Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe

Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe


Log-Analyse und Auswertung: Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 01.01.2012, 01:58   #1
SaschaW
 
Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe - Standard

Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe


Hallo Liebe Foren-Gemeinde,

mein Großvater hat mir gestern seinen Rechner vorbeigebracht mit einem Problem, er sagte mir er könne nicht mehr Google verwenden und er würde langsam werden.
Es handelt sich um einen Windows XP Rechner mit Installiertem Service Pack 3. Das System ist ein 32 Bit System.

Nachdem ich nun den AVG Virenscanner im normalen Modus laufen lassen habe, hat dieser den Trojaner PSW.Generic.RDX gefunden. Und zwar einmal im RAM und einmal in der services.exe im System32 Ordner. Den im RAM konnte der AVG wohl entfernen, aber den im System32 Ordner wohl nicht.
Also habe ich das ganze noch einmal im Abgesicherten Modus wiederholt, dort hat er aber gar nicht erst etwas gefunden.
Als ich nun den Rechner wieder normal bootete, und AVG erneut Scannen lies (Zur Sicherheit) tauchte der Trojaner immernoch auf und nun noch zusätzlich in der iexplorer.exe

Gibt es eine Möglichkeit das System noch zu säubern oder komme ich um eine Neu-Installation nicht herum?

Habe euch auch die passenden Log Files mit geliefert.

Falls noch etwas gewünscht wird, sagt es ruhig Ich Danke schon einmal im Vorraus

OTL.txt
Code:
ATTFilter
OTL logfile created on: 31.12.2011 18:33:16 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\xxxxxxx\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1015,17 Mb Total Physical Memory | 436,32 Mb Available Physical Memory | 42,98% Memory free
3,87 Gb Paging File | 3,43 Gb Available in Paging File | 88,62% Paging File free
Paging file location(s): C:\pagefile.sys 3048 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137,04 Gb Total Space | 97,40 Gb Free Space | 71,08% Space Free | Partition Type: NTFS
 
Computer Name: LUFIFESKTOP | User Name: xxxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.31 18:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\OTL.exe
PRC - [2011.12.31 10:45:23 | 000,855,904 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011.12.31 10:45:18 | 000,827,232 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2011.11.14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2011.04.18 16:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe
PRC - [2011.04.18 16:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.03.28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgcsrvx.exe
PRC - [2011.03.16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgemcx.exe
PRC - [2011.03.16 15:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe
PRC - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe
PRC - [2011.02.08 04:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe
PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.31 10:45:23 | 000,855,904 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
MOD - [2011.12.31 10:45:18 | 000,827,232 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2011.12.31 10:45:17 | 000,692,224 | ---- | M] () -- C:\Programme\AVG Secure Search\iGearedHelper.dll
MOD - [2011.11.14 16:06:56 | 000,108,496 | ---- | M] () -- C:\Programme\PC Tools Security\BDT\BSPatch.dll
MOD - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (Norton Internet Security)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.12.31 10:45:23 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011.11.22 19:41:50 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011.11.22 18:20:06 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011.11.14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programme\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011.11.10 14:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.04.18 16:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2008.07.16 13:00:00 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.05.05 23:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Programme\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005.02.09 10:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] --  -- (xcpip)
DRV - [2011.11.22 19:43:02 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2011.11.22 19:42:40 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2011.11.22 19:38:04 | 000,253,096 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011.11.14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011.10.07 17:52:12 | 000,660,992 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011.10.07 17:52:06 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011.09.28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.04.14 20:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.02.10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.01.07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009.03.23 13:06:52 | 000,130,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.02.20 08:45:28 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.02.20 08:43:38 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.02.20 08:42:26 | 005,030,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.07.16 12:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2008.04.13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.01.04 08:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005.12.21 08:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005.12.21 08:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005.12.21 08:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2003.07.24 11:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=0&o=xph&d=0510&m=el1600
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=0&o=xph&d=0510&m=el1600
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:blank|hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bb02f40dc-6f5b-4343-b428-1843e8e01c8a%7D&mid=9dead1a333d9602cc6c0e745f9141804-ff410752225ab06f23d3680d7640feb22c7c4f1b&ds=AVG&v=9.0.0.18.1&lang=de&pr=fr&d=2011-12-31%2010%3A44%3A48&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2011.09.01 12:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\9.0.0.18\ [2011.12.31 10:45:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Programme\PC Tools Security\BDT\Firefox\ [2011.12.31 14:03:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.10 09:32:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2010.05.21 08:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\Mozilla\Extensions
[2010.05.21 08:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2011.09.10 09:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.31 10:45:42 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\AVG SECURE SEARCH\9.0.0.18
[2010.05.09 11:13:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.12.31 14:03:39 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAMME\PC TOOLS SECURITY\BDT\FIREFOX
[2010.05.11 08:09:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.09.03 07:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.31 10:45:16 | 000,003,766 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Programme\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.09 13:06:40 | 000,000,087 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell - "" = AutoRun
O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell - "" = AutoRun
O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell - "" = AutoRun
O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "WTGService"
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "TomTomHOMEService"
MsConfig - Services: "RichVideo"
MsConfig - Services: "Pml Driver HPZ12"
MsConfig - Services: "PCLEPCI"
MsConfig - Services: "osppsvc"
MsConfig - Services: "ose"
MsConfig - Services: "Norton Internet Security"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "GameConsoleService"
MsConfig - Services: "ETService"
MsConfig - Services: "!SASCORE"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^F1U201.401.lnk - C:\Programme\Belkin\F1U201.401\usbshare.exe - ()
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Photosmart Premier – Schnellstart.lnk - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= -  File not found
MsConfig - StartUpReg: eRecoveryService - hkey= - key= -  File not found
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSPY2002 - hkey= - key= -  File not found
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: PHIME2002A - hkey= - key= -  File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= -  File not found
MsConfig - StartUpReg: Reminder - hkey= - key= - C:\Programme\Microsoft Money\System\REMINDER.EXE (Microsoft Corporation)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig - StartUpReg: USB2Check - hkey= - key= -  File not found
MsConfig - StartUpReg: WarReg_PopUp - hkey= - key= - C:\Programme\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.31 18:26:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxxxx\Desktop\OTL.exe
[2011.12.31 14:26:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxxx\Lokale Einstellungen\Anwendungsdaten\Threat Expert
[2011.12.31 14:03:37 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2011.12.31 14:03:36 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011.12.31 14:03:35 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011.12.31 14:03:35 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011.12.31 13:59:30 | 000,660,992 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011.12.31 13:59:30 | 000,341,656 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011.12.31 13:59:23 | 000,253,096 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011.12.31 13:58:53 | 000,331,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011.12.31 13:58:53 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011.12.31 13:58:35 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2011.12.31 13:58:35 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2011.12.31 13:58:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PC Tools Security
[2011.12.31 13:58:19 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011.12.31 13:58:00 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools
[2011.12.31 13:20:14 | 000,000,000 | ---D | C] -- C:\Programme\PC Tools Security
[2011.12.31 13:17:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2011.12.31 10:54:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hitman Pro
[2011.12.31 10:53:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxxxxx\Eigene Dateien\Downloads
[2011.12.31 10:50:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\AVG Secure Search
[2011.12.31 10:45:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
[2011.12.31 10:45:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search
[2011.12.31 10:45:16 | 000,000,000 | ---D | C] -- C:\Programme\AVG Secure Search
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.31 18:26:51 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\defogger_reenable
[2011.12.31 18:26:40 | 000,460,416 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.12.31 18:26:40 | 000,442,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.12.31 18:26:40 | 000,085,618 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.12.31 18:26:40 | 000,072,102 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.12.31 18:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\OTL.exe
[2011.12.31 18:21:26 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\Defogger.exe
[2011.12.31 18:21:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.31 18:21:14 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.31 18:21:14 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\53f5srff.exe
[2011.12.31 17:13:16 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BF366C04-092C-4F25-A053-9F7AEAA24F19}.job
[2011.12.31 14:27:09 | 000,001,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Tools Spyware Doctor mit Antivirus.lnk
[2011.12.31 13:59:58 | 000,600,874 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011.12.31 13:17:58 | 000,512,992 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\sdsetup_revwire207[1].exe
[2011.12.31 10:54:44 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011.12.31 10:44:33 | 091,376,667 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011.12.31 10:25:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.25 18:26:26 | 000,000,041 | ---- | M] () -- C:\WINDOWS\MAHJONGG.INI
[2011.12.18 21:16:04 | 000,000,349 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PCLECHAL.INI
[2011.12.16 17:10:10 | 009,412,608 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\Meine Finanzen.mny
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.31 18:26:51 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\defogger_reenable
[2011.12.31 18:26:32 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\53f5srff.exe
[2011.12.31 18:26:21 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\Defogger.exe
[2011.12.31 18:21:14 | 1064,554,496 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.31 14:27:08 | 000,001,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Tools Spyware Doctor mit Antivirus.lnk
[2011.12.31 14:03:36 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011.12.31 14:03:36 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011.12.31 14:03:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011.12.31 14:03:36 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011.12.31 14:03:36 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011.12.31 13:59:32 | 000,600,874 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011.12.31 13:17:59 | 000,512,992 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\sdsetup_revwire207[1].exe
[2011.12.31 10:54:44 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010.05.13 21:45:43 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010.05.13 15:56:07 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MAHJONGG.INI
[2010.05.13 15:52:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\stduser.ini
[2010.05.13 15:36:13 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.13 15:17:13 | 000,128,150 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010.05.10 17:15:59 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010.05.10 17:15:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010.05.10 17:15:57 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2010.05.09 14:04:04 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2010.05.09 13:23:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.05.09 13:10:32 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.05.09 13:06:39 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2010.05.09 13:06:39 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2010.05.09 13:06:39 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2010.05.09 13:06:39 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2010.05.09 13:06:39 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2010.05.09 10:46:59 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\INT15.dll
[2009.02.26 11:35:25 | 000,460,416 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2009.02.26 11:35:25 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2009.02.26 11:35:25 | 000,085,618 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2009.02.26 11:35:25 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2009.02.26 11:35:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009.02.26 11:35:19 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009.02.26 11:35:19 | 000,442,454 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009.02.26 11:35:19 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009.02.26 11:35:19 | 000,072,102 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009.02.26 11:35:19 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009.02.26 11:35:19 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009.02.26 11:35:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009.02.26 11:35:17 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009.02.26 11:35:17 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009.02.26 11:35:14 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009.02.26 11:35:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009.02.26 04:15:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.02.26 03:07:07 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.02.26 03:04:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.02.26 02:53:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009.02.26 02:53:10 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.02.26 02:52:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.02.26 02:48:29 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.02.26 02:47:17 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.02.26 02:43:47 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.02.26 02:43:01 | 000,367,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.04.20 01:28:30 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006.01.04 10:12:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2001.07.07 02:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
 
========== LOP Check ==========
 
[2011.12.31 10:45:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
[2010.11.22 18:00:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar
[2010.11.22 17:38:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10
[2010.11.22 17:30:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2010.11.22 17:38:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2011.12.31 10:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hitman Pro
[2011.05.25 15:41:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2010.05.09 13:17:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2010.05.09 13:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio
[2011.12.31 18:24:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2010.05.21 08:58:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2009.02.26 03:40:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WildTangent
[2011.12.31 10:50:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\AVG Secure Search
[2010.11.22 17:43:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\AVG10
[2010.05.09 12:21:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\OpenOffice.org
[2010.05.09 13:48:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\proDAD
[2010.05.21 08:58:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\TomTom
[2011.12.31 17:13:16 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BF366C04-092C-4F25-A053-9F7AEAA24F19}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.

 >
[2011.07.15 12:10:53 | 000,000,000 | -H-D | M] -- C:\$AVG
[2010.05.09 11:59:02 | 000,000,000 | ---D | M] -- C:\a46e3e7a20cc69a3039b15ac07
[2010.05.09 10:56:54 | 000,000,000 | -H-D | M] -- C:\ACER
[2010.05.09 10:56:48 | 000,000,000 | -H-D | M] -- C:\ACERSW
[2010.05.13 15:27:03 | 000,000,000 | ---D | M] -- C:\bin
[2009.02.26 03:09:39 | 000,000,000 | ---D | M] -- C:\Book
[2011.12.31 13:59:05 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2011.09.27 14:09:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2008.09.11 08:23:36 | 000,000,000 | ---D | M] -- C:\DOTNETFX
[2011.09.10 09:30:48 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.08.31 22:33:59 | 000,000,000 | ---D | M] -- C:\i386
[2009.02.26 02:58:04 | 000,000,000 | ---D | M] -- C:\Intel
[2010.06.14 17:37:06 | 000,000,000 | ---D | M] -- C:\Microsoft Money Sicherung
[2011.01.23 15:38:28 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.05.09 10:46:33 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.12.31 13:20:14 | 000,000,000 | R--D | M] -- C:\Programme
[2010.05.09 11:12:16 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.12.31 13:59:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.09.11 08:23:33 | 000,000,000 | ---D | M] -- C:\VALUEADD
[2011.12.31 18:22:02 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe

 >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s

 >
 
< %systemroot%\system32\*.manifest /3

 >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: AFD.SYS  >
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\SoftwareDistribution\Download\43f8920a763d09a9c6404053368aa5ee\SP3GDR\afd.sys
[2008.04.14 13:00:00 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\SoftwareDistribution\Download\43f8920a763d09a9c6404053368aa5ee\SP3QFE\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: IPSEC.SYS  >
[2008.04.14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2008.04.14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
 
< MD5 for: REGEDIT.EXE  >
[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\i386\REGEDIT.EXE
[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
 >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.06.06 12:35:26 | 001,859,072 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
 >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
 >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-09 11:47:58
 
<  >
 
<  >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 207 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:430C6D84

< End of report >

 

Themen zu Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe
0x00000001, 32 bit, alternate, avg, avg secure search, avg security toolbar, bho, browser, c:\windows\system32\rundll32.exe, c:\windows\system32\services.exe, cid, document, einstellungen, entfernen, excel.exe, firefox, format, google, home, langsam, logfile, plug-in, popup, problem, realtek, registry, required, rundll, scan, secure search, security, security update, services.exe, sicherheit, system, trojaner, vtoolbarupdater, win32k.sys, windows, windows xp


« Ordner auf Wechselmedien werden als Verknüpfung angezeigt | Rechner stürzt ständig ab. Https-Seite können nicht besucht werden. Keine Wiederherstellung möglich »


Ähnliche Themen: Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe


  1. Virus in 'C:\Windows\System32\services.exe'
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (5)
  2. C:\Windows\System32\services.exe Infiziert!
    Plagegeister aller Art und deren Bekämpfung - 25.05.2013 (58)
  3. W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe
    Log-Analyse und Auswertung - 23.05.2013 (54)
  4. 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe'
    Log-Analyse und Auswertung - 15.05.2013 (24)
  5. Trojaner: Patched_c.LYU laut AVG in c:\Windows\System32\services.exe!
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (13)
  6. Malware-gen in C:\Windows\System32\services.exe Windows 7 Service Pack 1 x86 NTFS
    Log-Analyse und Auswertung - 11.11.2012 (13)
  7. TR/ATRAPS.Gen2, TR/Sirefef.16896 (in C:\Windows\Installer\...) und W32/Patched.UA (C:\Windows\System32\services.exe)
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (5)
  8. Trojaner Dropper.Generic_c.MMI in C:\Windows\system32\services.exe
    Log-Analyse und Auswertung - 15.08.2012 (3)
  9. W32/Patched.UB in c:\windows\system32\services.exe
    Log-Analyse und Auswertung - 02.08.2012 (7)
  10. Avast Fehler bei windows\System32\services.exe
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  11. Trojaner: Patched_c.LYU laut AVG in c:\Windows\System32\services.exe!
    Plagegeister aller Art und deren Bekämpfung - 06.07.2012 (6)
  12. C:\windows\system32\services.exe - SVC Host trojaner
    Log-Analyse und Auswertung - 04.07.2012 (3)
  13. Generic Host Process for Win32 Services hat ein Problem festgestellt = W32/Generic.worm!p2p
    Log-Analyse und Auswertung - 06.09.2011 (25)
  14. Generic Host process for win32 services windows xp sp3
    Mülltonne - 31.10.2010 (1)
  15. c:\windows\system32\userinit.exe mit Trojaner (Generic 18.BESH) infiziert, Bereinigung ohne Erfolg
    Plagegeister aller Art und deren Bekämpfung - 10.08.2010 (8)
  16. Generic Host process for win32 services windows xp sp3
    Log-Analyse und Auswertung - 24.06.2009 (15)
  17. C:\\windows\system32\services.exe Problem
    Log-Analyse und Auswertung - 28.06.2007 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe - Hallo Liebe Foren-Gemeinde, mein Großvater hat mir gestern seinen Rechner vorbeigebracht mit einem Problem, er sagte mir er könne nicht mehr Google verwenden und er würde langsam werden. Es handelt - Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe...
Archiv
Du betrachtest: Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130