Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Malware gefunden und entfernt - Sicherheitscenter deaktiviert sich automatisch (https://www.trojaner-board.de/95236-malware-gefunden-entfernt-sicherheitscenter-deaktiviert-automatisch.html)

renfield 31.01.2011 00:38
Malware gefunden und entfernt - Sicherheitscenter deaktiviert sich automatisch
 
Hallo Ihr lieben, habe mir heute (gestern) glaube ich einen Virus (Trojaner) eingefangen. Habe avast! Antivirus - der hat sich aber nicht gemeldet.

Habe das System mit Spybot geprüft - 3 Fehler gefunden und bereinigt,
dann habe ich Malwarebytes laufen lassen, da wurden ebenfalls 3 Probleme erkannt und bereinigt - ein zweiter scan hat nichts mehr gefunden.

was mir mehr als seltsam vorkommt, ist die Meldung des Systems, dass das Sicherheitscenter deaktiviert ist. Auch wenn ich es in den Diensten wieder aktiviere und starte, ist nach ca. 1 Minute das Sicherheitscenter wieder deaktiviert.

Ich habe dann noch mit OTL gescannt.

Ich hänge die Logfiles an und danke schon jetzt für Eure Hilfe.

cosinus 31.01.2011 12:24
Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

renfield 31.01.2011 23:36
hallo arne,
hab jetzt einen vollständigen suchlauf gemacht und hänge die log-datei an.

habe auch noch die logdatei vom spybot gefunden, wo die funde namentlich angeführt sind.
herzlichen dank vorweg

cosinus 01.02.2011 10:13
Zitat:
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
Ist das ein Büro- bzw. beruflich genutzer PC?
CS5 ist fü den rein privaten Einsatz zu teuer oder haste zuviel Geld? :pfeiff:

renfield 01.02.2011 10:41
braucht meine tochter fürs studium - is sozusagen eine investition in die zukunft

cosinus 01.02.2011 13:18
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [SystemExplorer]  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.09.21 08:23:57 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010.06.27 10:12:50 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009.09.04 12:08:14 | 000,000,183 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5d76299c-3cee-11df-bbc2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5d76299c-3cee-11df-bbc2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010.09.21 08:23:57 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{73f54562-d0a0-11de-95bb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{73f54562-d0a0-11de-95bb-806e6f6e6963}\Shell\AutoRun\command - "" = E:\0data\cbs.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe
[2011.01.30 17:17:49 | 000,135,168 | RHS- | M] () -- C:\Windows\System32\winrsa.dll
[2011.01.21 22:14:26 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
@Alternate Data Stream - 143 bytes -> C:\Users\Thomas\AppData\Roaming\default.rss:OECustomProperty
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:661DFA1C
:Files
C:\Windows\tasks\*.job
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

renfield 01.02.2011 17:19
Hallo Arne,
danke für die Hilfe.
Nachstehend die log-Datei
(kann allerdings das Windows Sicherheitscenter noch immer nicht aktivieren)

Code:
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
J:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d76299c-3cee-11df-bbc2-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d76299c-3cee-11df-bbc2-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d76299c-3cee-11df-bbc2-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d76299c-3cee-11df-bbc2-806e6f6e6963}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73f54562-d0a0-11de-95bb-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73f54562-d0a0-11de-95bb-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73f54562-d0a0-11de-95bb-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73f54562-d0a0-11de-95bb-806e6f6e6963}\ not found.
File E:\0data\cbs.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\autorun.exe not found.
C:\Windows\System32\winrsa.dll moved successfully.
C:\Windows\System32\config.nt moved successfully.
ADS C:\Users\Thomas\AppData\Roaming\default.rss:OECustomProperty deleted successfully.
ADS C:\ProgramData\TEMP:661DFA1C deleted successfully.
========== FILES ==========
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\NEGMIOYZTB.job moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Christiane
->Temp folder emptied: 34060 bytes
->Temporary Internet Files folder emptied: 38443 bytes
->Flash cache emptied: 56586 bytes
 
User: Christoph
->Temp folder emptied: 2357635233 bytes
->Temporary Internet Files folder emptied: 63125861 bytes
->Java cache emptied: 11489812 bytes
->FireFox cache emptied: 112509680 bytes
->Flash cache emptied: 397895 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56586 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
User: Public
 
User: Thomas
->Temp folder emptied: 77457894 bytes
->Temporary Internet Files folder emptied: 23104956 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 80654798 bytes
->Google Chrome cache emptied: 6580745 bytes
->Flash cache emptied: 65954 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 557056 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13422 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.609,00 mb
 
 
OTL by OldTimer - Version 3.2.20.6 log created on 02012011_170741

Files\Folders moved on Reboot...
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 01.02.2011 19:01
Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

renfield 01.02.2011 22:39
beiliegend die zip-datei

edit: habs falsch gemacht - datei is jetzt im Upload Channel

cosinus 01.02.2011 23:08
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

renfield 02.02.2011 00:03
alles durchgeführt, nachstehend die log-datei
(Avast hab ich noch vor start in den diensten beenden können - ist also nicht im hintergrund gelaufen)

Combofix Logfile:
Code:
ComboFix 11-01-31.02 - Thomas 01.02.2011  23:38:19.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.43.1031.18.3327.2014 [GMT 1:00]
ausgeführt von:: c:\users\Thomas\Desktop\cofi.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\users\Thomas\AppData\Roaming\.#
c:\users\Thomas\AppData\Roaming\inst.exe
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Cookies\index (1).dat
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Recent\Desktop (1).ini
c:\windows\install.exe
c:\windows\system32\zip32.dll
J:\install.exe

.
(((((((((((((((((((((((  Dateien erstellt von 2011-01-01 bis 2011-02-01  ))))))))))))))))))))))))))))))
.

2011-02-01 16:07 . 2011-02-01 21:38        --------        d-----w-        C:\_OTL
2011-01-31 19:00 . 2011-01-31 19:00        --------        d-----w-        c:\program files\Sophos
2011-01-31 14:41 . 2011-02-01 15:28        --------        d-----w-        c:\users\Christoph\AppData\Roaming\Spyware Terminator
2011-01-30 22:58 . 2011-02-01 22:24        --------        d-----w-        c:\program files\Crawler
2011-01-30 22:32 . 2011-01-30 22:32        142592        ----a-w-        c:\windows\system32\drivers\sp_rsdrv2.sys
2011-01-30 22:32 . 2011-02-01 22:13        --------        d-----w-        c:\users\Thomas\AppData\Roaming\Spyware Terminator
2011-01-30 22:32 . 2011-02-01 15:29        --------        d-----w-        c:\programdata\Spyware Terminator
2011-01-30 22:32 . 2011-02-01 15:28        --------        d-----w-        c:\program files\Spyware Terminator
2011-01-30 22:20 . 2011-01-30 22:20        --------        d-----w-        c:\users\Thomas\AppData\Roaming\Malwarebytes
2011-01-30 22:20 . 2011-01-30 22:20        --------        d-----w-        c:\programdata\Malwarebytes
2011-01-30 22:20 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-30 22:20 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-01-30 15:53 . 2011-01-30 15:53        --------        d-----w-        c:\users\Christiane
2011-01-23 21:03 . 2007-05-14 22:33        962560        ----a-w-        c:\windows\system32\advdaudio.ocx
2011-01-23 21:03 . 2006-05-21 14:15        966144        ----a-w-        c:\windows\system32\NCTAudioInformation2.dll
2011-01-23 21:03 . 2006-05-21 14:15        877568        ----a-w-        c:\windows\system32\NCTAudioFile2.dll
2011-01-23 21:03 . 2006-05-21 14:15        634880        ----a-w-        c:\windows\system32\NCTAudioEditor2.dll
2011-01-23 21:03 . 2006-05-21 14:15        522752        ----a-w-        c:\windows\system32\NCTAudioTransform2.dll
2011-01-23 21:03 . 2006-05-21 14:15        467968        ----a-w-        c:\windows\system32\NCTAudioRecord2.dll
2011-01-23 21:03 . 2006-05-21 14:15        467456        ----a-w-        c:\windows\system32\NCTAudioPlayer2.dll
2011-01-23 21:03 . 2006-05-21 14:15        237568        ----a-w-        c:\windows\system32\lame_enc.dll
2011-01-23 21:03 . 2004-07-14 12:44        23040        ----a-w-        c:\windows\system32\auth.dll
2011-01-23 21:03 . 2002-05-23 19:40        110080        ----a-w-        c:\windows\system32\advd.dll
2011-01-23 21:02 . 2011-01-23 21:14        --------        d-----w-        c:\users\Thomas\AppData\Roaming\concept design
2011-01-23 21:02 . 2008-06-19 13:43        413696        ----a-w-        c:\windows\system32\flvsplitter.ax
2011-01-21 15:18 . 2011-01-21 15:18        --------        d-----w-        c:\program files\Common Files\PCSuite
2011-01-18 17:08 . 2011-01-08 03:27        941160        ----a-w-        c:\windows\system32\nvdispco322090.dll
2011-01-18 17:08 . 2011-01-08 03:27        837736        ----a-w-        c:\windows\system32\nvgenco322040.dll
2011-01-18 17:08 . 2011-01-08 03:27        57960        ----a-w-        c:\windows\system32\OpenCL.dll
2011-01-18 17:08 . 2011-01-08 03:27        4941928        ----a-w-        c:\windows\system32\nvcuda.dll
2011-01-18 17:08 . 2011-01-08 03:27        2895976        ----a-w-        c:\windows\system32\nvcuvid.dll
2011-01-18 17:08 . 2011-01-08 03:27        2251368        ----a-w-        c:\windows\system32\nvcuvenc.dll
2011-01-18 17:08 . 2011-01-08 03:27        15047272        ----a-w-        c:\windows\system32\nvoglv32.dll
2011-01-18 17:08 . 2011-01-08 03:27        13011560        ----a-w-        c:\windows\system32\nvcompiler.dll
2011-01-18 17:08 . 2011-01-08 03:27        10467656        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2011-01-17 16:58 . 2011-01-17 16:58        --------        d-----w-        c:\programdata\ZoomBrowser
2011-01-17 16:46 . 2011-01-17 16:46        --------        d-----w-        c:\program files\iPod
2011-01-17 16:46 . 2011-01-17 16:47        --------        d-----w-        c:\program files\iTunes
2011-01-17 16:44 . 2011-01-17 16:44        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-01-17 16:44 . 2011-01-17 16:44        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-01-17 16:44 . 2011-01-17 16:44        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-01-17 16:44 . 2011-01-17 16:44        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-01-17 16:44 . 2011-01-17 16:44        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-01-17 16:44 . 2011-01-17 16:44        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-01-17 16:44 . 2011-01-17 16:44        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-01-17 16:44 . 2011-01-17 16:44        --------        d-----w-        c:\program files\QuickTime
2011-01-15 20:46 . 2011-01-15 20:46        218176        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2011-01-15 20:45 . 2011-01-15 20:48        --------        d-----w-        c:\program files\DAEMON Tools Lite
2011-01-11 22:31 . 2011-01-11 22:31        --------        d-----w-        c:\users\Thomas\AppData\Roaming\.kde
2011-01-11 22:05 . 2011-01-11 22:05        --------        d-----w-        c:\users\Thomas\AppData\Roaming\KDE
2011-01-11 22:04 . 2011-01-11 22:04        --------        d-----w-        c:\program files\KDE
2011-01-08 18:37 . 2011-01-08 18:37        --------        d-----w-        c:\program files\Windows Media Components
2011-01-07 20:06 . 2011-01-07 20:06        580200        ----a-w-        c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06        3597416        ----a-w-        c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06        2620520        ----a-w-        c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06        608872        ----a-w-        c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06        2558568        ----a-w-        c:\windows\system32\nvsvcr.dll
2011-01-07 20:06 . 2011-01-07 20:06        111208        ----a-w-        c:\windows\system32\nvmctray.dll
2011-01-04 20:27 . 2011-01-04 20:27        --------        d-----w-        c:\windows\system32\RTCOM
2011-01-04 17:14 . 2011-01-06 19:09        --------        d-----w-        c:\users\Thomas\AppData\Roaming\DVDVideoSoft

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-07-25 17:03        188216        ----a-w-        c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-07-25 17:04        294608        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-07-25 17:04        47440        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-07-25 17:04        23632        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-07-25 17:03        51280        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-07-25 17:04        17744        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2011-01-08 03:27 . 2011-01-18 17:08        10920        ----a-w-        c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2010-01-20 17:21        5653096        ----a-w-        c:\windows\system32\nvwgf2um.dll
2011-01-08 03:27 . 2010-01-20 17:21        10078312        ----a-w-        c:\windows\system32\nvd3dum.dll
2011-01-08 03:27 . 2010-01-20 17:21        1965672        ----a-w-        c:\windows\system32\nvapi.dll
2011-01-02 09:26 . 2011-01-02 09:26        176488        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin
2010-12-31 20:06 . 2010-07-25 17:03        38848        ----a-w-        c:\windows\avastSS.scr
2010-12-15 15:52 . 2007-10-25 16:26        5632        ----a-w-        c:\windows\system32\drivers\StarOpen.sys
2010-12-01 19:10 . 2010-09-27 15:05        11232        ----a-w-        c:\windows\system32\drivers\SWDUMon.sys
2010-11-29 16:38 . 2010-11-29 16:38        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38        69632        ----a-w-        c:\windows\system32\QuickTime.qts
2010-11-28 09:55 . 2010-11-28 09:55        29696        ----a-w-        c:\windows\mickey32.dll
2010-11-28 09:55 . 2010-11-28 09:55        184912        ----a-w-        c:\windows\Install.scr
2010-11-24 19:44 . 2010-04-23 13:18        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2010-11-13 21:54 . 2010-11-13 21:30        7818        ----a-w-        c:\windows\system32\ealregsnapshot1.reg
2010-11-13 17:47 . 2010-11-13 17:47        691696        ----a-w-        c:\windows\system32\drivers\sptd.sys
2010-11-04 05:52 . 2010-12-15 14:38        978944        ----a-w-        c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 14:38        44544        ----a-w-        c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 14:38        386048        ----a-w-        c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 14:38        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AF255C7-8742-4B96-8971-1268EEE04974}]
2010-11-12 16:32        1368480        ----a-w-        c:\program files\Online Games Downloader\SWFCatcher.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-01-30 3318784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"GrooveMonitor"="m:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-12-23 9972328]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-01-30 2216960]

c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
JDownloader.lnk - c:\program files\JDownloader\JDownloader.exe [2010-4-24 214528]
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2010-2-1 1512448]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936]
desktop (1).ini [2007-12-11 84]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2010-03-03 16:13        3320768        ----a-w-        c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 08:52        1234216        ----a-w-        c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

R0 RRamdisk;Ramdisk Driver;c:\windows\system32\DRIVERS\rramdisk.sys [2008-11-12 12288]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [2005-12-06 35328]
R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 135664]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\3582.tmp [x]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10.sys [2010-04-08 51200]
R3 oflpydin;oflpydin;c:\users\CHRIST~1\AppData\Local\Temp\oflpydin.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-08-16 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-08-16 11104]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2010-12-01 11232]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-17 1343400]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-10-12 155688]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-13 691696]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-15 218176]
S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2009-07-16 19064]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-01-30 142592]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-29 238952]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2010-09-30 196912]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ipripsvc        REG_MULTI_SZ          iprip
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Crawler Search - tbr:iemenu
IE: Free YouTube Download - c:\users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - m:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: %windir%\system32\wlsppc.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\ctbr.dll
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\fak811ff.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2649914&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://nox.to/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2649914&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: German Dictionary, extended for Austria: de-AT@dictionaries.addons.mozilla.org - %profile%\extensions\de-AT@dictionaries.addons.mozilla.org
FF - Ext: FireNes: firenes@facundo.zaldo - %profile%\extensions\firenes@facundo.zaldo
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: Office Black: Office2007Black@JBBS - %profile%\extensions\Office2007Black@JBBS
FF - Ext: Tabberwocky: tabberwocky@studio17.wordpress.com - %profile%\extensions\tabberwocky@studio17.wordpress.com
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: Tinseltown: {285da7e0-729d-11db-9fe1-0800200c9a66} - %profile%\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
FF - Ext: Abaca classic: {3713a489-0634-4472-8456-dc7abd7eba00} - %profile%\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
FF - Ext: Aero Fox Silver XL: {5c876f30-10ce-11dd-bd0b-0800200c9a66} - %profile%\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
FF - Ext: Update Notifier [de]: {95f24680-9e31-11da-a746-0800200c9a66} - %profile%\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Ext: Nightly Tester Tools: {8620c15f-30dc-4dba-a131-7c5d20cf4a29} - %profile%\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
FF - Ext: Strata40: Strata40@SpewBoy.au - %profile%\extensions\Strata40@SpewBoy.au
FF - Ext: Free Hide IP: support@free-hideip.com - %profile%\extensions\support@free-hideip.com
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: Options Fx4 theme: fx4options@skorek.com - %profile%\extensions\fx4options@skorek.com
FF - Ext: Fx4: fx4theme@skorek.com - %profile%\extensions\fx4theme@skorek.com
FF - Ext: QualysBrowserCheck: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} - %profile%\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
FF - Ext: CHIP.de Toolbar: {a8ec1669-14c8-4382-bb8d-c53f91648e0a} - %profile%\extensions\{a8ec1669-14c8-4382-bb8d-c53f91648e0a}
FF - Ext: Virtus Search Opt-in: extension@virtusdesigns.com - %profile%\extensions\extension@virtusdesigns.com
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\Crawler\firefox
FF - user.js: browser.link.open_external - 1
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.word_select.eat_space_to_next_word - false
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-NPSStartup - (no file)
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
MSConfigStartUp-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3582.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3663185479-124237283-3972810860-1001\Software\SecuROM\License information*]
"datasecu"=hex:e9,10,ad,1b,93,da,98,68,20,49,a7,6f,2a,11,8d,f8,20,b3,9d,db,72,
  a2,bf,fd,48,b9,99,52,7d,80,fd,20,db,f4,e3,e0,de,c1,e5,41,2f,a0,9e,be,df,19,\
"rkeysecu"=hex:6d,9c,0c,ee,22,aa,9a,63,a7,ad,16,9b,3f,6f,78,bd

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-02-01  23:53:56
ComboFix-quarantined-files.txt  2011-02-01 22:53

Vor Suchlauf: 25 Verzeichnis(se), 16.493.928.448 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 16.448.192.512 Bytes frei

- - End Of File - - 51C2344A759D5F7051D5540950AF8F8E
--- --- ---

cosinus 02.02.2011 00:14
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Driver::
oflpydin

File::
c:\users\CHRIST~1\AppData\Local\Temp\oflpydin.sys
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

renfield 02.02.2011 00:48
log-datei nach neustart:

Combofix Logfile:
Code:
ComboFix 11-01-31.02 - Thomas 02.02.2011  0:21.2.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.43.1031.18.3327.2093 [GMT 1:00]
ausgeführt von:: c:\users\Thomas\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Thomas\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\users\CHRIST~1\AppData\Local\Temp\oflpydin.sys"
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OFLPYDIN
-------\Service_oflpydin


(((((((((((((((((((((((  Dateien erstellt von 2011-01-01 bis 2011-02-01  ))))))))))))))))))))))))))))))
.

2011-02-01 23:35 . 2011-02-01 23:35        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-02-01 23:35 . 2011-02-01 23:35        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-02-01 23:35 . 2011-02-01 23:35        --------        d-----w-        c:\users\Christoph\AppData\Local\temp
2011-02-01 16:07 . 2011-02-01 21:38        --------        d-----w-        C:\_OTL
2011-01-31 19:00 . 2011-01-31 19:00        --------        d-----w-        c:\program files\Sophos
2011-01-31 14:41 . 2011-02-01 15:28        --------        d-----w-        c:\users\Christoph\AppData\Roaming\Spyware Terminator
2011-01-30 22:58 . 2011-02-01 23:14        --------        d-----w-        c:\program files\Crawler
2011-01-30 22:32 . 2011-01-30 22:32        142592        ----a-w-        c:\windows\system32\drivers\sp_rsdrv2.sys
2011-01-30 22:32 . 2011-02-01 22:13        --------        d-----w-        c:\users\Thomas\AppData\Roaming\Spyware Terminator
2011-01-30 22:32 . 2011-02-01 15:29        --------        d-----w-        c:\programdata\Spyware Terminator
2011-01-30 22:32 . 2011-02-01 15:28        --------        d-----w-        c:\program files\Spyware Terminator
2011-01-30 22:20 . 2011-01-30 22:20        --------        d-----w-        c:\users\Thomas\AppData\Roaming\Malwarebytes
2011-01-30 22:20 . 2011-01-30 22:20        --------        d-----w-        c:\programdata\Malwarebytes
2011-01-30 22:20 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-30 22:20 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-01-30 15:53 . 2011-01-30 15:53        --------        d-----w-        c:\users\Christiane
2011-01-23 21:03 . 2007-05-14 22:33        962560        ----a-w-        c:\windows\system32\advdaudio.ocx
2011-01-23 21:03 . 2006-05-21 14:15        966144        ----a-w-        c:\windows\system32\NCTAudioInformation2.dll
2011-01-23 21:03 . 2006-05-21 14:15        877568        ----a-w-        c:\windows\system32\NCTAudioFile2.dll
2011-01-23 21:03 . 2006-05-21 14:15        634880        ----a-w-        c:\windows\system32\NCTAudioEditor2.dll
2011-01-23 21:03 . 2006-05-21 14:15        522752        ----a-w-        c:\windows\system32\NCTAudioTransform2.dll
2011-01-23 21:03 . 2006-05-21 14:15        467968        ----a-w-        c:\windows\system32\NCTAudioRecord2.dll
2011-01-23 21:03 . 2006-05-21 14:15        467456        ----a-w-        c:\windows\system32\NCTAudioPlayer2.dll
2011-01-23 21:03 . 2006-05-21 14:15        237568        ----a-w-        c:\windows\system32\lame_enc.dll
2011-01-23 21:03 . 2004-07-14 12:44        23040        ----a-w-        c:\windows\system32\auth.dll
2011-01-23 21:03 . 2002-05-23 19:40        110080        ----a-w-        c:\windows\system32\advd.dll
2011-01-23 21:02 . 2011-01-23 21:14        --------        d-----w-        c:\users\Thomas\AppData\Roaming\concept design
2011-01-23 21:02 . 2008-06-19 13:43        413696        ----a-w-        c:\windows\system32\flvsplitter.ax
2011-01-21 15:18 . 2011-01-21 15:18        --------        d-----w-        c:\program files\Common Files\PCSuite
2011-01-18 17:08 . 2011-01-08 03:27        941160        ----a-w-        c:\windows\system32\nvdispco322090.dll
2011-01-18 17:08 . 2011-01-08 03:27        837736        ----a-w-        c:\windows\system32\nvgenco322040.dll
2011-01-18 17:08 . 2011-01-08 03:27        57960        ----a-w-        c:\windows\system32\OpenCL.dll
2011-01-18 17:08 . 2011-01-08 03:27        4941928        ----a-w-        c:\windows\system32\nvcuda.dll
2011-01-18 17:08 . 2011-01-08 03:27        2895976        ----a-w-        c:\windows\system32\nvcuvid.dll
2011-01-18 17:08 . 2011-01-08 03:27        2251368        ----a-w-        c:\windows\system32\nvcuvenc.dll
2011-01-18 17:08 . 2011-01-08 03:27        15047272        ----a-w-        c:\windows\system32\nvoglv32.dll
2011-01-18 17:08 . 2011-01-08 03:27        13011560        ----a-w-        c:\windows\system32\nvcompiler.dll
2011-01-18 17:08 . 2011-01-08 03:27        10467656        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2011-01-17 16:58 . 2011-01-17 16:58        --------        d-----w-        c:\programdata\ZoomBrowser
2011-01-17 16:46 . 2011-01-17 16:46        --------        d-----w-        c:\program files\iPod
2011-01-17 16:46 . 2011-01-17 16:47        --------        d-----w-        c:\program files\iTunes
2011-01-17 16:44 . 2011-01-17 16:44        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-01-17 16:44 . 2011-01-17 16:44        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-01-17 16:44 . 2011-01-17 16:44        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-01-17 16:44 . 2011-01-17 16:44        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-01-17 16:44 . 2011-01-17 16:44        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-01-17 16:44 . 2011-01-17 16:44        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-01-17 16:44 . 2011-01-17 16:44        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-01-17 16:44 . 2011-01-17 16:44        --------        d-----w-        c:\program files\QuickTime
2011-01-15 20:46 . 2011-01-15 20:46        218176        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2011-01-15 20:45 . 2011-01-15 20:48        --------        d-----w-        c:\program files\DAEMON Tools Lite
2011-01-11 22:31 . 2011-01-11 22:31        --------        d-----w-        c:\users\Thomas\AppData\Roaming\.kde
2011-01-11 22:05 . 2011-01-11 22:05        --------        d-----w-        c:\users\Thomas\AppData\Roaming\KDE
2011-01-11 22:04 . 2011-01-11 22:04        --------        d-----w-        c:\program files\KDE
2011-01-08 18:37 . 2011-01-08 18:37        --------        d-----w-        c:\program files\Windows Media Components
2011-01-07 20:06 . 2011-01-07 20:06        580200        ----a-w-        c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06        3597416        ----a-w-        c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06        2620520        ----a-w-        c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06        608872        ----a-w-        c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06        2558568        ----a-w-        c:\windows\system32\nvsvcr.dll
2011-01-07 20:06 . 2011-01-07 20:06        111208        ----a-w-        c:\windows\system32\nvmctray.dll
2011-01-04 20:27 . 2011-01-04 20:27        --------        d-----w-        c:\windows\system32\RTCOM
2011-01-04 17:14 . 2011-01-06 19:09        --------        d-----w-        c:\users\Thomas\AppData\Roaming\DVDVideoSoft

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-07-25 17:03        188216        ----a-w-        c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-07-25 17:04        294608        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-07-25 17:04        47440        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-07-25 17:04        23632        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-07-25 17:03        51280        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-07-25 17:04        17744        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2011-01-08 03:27 . 2011-01-18 17:08        10920        ----a-w-        c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2010-01-20 17:21        5653096        ----a-w-        c:\windows\system32\nvwgf2um.dll
2011-01-08 03:27 . 2010-01-20 17:21        10078312        ----a-w-        c:\windows\system32\nvd3dum.dll
2011-01-08 03:27 . 2010-01-20 17:21        1965672        ----a-w-        c:\windows\system32\nvapi.dll
2011-01-02 09:26 . 2011-01-02 09:26        176488        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin
2010-12-31 20:06 . 2010-07-25 17:03        38848        ----a-w-        c:\windows\avastSS.scr
2010-12-15 15:52 . 2007-10-25 16:26        5632        ----a-w-        c:\windows\system32\drivers\StarOpen.sys
2010-12-01 19:10 . 2010-09-27 15:05        11232        ----a-w-        c:\windows\system32\drivers\SWDUMon.sys
2010-11-29 16:38 . 2010-11-29 16:38        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38        69632        ----a-w-        c:\windows\system32\QuickTime.qts
2010-11-28 09:55 . 2010-11-28 09:55        29696        ----a-w-        c:\windows\mickey32.dll
2010-11-28 09:55 . 2010-11-28 09:55        184912        ----a-w-        c:\windows\Install.scr
2010-11-24 19:44 . 2010-04-23 13:18        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2010-11-13 21:54 . 2010-11-13 21:30        7818        ----a-w-        c:\windows\system32\ealregsnapshot1.reg
2010-11-13 17:47 . 2010-11-13 17:47        691696        ----a-w-        c:\windows\system32\drivers\sptd.sys
2010-11-04 05:52 . 2010-12-15 14:38        978944        ----a-w-        c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 14:38        44544        ----a-w-        c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 14:38        386048        ----a-w-        c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 14:38        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AF255C7-8742-4B96-8971-1268EEE04974}]
2010-11-12 16:32        1368480        ----a-w-        c:\program files\Online Games Downloader\SWFCatcher.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-01-30 3318784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"GrooveMonitor"="m:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-12-23 9972328]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-01-30 2216960]

c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
JDownloader.lnk - c:\program files\JDownloader\JDownloader.exe [2010-4-24 214528]
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2010-2-1 1512448]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936]
desktop (1).ini [2007-12-11 84]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe,wtmcore.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2010-03-03 16:13        3320768        ----a-w-        c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 08:52        1234216        ----a-w-        c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

R0 RRamdisk;Ramdisk Driver;c:\windows\system32\DRIVERS\rramdisk.sys [2008-11-12 12288]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [2005-12-06 35328]
R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 135664]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\3582.tmp [x]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10.sys [2010-04-08 51200]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-08-16 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-08-16 11104]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2010-12-01 11232]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-17 1343400]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-10-12 155688]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-13 691696]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-15 218176]
S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2009-07-16 19064]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-01-30 142592]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-29 238952]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2010-09-30 196912]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ipripsvc        REG_MULTI_SZ          iprip
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Crawler Search - tbr:iemenu
IE: Free YouTube Download - c:\users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - m:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: %windir%\system32\wlsppc.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\ctbr.dll
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\fak811ff.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2649914&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://nox.to/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2649914&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: German Dictionary, extended for Austria: de-AT@dictionaries.addons.mozilla.org - %profile%\extensions\de-AT@dictionaries.addons.mozilla.org
FF - Ext: FireNes: firenes@facundo.zaldo - %profile%\extensions\firenes@facundo.zaldo
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: Office Black: Office2007Black@JBBS - %profile%\extensions\Office2007Black@JBBS
FF - Ext: Tabberwocky: tabberwocky@studio17.wordpress.com - %profile%\extensions\tabberwocky@studio17.wordpress.com
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: Tinseltown: {285da7e0-729d-11db-9fe1-0800200c9a66} - %profile%\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
FF - Ext: Abaca classic: {3713a489-0634-4472-8456-dc7abd7eba00} - %profile%\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
FF - Ext: Aero Fox Silver XL: {5c876f30-10ce-11dd-bd0b-0800200c9a66} - %profile%\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
FF - Ext: Update Notifier [de]: {95f24680-9e31-11da-a746-0800200c9a66} - %profile%\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Ext: Nightly Tester Tools: {8620c15f-30dc-4dba-a131-7c5d20cf4a29} - %profile%\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia
FF - Ext: Strata40: Strata40@SpewBoy.au - %profile%\extensions\Strata40@SpewBoy.au
FF - Ext: Free Hide IP: support@free-hideip.com - %profile%\extensions\support@free-hideip.com
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: Options Fx4 theme: fx4options@skorek.com - %profile%\extensions\fx4options@skorek.com
FF - Ext: Fx4: fx4theme@skorek.com - %profile%\extensions\fx4theme@skorek.com
FF - Ext: QualysBrowserCheck: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} - %profile%\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
FF - Ext: CHIP.de Toolbar: {a8ec1669-14c8-4382-bb8d-c53f91648e0a} - %profile%\extensions\{a8ec1669-14c8-4382-bb8d-c53f91648e0a}
FF - Ext: Virtus Search Opt-in: extension@virtusdesigns.com - %profile%\extensions\extension@virtusdesigns.com
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - c:\program files\Crawler\firefox
FF - user.js: browser.link.open_external - 1
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.word_select.eat_space_to_next_word - false
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13
.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3582.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3663185479-124237283-3972810860-1001\Software\SecuROM\License information*]
"datasecu"=hex:e9,10,ad,1b,93,da,98,68,20,49,a7,6f,2a,11,8d,f8,20,b3,9d,db,72,
  a2,bf,fd,48,b9,99,52,7d,80,fd,20,db,f4,e3,e0,de,c1,e5,41,2f,a0,9e,be,df,19,\
"rkeysecu"=hex:6d,9c,0c,ee,22,aa,9a,63,a7,ad,16,9b,3f,6f,78,bd

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(4628)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\wtmcore.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Java\jre6\bin\javaw.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-02  00:46:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-02-01 23:46
ComboFix2.txt  2011-02-01 22:53

Vor Suchlauf: 29 Verzeichnis(se), 16.520.052.736 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 15.987.482.624 Bytes frei

- - End Of File - - B13C75AA9E1CAAEDA8798F6703931FEA
--- --- ---

cosinus 02.02.2011 09:35
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

renfield 02.02.2011 17:43
GMER ist abgestürzt

NAchstehend die logs:

OSAM:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:38:31 on 02.02.2011

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - M:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL
"Nero BurnRights 10" - "Nero AG" - C:\Program Files\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~2\Nokia\NOKIAP~1\CONNEC~1.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV07.sys
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys
"AsIO" (AsIO) - ? - C:\Windows\System32\drivers\AsIO.sys  (File found, but it contains no detailed information)
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"catchme" (catchme) - ? - C:\Users\Thomas\AppData\Local\Temp\catchme.sys  (File not found)
"cpudrv" (cpudrv) - ? - C:\Program Files\SystemRequirementsLab\cpudrv.sys  (File found, but it contains no detailed information)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"epmntdrv" (epmntdrv) - ? - C:\Windows\system32\epmntdrv.sys  (File found, but it contains no detailed information)
"EuGdiDrv" (EuGdiDrv) - ? - C:\Windows\system32\EuGdiDrv.sys  (File found, but it contains no detailed information)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"HWiNFO32 Kernel Driver" (HWiNFO32) - "REALiX(tm)" - C:\Program Files\HWiNFO32\HWiNFO32.SYS
"LG Bluetooth Bus Enumerator" (lgbusenum) - ? - C:\Windows\System32\DRIVERS\lgbtbus.sys  (File not found)
"LGE Bluetooth TransPort" (LgBttPort) - ? - C:\Windows\System32\DRIVERS\lgbtport.sys  (File not found)
"LGE Virtual Modem" (LGVMODEM) - ? - C:\Windows\System32\DRIVERS\lgvmodem.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\3582.tmp  (File not found)
"pwdrvio" (pwdrvio) - ? - C:\Windows\system32\pwdrvio.sys  (File found, but it contains no detailed information)
"pwdspio" (pwdspio) - ? - C:\Windows\system32\pwdspio.sys  (File found, but it contains no detailed information)
"Ramdisk Driver" (RRamdisk) - "gavotte" - C:\Windows\System32\DRIVERS\rramdisk.sys
"Seagate DiscWizard FS Filter" (tifsfilter) - "Acronis" - C:\Windows\System32\DRIVERS\tifsfilt.sys
"Seagate DiscWizard Image Backup Archive Explorer" (timounter) - "Acronis" - C:\Windows\System32\DRIVERS\timntr.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"Spyware Terminator Driver 2" (sp_rsdrv2) - ? - C:\Windows\system32\drivers\sp_rsdrv2.sys
"SSHDRV61" (SSHDRV61) - ? - C:\Windows\system32\drivers\SSHDRV61.sys  (File found, but it contains no detailed information)
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\Windows\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\Windows\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 3.x)" (sfsync03) - "Protection Technology" - C:\Windows\System32\drivers\sfsync03.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"SWDUMon" (SWDUMon) - ? - C:\Windows\System32\DRIVERS\SWDUMon.sys  (File found, but it contains no detailed information)
"upperdev" (upperdev) - ? - C:\Windows\System32\DRIVERS\usbser_lowerflt.sys  (File not found)
"UsbserFilt" (UsbserFilt) - ? - C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - M:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{4D25FB7A-8902-4291-960E-9ADA051CFBBF} "tbr" - "Crawler.com" - C:\PROGRA~2\Crawler\ctbr.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - M:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplact.dll
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll
{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - M:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - M:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - M:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - M:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - M:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - M:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - M:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - M:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - M:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - M:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - M:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplsens.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - M:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - M:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - M:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - M:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - ? -  (File not found | COM-object registry key not found)
{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - ? -  (File not found | COM-object registry key not found)
{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - ? -  (File not found | COM-object registry key not found)
{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - "Crawler.com" - C:\Program Files\Spyware Terminator\sptcontmenu.dll
{1184D0ED-DBCE-4170-8DBB-4D0C3905DA85} "Touch Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcpltouch.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{0D41B8C5-2599-4893-8183-00195EC8D5F9} "asusTek_sysctrl Class" - ? - C:\Windows\DOWNLO~1\ASUSTE~1.DLL / hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
{4871A87A-BFDD-4106-8153-FFDE2BAC2967} "DLM Control" - "Akamai Technologies, Inc." - C:\Windows\DOWNLO~1\DOWNLO~1.OCX / hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - M:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - M:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Crawler Toolbar" - "Crawler.com" - C:\PROGRA~2\Crawler\ctbr.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3AF255C7-8742-4B96-8971-1268EEE04974} "Flash Catcher" - "VTools" - C:\Program Files\Online Games Downloader\SWFCatcher.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - M:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} "{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" - "Crawler.com" - C:\PROGRA~2\Crawler\ctbr.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"JDownloader.lnk" - "AppWork UG (haftungsbeschränkt)" - C:\Program Files\JDownloader\JDownloader.exe  (Shortcut exists | File exists)
"Spamihilator.lnk" - "Michel Krämer" - C:\Program Files\Spamihilator\spamihilator.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop (1).ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop (1).ini
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SpywareTerminatorUpdate" - "Crawler.com" - "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Tobias Süllhöfer Software" - C:\Windows\system32\wtmcore.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"AdobeAAMUpdater-1.0" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS5ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"avast5" - "AVAST Software" - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
"CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
"GrooveMonitor" - "Microsoft Corporation" - "M:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"IntelliPoint" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"NokiaMServer" - "Nokia" - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SpywareTerminator" - "Crawler.com" - "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SwitchBoard" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Nitro PDF Port Monitor" - "Nitro PDF Software" - C:\Windows\system32\nitrolocalmon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe
"Afa Card Reader Service" (AfaService) - ? - C:\Windows\system32\afasrv32.exe  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - M:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"NitroPDFReaderDriverCreatorReadSpool" (NitroReaderDriverReadSpool) - "Nitro PDF Software" - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Spyware Terminator Realtime Shield Service" (sp_rssrv) - "Crawler.com" - C:\Program Files\Spyware Terminator\sp_rsser.exe
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"WLSPPC" - ? - C:\Windows\system32\wlsppc.dll  (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/HTML]

MBR:
HTML-Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Home Premium Edition
Windows Information:                (build 7600), 32-bit
Base Board Manufacturer:        ASUSTeK Computer INC.
BIOS Manufacturer:                American Megatrends Inc.
System Manufacturer:                System manufacturer
System Product Name:                P5QL PRO
Logical Drives Mask:                0x000017fd

Kernel Drivers (total 223):
  0x83449000 \SystemRoot\system32\ntkrnlpa.exe
  0x83412000 \SystemRoot\system32\halmacpi.dll
  0x80BAA000 \SystemRoot\system32\kdcom.dll
  0x83A3F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x83AB7000 \SystemRoot\system32\PSHED.dll
  0x83AC8000 \SystemRoot\system32\BOOTVID.dll
  0x83AD0000 \SystemRoot\system32\CLFS.SYS
  0x83B12000 \SystemRoot\system32\CI.dll
  0x8401C000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8408D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8409B000 \SystemRoot\System32\Drivers\spql.sys
  0x8418E000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x84197000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x8421D000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x84265000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x8426D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x84278000 \SystemRoot\system32\DRIVERS\pci.sys
  0x842A2000 \SystemRoot\System32\drivers\partmgr.sys
  0x842B3000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x842BB000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x842C6000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x842D6000 \SystemRoot\System32\drivers\volmgrx.sys
  0x84321000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x84328000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x8433E000 \SystemRoot\System32\drivers\mountmgr.sys
  0x84362000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x8436B000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x8438E000 \SystemRoot\system32\DRIVERS\mv61xx.sys
  0x843CF000 \SystemRoot\system32\DRIVERS\mv61xxmm.sys
  0x843D7000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x841BD000 \SystemRoot\system32\drivers\fltmgr.sys
  0x843E0000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8C607000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8C736000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8C761000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8C774000 \SystemRoot\System32\Drivers\cng.sys
  0x8C7D1000 \SystemRoot\System32\drivers\pcw.sys
  0x8C7DF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8C82E000 \SystemRoot\system32\drivers\ndis.sys
  0x8C8E5000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8C923000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8CA04000 \SystemRoot\System32\drivers\tcpip.sys
  0x8CB4D000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8CB7E000 \SystemRoot\system32\DRIVERS\timntr.sys
  0x8C948000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x8CBE9000 \SystemRoot\System32\Drivers\spldr.sys
  0x8CBF1000 \SystemRoot\System32\drivers\sfhlp02.sys
  0x8C999000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8C9C6000 \SystemRoot\System32\Drivers\mup.sys
  0x8C9D6000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x83BBD000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8C9DE000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8C800000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x83A00000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x843F1000 \??\C:\Windows\system32\drivers\SSHDRV61.sys
  0x8CBF9000 \SystemRoot\System32\Drivers\Null.SYS
  0x8C7F9000 \SystemRoot\System32\Drivers\Beep.SYS
  0x84200000 \SystemRoot\System32\drivers\vga.sys
  0x93013000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x93034000 \SystemRoot\System32\drivers\watchdog.sys
  0x93041000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x93049000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x93051000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x93059000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x93064000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x93072000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x93089000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x93094000 \SystemRoot\System32\Drivers\aswTdi.SYS
  0x9309E000 \SystemRoot\system32\drivers\afd.sys
  0x930F8000 \SystemRoot\System32\Drivers\aswRdr.SYS
  0x930FD000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x9312F000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x93138000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x9313F000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x9315E000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x9316C000 \SystemRoot\system32\DRIVERS\serial.sys
  0x93186000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
  0x931C1000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x931D4000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x9380D000 \??\C:\Windows\system32\drivers\sp_rsdrv2.sys
  0x93830000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x93871000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x9387B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x93885000 \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS
  0x93888000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x9388D000 \SystemRoot\System32\drivers\discache.sys
  0x93899000 \SystemRoot\System32\Drivers\dfsc.sys
  0x938B1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x938BF000 \SystemRoot\System32\Drivers\aswSP.SYS
  0x93906000 \SystemRoot\system32\drivers\AsIO.sys
  0x93908000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x93929000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x97002000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x979FC000 \SystemRoot\System32\Drivers\nvBridge.kmd
  0x9393B000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x9B62A000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x9B663000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x9B66E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x9B6B9000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x9B6C8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x9B6E7000 \SystemRoot\System32\Drivers\AnyDVD.sys
  0x9B6FF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x9B705000 \SystemRoot\system32\DRIVERS\L1E62x86.sys
  0x9B715000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x9B720000 \SystemRoot\system32\DRIVERS\ASACPI.sys
  0x9B722000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x9B73A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x9B747000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x9B751000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x9B75E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x9B770000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x9B788000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x9B793000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x9B7B5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x9B7CD000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x9B7E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x9B600000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x9B60D000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x9BE33000 \SystemRoot\system32\DRIVERS\ks.sys
  0x9BE67000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x9BE96000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x9BEDA000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x9BEE4000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x9CA0F000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x9CD40000 \SystemRoot\system32\drivers\portcls.sys
  0x9CD6F000 \SystemRoot\system32\drivers\drmk.sys
  0x9E760000 \SystemRoot\System32\win32k.sys
  0x9CD88000 \SystemRoot\System32\drivers\Dxapi.sys
  0x9CD92000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x9CDA9000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x9CDAB000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x9BEF5000 \SystemRoot\system32\DRIVERS\udfs.sys
  0x9CDC1000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x9CDCC000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x9CDD7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x9CDEA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x9CDF1000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0x9CA00000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x9BF35000 \SystemRoot\system32\DRIVERS\point32.sys
  0x9BF3E000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x9E9C0000 \SystemRoot\System32\TSDDD.dll
  0x9BF4B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x9BF56000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x9BF5F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x9BF70000 \SystemRoot\System32\Drivers\BTHUSB.sys
  0x9BF82000 \SystemRoot\System32\Drivers\bthport.sys
  0x9E600000 \SystemRoot\System32\cdd.dll
  0x9BE00000 \SystemRoot\system32\DRIVERS\rfcomm.sys
  0x9BE24000 \SystemRoot\system32\DRIVERS\BthEnum.sys
  0x9BE75000 \SystemRoot\system32\DRIVERS\bthpan.sys
  0x9BFE6000 \SystemRoot\system32\DRIVERS\bthmodem.sys
  0x9E620000 \SystemRoot\System32\ATMFD.DLL
  0x9B60F000 \SystemRoot\system32\drivers\modem.sys
  0x8E234000 \SystemRoot\system32\DRIVERS\btwavdt.sys
  0x8E2A7000 \SystemRoot\system32\drivers\btwaudio.sys
  0x8E328000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
  0x8E333000 \SystemRoot\system32\DRIVERS\btwrchid.sys
  0x8E336000 \SystemRoot\system32\drivers\luafv.sys
  0x8E351000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
  0x8E388000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
  0x8E38B000 \??\C:\Windows\system32\drivers\ACEDRV07.sys
  0x8E3ED000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
  0x8E200000 \SystemRoot\system32\drivers\WudfPf.sys
  0xA4C03000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA4C24000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA4C34000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA4C47000 \SystemRoot\system32\drivers\HTTP.sys
  0xA4CCC000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA4CE5000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA4CF7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA4D1A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA4D55000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA4D88000 \??\C:\Windows\system32\drivers\acedrv11.sys
  0xA4DB4000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0xA4DF7000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xA7C29000 \SystemRoot\system32\drivers\peauth.sys
  0xA7CC0000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA7CCA000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA7CEB000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA7CF8000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA7D47000 \SystemRoot\System32\Drivers\fastfat.SYS
  0xA7D71000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA7DC2000 \??\C:\Windows\system32\FsUsbExDisk.SYS
  0xC408D000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x76EB0000 \Windows\System32\ntdll.dll
  0x47640000 \Windows\System32\smss.exe
  0x770F0000 \Windows\System32\apisetschema.dll
  0x009D0000 \Windows\System32\autochk.exe
  0x77050000 \Windows\System32\clbcatq.dll
  0x76FF0000 \Windows\System32\shlwapi.dll
  0x76DE0000 \Windows\System32\msctf.dll
  0x76D00000 \Windows\System32\kernel32.dll
  0x76C50000 \Windows\System32\msvcrt.dll
  0x76AF0000 \Windows\System32\ole32.dll
  0x768F0000 \Windows\System32\iertutil.dll
  0x76870000 \Windows\System32\comdlg32.dll
  0x76820000 \Windows\System32\Wldap32.dll
  0x76720000 \Windows\System32\wininet.dll
  0x76700000 \Windows\System32\sechost.dll
  0x766B0000 \Windows\System32\gdi32.dll
  0x76510000 \Windows\System32\setupapi.dll
  0x76500000 \Windows\System32\lpk.dll
  0x764F0000 \Windows\System32\nsi.dll
  0x76490000 \Windows\System32\difxapi.dll
  0x76480000 \Windows\System32\normaliz.dll
  0x76460000 \Windows\System32\imm32.dll
  0x763C0000 \Windows\System32\usp10.dll
  0x76310000 \Windows\System32\rpcrt4.dll
  0x756C0000 \Windows\System32\shell32.dll
  0x755F0000 \Windows\System32\user32.dll
  0x755B0000 \Windows\System32\ws2_32.dll
  0x75520000 \Windows\System32\oleaut32.dll
  0x75510000 \Windows\System32\psapi.dll
  0x753D0000 \Windows\System32\urlmon.dll
  0x75330000 \Windows\System32\advapi32.dll
  0x75300000 \Windows\System32\imagehlp.dll
  0x752B0000 \Windows\System32\KernelBase.dll
  0x75290000 \Windows\System32\devobj.dll
  0x75260000 \Windows\System32\wintrust.dll
  0x751D0000 \Windows\System32\comctl32.dll
  0x751A0000 \Windows\System32\cfgmgr32.dll
  0x75080000 \Windows\System32\crypt32.dll
  0x75070000 \Windows\System32\msasn1.dll

Processes (total 77):
      0 System Idle Process
      4 SYSTEM
    312 C:\Windows\System32\smss.exe
    440 csrss.exe
    500 C:\Windows\System32\wininit.exe
    512 csrss.exe
    548 C:\Windows\System32\services.exe
    588 C:\Windows\System32\lsass.exe
    596 C:\Windows\System32\lsm.exe
    648 C:\Windows\System32\winlogon.exe
    732 C:\Windows\System32\svchost.exe
    828 C:\Windows\System32\nvvsvc.exe
    860 C:\Windows\System32\svchost.exe
    940 C:\Windows\System32\svchost.exe
    1028 C:\Windows\System32\svchost.exe
    1072 C:\Windows\System32\svchost.exe
    1200 C:\Windows\System32\svchost.exe
    1232 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    1244 C:\Windows\System32\nvvsvc.exe
    1504 WUDFHost.exe
    1576 C:\Windows\System32\svchost.exe
    1636 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    328 C:\Windows\System32\spoolsv.exe
    340 C:\Windows\System32\taskeng.exe
    372 C:\Windows\System32\svchost.exe
    688 C:\Windows\System32\svchost.exe
    1144 C:\Windows\System32\rundll32.exe
    1688 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1432 C:\Program Files\Bonjour\mDNSResponder.exe
    1184 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    2084 C:\Windows\System32\FsUsbExService.Exe
    2200 C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
    2300 C:\Windows\System32\svchost.exe
    2328 C:\Program Files\Spyware Terminator\sp_rsser.exe
    2376 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2460 C:\Windows\System32\svchost.exe
    2520 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2688 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2720 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    2992 C:\Windows\System32\dwm.exe
    3028 C:\Windows\explorer.exe
    3044 C:\Windows\System32\wtmcore.exe
    3060 C:\Windows\System32\taskhost.exe
    3088 C:\Program Files\Google\Update\GoogleUpdate.exe
    3676 C:\Windows\servicing\TrustedInstaller.exe
    3740 C:\Windows\System32\svchost.exe
    3824 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3832 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    3868 WUDFHost.exe
    3900 M:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    3968 C:\Windows\System32\svchost.exe
    3976 C:\Windows\System32\taskhost.exe
    3768 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    3356 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2292 C:\Windows\System32\SearchIndexer.exe
    2288 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    1324 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    2280 C:\Program Files\iTunes\iTunesHelper.exe
    1464 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
    1460 C:\Program Files\Windows Sidebar\sidebar.exe
    976 C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
    4104 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    4144 C:\Program Files\Spamihilator\spamihilator.exe
    4220 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    4264 C:\Program Files\Java\jre6\bin\javaw.exe
    4856 C:\Program Files\iPod\bin\iPodService.exe
    5388 C:\Windows\System32\svchost.exe
    4464 C:\Program Files\Nero\Update\NASvc.exe
    4876 C:\Program Files\Mozilla Firefox\firefox.exe
    3956 C:\Program Files\Crawler\CToolbar.exe
    2648 WmiPrvSE.exe
    1164 C:\Windows\explorer.exe
    2560 C:\Windows\System32\SearchProtocolHost.exe
    5668 C:\Windows\System32\SearchFilterHost.exe
    4200 C:\Users\Thomas\Desktop\MBRCheck.exe
    4468 C:\Windows\System32\conhost.exe
    1396 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\J: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\M: --> \\.\PhysicalDrive0 at offset 0x00000022`54fb0c00  (NTFS)

PhysicalDrive0 Model Number: ST3320620AS, Rev: 3.AAK 
PhysicalDrive1 Model Number: HitachiHDS721010CLA332, Rev:

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    931 GB  \\.\PhysicalDrive1  RE: Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

cosinus 02.02.2011 21:12
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

renfield 03.02.2011 06:09
hier der 1. log

HTML-Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/03/2011 at 01:38 AM

Application Version : 4.48.1000

Core Rules Database Version : 6327
Trace Rules Database Version: 4139

Scan type      : Complete Scan
Total Scan Time : 03:50:49

Memory items scanned      : 851
Memory threats detected  : 0
Registry items scanned    : 11625
Registry threats detected : 1
File items scanned        : 502497
File threats detected    : 21

Malware.Trace
        HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Adware.Tracking Cookie
        media.mtvnservices.com [ C:\xy\Dokumente und Einstellungen\Die lieben Eltern\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\JBLRAZZ8 ]
        vfsexe.gmx.net [ C:\xy\Dokumente und Einstellungen\Die lieben Eltern\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\JBLRAZZ8 ]
        ads1.msn.com [ J:\Sicherung PC\xy\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\5AY975WD ]
        cdn1.eyewonder.com [ J:\Sicherung PC\xy\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\5AY975WD ]
        media.jambocast.com [ J:\Sicherung PC\xy\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\5AY975WD ]
        media.mtvnservices.com [ J:\Sicherung PC\xy\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\5AY975WD ]
        media01.kyte.tv [ J:\Sicherung PC\xy\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\5AY975WD ]
        mediathek.daserste.de [ J:\Sicherung PC\xy\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\5AY975WD ]
        mediatonic1.com [ J:\Sicherung PC\xy\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\5AY975WD ]
        msntest.serving-sys.com [ J:\Sicherung PC\xy\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\5AY975WD ]
        szene1.media.mediaserver24.com [ J:\Sicherung PC\xy\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\5AY975WD ]
        www.vianadserver.com [ J:\Sicherung PC\xy\Dokumente und Einstellungen\Christiane\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\5AY975WD ]
        142.memecounter.com [ J:\Sicherung PC\xy\Dokumente und Einstellungen\Christoph\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\GB6CDNJK ]
        acvs.mediaonenetwork.net [ J:\Sicherung PC\xy\Dokumente und Einstellungen\Christoph\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\GB6CDNJK ]
        c2.zedo.com [ J:\Sicherung PC\xy\Dokumente und Einstellungen\Christoph\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\GB6CDNJK ]
        googleads.g.doubleclick.net [ J:\Sicherung PC\xy\Dokumente und Einstellungen\Christoph\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\GB6CDNJK ]
        media1.clubpenguin.com [ J:\Sicherung PC\xy\Dokumente und Einstellungen\Christoph\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\GB6CDNJK ]
        memecounter.com [ J:\Sicherung PC\xy\Dokumente und Einstellungen\Christoph\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\GB6CDNJK ]
        naiadsystems.com [ J:\Sicherung PC\xy\Dokumente und Einstellungen\Christoph\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\GB6CDNJK ]
        www.pornhub.com [ J:\Sicherung PC\xy\Dokumente und Einstellungen\Christoph\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\GB6CDNJK ]

Trojan.Agent/Gen-OnlineGames[Wilao]
        J:\ARCHIV\DOWNLOAD\SETUP(2).EXE

cosinus 03.02.2011 11:53
Bislang nur Überreste und harmlose Cookies.

renfield 03.02.2011 21:40
So jetzt hab ich noch den 2. Scan

HTML-Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5669

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03.02.2011 21:10:17
mbam-log-2011-02-03 (21-10-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|J:\|M:\|)
Durchsuchte Objekte: 696352
Laufzeit: 2 Stunde(n), 44 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 03.02.2011 21:45
Sieht ok aus.
Noch Probleme oder nun alles ok?

renfield 03.02.2011 21:49
Eigentlich funktioniert alles einwandfrei.
Dann wag ich jetzt wieder mal Onlinebanking.


Dann sag ich hier noch einmal ein ganz großes DANKESCHÖN!! speziell an Dich und an alle in diesem Board!!

Ich werd Euch weiterempfehlen!

cosinus 03.02.2011 21:51
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

renfield 03.02.2011 21:57
passwörter hab ich schon vom büro aus geändert - danke!

rest werd ich noch abarbeiten.

lieben DANK

renfield 03.02.2011 22:10
Eine kurze Frage hab ich noch.
was für schutzprogramme empfielst du?
ich hab avast antivirus drauf, und jetzt noch den spyware terminator.

gibts da was vernünftigeres??

cosinus 04.02.2011 10:44
Zitat:
was für schutzprogramme empfielst du?
Schutzprogramme sind in erster Linie nur optional. Da du einen Bürorechner hast, musst du mal sehen, ob es kostenlose Virenscanner gibt, der für dich in Frage kommt, und der es dir auch offiziell erlaubt, auch auf nicht rein privat genutzten Rechnern installiert zu werden. Da gab es zB http://www.trojaner-board.de/78656-a...s-edition.html
Und Schutz vor Gefahren im Internet: Microsoft Security Essentials sollte AFAIK auch sein.

Viel wichtiger als Software ist das Konzept. Einfach nur irgendwas installieren und dann sich hinterher nie mehr Gedanken machen um irgendwas funktioniert nicht!!

Halte Dich am besten grob an diese fünf Regeln:

1) Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
2) Halte Windows und alle verwendeten Programme immer aktuell
3) Führe regelmäßig Backups auf externe Medien durch
4) Arbeite mit eingeschränkten Rechten
5) Nutze sichere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen

Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:30 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19