAK
[2010.05.14 05:39:31 | 000,030,432 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx
[2010.05.14 05:39:31 | 000,030,432 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx
[2010.05.14 05:39:31 | 000,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx
[2010.05.14 05:39:31 | 000,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx
[2010.05.14 05:39:31 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000007-00001102-00000008-10211102}.rfx
[2010.05.14 05:39:31 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.05.14 05:39:31 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.05.14 05:39:16 | 009,699,328 | -H-- | M] () -- C:\Dokumente und Einstellungen\marco\NTUSER.DAT
[2010.05.14 05:39:16 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\marco\ntuser.ini
[2010.05.13 02:03:36 | 002,117,298 | -H-- | M] () -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.05.12 14:11:10 | 004,955,786 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\F.R. - Exzess all areas (upload by. CoolWhite).mp3
[2010.05.12 14:05:06 | 000,221,824 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Desktop\DSC02063.JPG
[2010.05.12 14:04:12 | 000,378,099 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Desktop\DSC02059.JPG
[2010.05.10 20:00:07 | 000,000,672 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security Online - Systemprüfung ausführen - marco.job
[2010.05.10 17:43:37 | 000,000,474 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Startmenü\Programme\Autostart\TimeLeft.lnk
[2010.05.10 17:43:37 | 000,000,448 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Desktop\TimeLeft.lnk
[2010.05.10 17:40:24 | 000,000,596 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\StarCraft II Beta.lnk
[2010.05.09 20:24:40 | 000,006,713 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\probe.mp3
[2010.05.09 20:22:11 | 000,264,658 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\probe.wav
[2010.05.09 20:17:45 | 000,000,709 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Desktop\Marxio Timer.lnk
[2010.05.02 16:59:47 | 000,000,752 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Livestream Procaster.lnk
[2010.05.01 20:13:16 | 000,000,439 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.30 17:07:38 | 000,138,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.04.30 17:07:26 | 000,215,016 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010.04.30 16:50:53 | 000,138,056 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\PnkBstrK.sys
[2010.04.30 16:50:34 | 002,427,248 | ---- | M] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.27 18:28:49 | 000,000,530 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DOSBox 0.73.lnk
[2010.04.27 16:10:32 | 000,000,463 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steam.lnk
[2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010.04.24 13:40:23 | 000,001,716 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.04.23 19:30:48 | 000,000,499 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Desktop\Play Battle Dex.lnk
[2010.04.22 09:14:29 | 000,046,080 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\Rationalismus.doc
[2010.04.22 09:12:51 | 000,168,960 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\Der Rationalismus.ppt
[2010.04.20 12:26:41 | 000,000,473 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Desktop\GT Legends Demo.lnk
[2010.04.18 15:48:13 | 000,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2010.04.18 11:25:26 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\marco\Desktop\OTL.exe
[2010.04.17 22:22:01 | 000,050,688 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.17 21:56:02 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.15 19:32:23 | 000,027,136 | ---- | M] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\3.doc
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.14 15:21:05 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Desktop\n2ws5d6u.exe
[2010.05.12 14:11:03 | 004,955,786 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\F.R. - Exzess all areas (upload by. CoolWhite).mp3
[2010.05.12 13:54:29 | 000,221,824 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Desktop\DSC02063.JPG
[2010.05.12 13:54:28 | 000,378,099 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Desktop\DSC02059.JPG
[2010.05.10 17:43:37 | 000,000,474 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Startmenü\Programme\Autostart\TimeLeft.lnk
[2010.05.10 17:43:37 | 000,000,448 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Desktop\TimeLeft.lnk
[2010.05.09 20:24:38 | 000,006,713 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\probe.mp3
[2010.05.09 20:22:11 | 000,264,658 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\probe.wav
[2010.05.09 20:17:45 | 000,000,709 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Desktop\Marxio Timer.lnk
[2010.05.02 22:11:39 | 000,000,596 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\StarCraft II Beta.lnk
[2010.05.02 16:59:47 | 000,000,752 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Livestream Procaster.lnk
[2010.04.27 18:28:49 | 000,000,530 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DOSBox 0.73.lnk
[2010.04.23 19:28:28 | 000,000,499 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Desktop\Play Battle Dex.lnk
[2010.04.22 09:05:05 | 000,168,960 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\Der Rationalismus.ppt
[2010.04.20 12:24:09 | 000,000,473 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Desktop\GT Legends Demo.lnk
[2010.04.18 15:48:13 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2010.04.18 12:26:49 | 000,046,080 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\Rationalismus.doc
[2010.04.15 19:32:23 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Eigene Dateien\3.doc
[2010.03.16 21:05:32 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\chrtmp
[2010.03.15 02:27:03 | 000,000,258 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.03.01 22:28:26 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\prospeed_bmp2jpg.dll
[2010.02.27 02:35:09 | 000,510,888 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.02.22 20:19:14 | 000,000,177 | ---- | C] () -- C:\WINDOWS\ROCSETUP.INI
[2010.02.21 22:29:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\PROFED32.INI
[2010.02.02 16:18:17 | 000,010,650 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\hs_err_pid664.log
[2010.02.02 16:15:07 | 000,010,650 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\hs_err_pid3696.log
[2010.02.02 16:03:42 | 000,010,708 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\hs_err_pid3040.log
[2010.01.04 21:38:45 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.01.04 21:38:45 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\PnkBstrK.sys
[2009.12.31 16:07:22 | 000,001,041 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\vso_ts_preview.xml
[2009.12.31 16:06:21 | 000,000,034 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.log
[2009.12.31 16:06:12 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\inst.exe
[2009.12.31 16:06:12 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.cat
[2009.12.31 16:06:12 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Anwendungsdaten\pcouffin.inf
[2009.12.28 18:31:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.11.07 17:28:53 | 000,010,794 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.11.05 20:24:39 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.11.01 03:46:02 | 000,050,688 | ---- | C] () -- C:\Dokumente und Einstellungen\marco\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.31 22:33:21 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.10.30 22:27:04 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.10.30 21:10:16 | 000,046,593 | R--- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2009.10.30 21:10:16 | 000,000,193 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009.10.30 20:23:36 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.10.30 20:23:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.10.30 19:25:12 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\marco\ntuser.dat.LOG
[2009.10.30 19:25:12 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\marco\ntuser.ini
[2009.10.30 19:25:11 | 009,699,328 | -H-- | C] () -- C:\Dokumente und Einstellungen\marco\NTUSER.DAT
[2009.06.10 09:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.06.10 09:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.06.10 09:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.06.10 09:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005.07.11 06:44:12 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005.06.07 15:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2003.03.21 11:56:12 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:888AFB86
< End of report >
Das OTL Extra-Log
Code:
OTL Extras logfile created on: 14.05.2010 21:45:51 - Run 2
OTL by OldTimer - Version 3.2.1.2    Folder = C:\Dokumente und Einstellungen\marco\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 16,21 Gb Free Space | 33,20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 146,48 Gb Total Space | 90,34 Gb Free Space | 61,68% Space Free | Partition Type: NTFS
Drive F: | 270,44 Gb Total Space | 169,49 Gb Free Space | 62,67% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARCO-ED193E38F
Current User Name: marco
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "F:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "F:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "F:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Football2009\fm.exe" = F:\Football2009\fm.exe:*:Enabled:Football Manager 2010 Demo -- (Sports Interactive)
"F:\Footman10\fm.exe" = F:\Footman10\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"F:\Steam\Steam.exe" = F:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"F:\League of Legends\Air\LolClient.exe" = F:\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"F:\League of Legends\Game\League of Legends.exe" = F:\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"F:\Dirt2\dirt2.exe" = F:\Dirt2\dirt2.exe:*:Enabled:DiRT2 Demo -- (Codemasters)
"F:\Dirt 2\dirt2_game.exe" = F:\Dirt 2\dirt2_game.exe:*:Enabled:DiRT2 -- (Codemasters)
"F:\LimeWire\LimeWire.exe" = F:\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"F:\bioshock2\SP\Builds\Binaries\Bioshock2.exe" = F:\bioshock2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 -- (Take-Two Interactive Software)
"F:\bioshock2\MP\Builds\Binaries\Bioshock2.exe" = F:\bioshock2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer -- (2K Games)
"F:\itunes\iTunes.exe" = F:\itunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Ventrilo\Ventrilo.exe" = C:\Programme\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- File not found
"F:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe" = F:\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta -- ()
"F:\Allods\Allods Online\bin\Launcher.exe" = F:\Allods\Allods Online\bin\Launcher.exe:*:Enabled:Allods Online launcher.exe -- (© 2008 - 2009 Astrum Nival, LLC)
"F:\Allods\Allods Online\bin\AOgame.exe" = F:\Allods\Allods Online\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe -- (© 2008 - 2009 Astrum Nival, LLC)
"F:\Steam\steamapps\steamid0078\counter-strike\hl.exe" = F:\Steam\steamapps\steamid0078\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22C29E59-2EF5-4B64-9B7F-9F7A69BC7D1A}" = FMRTE
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{458207CA-1B0C-4A35-AEDF-9C9D5B0579C5}" = Livestream Procaster
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{626C32A3-0F0F-41B3-9F53-75E16B2D8925}" = SymNet
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FF03295-1921-4732-B69B-AF6ED0971A8B}_is1" = GT Legends Demo
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8610FF9A-8FEE-4509-ADCD-AF68157B562A}" = Symantec Real Time Storage Protection Component
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90B73122-6D92-44D2-BBD4-811F98DA88B1}" = Team Players Corvette C6R
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AD6CB8-DE96-43FA-9B73-5FB873DD1CAE}" = Sound Blaster Audigy 4
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AE04B8FC-4CD9-4A94-BE8F-C2434470FB11}" = DiRT2 Demo
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B754B466-11CA-43C0-A168-6553B5C9AD4A}" = BobsTrackBuilderEvo
"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E5}" = Need for Speed™ SHIFT Demo
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BF0BC679-A503-43AF-9104-E8842999955E}_is1" = CTDP's ChampionShipManager NX 2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0C85A83-296E-4813-86A6-DA8DA6A92D6D}" = Left 4 Dead 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB75FFBB-67AA-4AF5-840C-B60D76720AC1}" = MoTeC i2 Pro
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1" = Mass Effect 2
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.313
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF481D3E-FF15-4EE7-B36B-53C9E4021E8B}" = TMPGEnc 4.0 XPress Testversion
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{ECDF8120-703D-4A96-B36C-A565419B3900}" = BobsTrackBuilder
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"AMIP" = AMIP (remove only)
"Ashampoo ClipFinder HD_is1" = Ashampoo ClipFinder HD 2.02
"Ashampoo ClipFinder_is1" = Ashampoo ClipFinder 1.55
"AstrumNival Allods" = Allods Online 1.0.05.41
"Audacity_is1" = Audacity 1.2.6
"AudioConverter Studio_is1" = AudioConverter Studio 6.0
"AVMWLANCLI" = AVM FRITZ!WLAN
"CamStudio" = CamStudio
"cdrtools Frontend_is1" = cdrtfe 1.3.6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ESL Wire_is1" = ESL Wire 1.3
"F1 DLM 2009 Trackpack" = F1 DLM 2009 Trackpack
"F1 Official Team Manager" = F1 Official Team Manager
"Football Manager 2010" = Football Manager 2010
"Football Manager 2010 Demo" = Football Manager 2010 Demo
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FTP Commander" = FTP Commander
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.2.1
"ie8" = Windows Internet Explorer 8
"IsoBuster_is1" = IsoBuster 2.7
"League of Legends_is1" = League of Legends
"LimeWire" = LimeWire 5.4.6
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marxio Timer_is1" = Marxio Timer 1.11
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MMJ-Quellcodesammlung_is1" = MMJ-Quellcodesammlung
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Mumble" = Mumble and Murmur
"Need For Speed SHIFT_is1" = Need For Speed SHIFT
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Nettalk_is1" = Nettalk 6.6
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PKR" = PKR
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"PunkBusterSvc" = PunkBuster Services
"Rainlendar2" = Rainlendar2 (remove only)
"Real-Time Racing_is1" = Real-Time Racing
"rF Tv Style_is1" = Tv Style Beta 0.9
"rFactor" = rFactor (remove only)
"Runic Games Torchlight" = Torchlight
"SopCast" = SopCast 3.2.4
"StarCraft II Beta" = StarCraft II Beta
"Steam App 10" = Counter-Strike
"Steam App 33310" = R.U.S.E. Beta
"Steam App 8600" = RACE 07
"Steam App 8640" = RACE On
"Steam App 8760" = RACE On - DEMO
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security Online (Symantec Corporation)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TIMELEFT3_is1" = TimeLeft
"Total Video Converter 3.21_is1" = Total Video Converter 3.21 090220
"Trillian" = Trillian
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VDMSound" = VDMSound
"VentriloMIX" = VentriloMIX
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Vtune_is1" = Vtune 7.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"wxPython2.8-unicode-py26_is1" = wxPython 2.8.9.1 (unicode) for Python 2.6
"XProfan-Lehrbuch_is1" = XProfan-Lehrbuch
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (marco)
"GeoGebra" = GeoGebra
"Grand Prix 1979 for Rfactor v2.0" = Grand Prix 1979 for Rfactor v2.0
"MOD F1RL09 FINAL VERSION" = MOD F1RL09 FINAL VERSION
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.05.2010 02:05:18 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 04.05.2010 02:05:18 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 04.05.2010 02:05:18 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 04.05.2010 02:05:26 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 04.05.2010 02:05:27 | Computer Name = MARCO-ED193E38F | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
 
Error - 13.05.2010 13:51:52 | Computer Name = MARCO-ED193E38F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung rfactor.exe, Version 1.2.5.5, fehlgeschlagenes
 Modul d3d9.dll, Version 5.3.2600.5512, Fehleradresse 0x00041b0c.
 
Error - 13.05.2010 14:15:04 | Computer Name = MARCO-ED193E38F | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Informationsebene: error  Initialisierung des COM-Subsystems ist fehlgeschlagen.
 Fehlercode: 0x8007041D.
 
Error - 14.05.2010 09:48:51 | Computer Name = MARCO-ED193E38F | Source = Userenv | ID = 1007
Description = Die Ermittlung des zugewiesenen Standorts dieses Computer ist fehlgeschlagen.
 (Der Remoteprozeduraufruf ist fehlgeschlagen und wurde nicht ausgeführt. ). Die
 Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
 
Error - 14.05.2010 09:51:31 | Computer Name = MARCO-ED193E38F | Source = Userenv | ID = 1007
Description = Die Ermittlung des zugewiesenen Standorts dieses Computer ist fehlgeschlagen.
 (Der RPC-Server ist für diesen Vorgang zu stark ausgelastet. ). Die Verarbeitung
 der Gruppenrichtlinie wurde abgebrochen.
 
Error - 14.05.2010 10:09:25 | Computer Name = MARCO-ED193E38F | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Informationsebene: error  Initialisierung des COM-Subsystems ist fehlgeschlagen.
 Fehlercode: 0x8007041D.
 
[ System Events ]
Error - 14.05.2010 06:00:02 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrB" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 14.05.2010 06:00:07 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 14.05.2010 06:00:20 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 14.05.2010 06:02:03 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 14.05.2010 06:02:24 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7034
Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
 
Error - 14.05.2010 06:08:53 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cardex" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%183
 
Error - 14.05.2010 09:23:13 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7034
Description = Dienst "LogMeIn Hamachi 2.0 Tunneling Engine" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 14.05.2010 09:23:24 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7034
Description = Dienst "AVM WLAN Connection Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 14.05.2010 10:09:25 | Computer Name = MARCO-ED193E38F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "LiveUpdate"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {03E0E6C2-363B-11D3-B536-00902771A435}
 
Error - 14.05.2010 10:09:25 | Computer Name = MARCO-ED193E38F | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst LiveUpdate.
 
 
< End of report >
hf :)

StLB 14.05.2010 22:11
Wie zuvor: aus den OTL-Logs ist nichts ersichtlich, was auf bösartige Software hindeutet.

Scanne Deinen PC bitte mal mit SUPERAntispyware - vielleicht findet das noch was.

Marco90 14.05.2010 23:20
Werd ich machen, das Log von GMER in Bezug auf meine komplette Windows Partition steht noch aus, aber das werd ich morgen nachholen.

Marco90 15.05.2010 01:48
Zitat:
Zitat von Marco90 (Beitrag 525968)
Werd ich machen, das Log von GMER in Bezug auf meine komplette Windows Partition steht noch aus, aber das werd ich morgen nachholen.
Das SUPERAntiSpyware Log

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/15/2010 at 02:46 AM

Application Version : 4.37.1000

Core Rules Database Version : 4936
Trace Rules Database Version: 2748

Scan type      : Complete Scan
Total Scan Time : 02:18:42

Memory items scanned      : 714
Memory threats detected  : 0
Registry items scanned    : 5933
Registry threats detected : 0
File items scanned        : 373776
File threats detected    : 22

Adware.Tracking Cookie
        C:\Dokumente und Einstellungen\marco\Cookies\marco@webmasterplan[2].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@doubleclick[2].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@a7.adserver01[1].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@atdmt[1].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@serving-sys[1].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@tradedoubler[1].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@adbrite[2].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@msnportal.112.2o7[1].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@content.yieldmanager[3].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@traffictrack[2].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@toplist[1].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@toplist[2].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@content.yieldmanager[1].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@bs.serving-sys[2].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@adtech[2].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@ad.zanox[1].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@zanox[1].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@ad.yieldmanager[2].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@adply.plymedia[1].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@tto2.traffictrack[1].txt
        C:\Dokumente und Einstellungen\marco\Cookies\marco@www.active-tracking[1].txt

Adware.Vundo/Variant-X32[Header]
        F:\XPROFAN8\RES\LEER32.DLL


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:54 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19