Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.01.2012, 00:58   #1
SaschaW
 
Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe - Standard

Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe



Hallo Liebe Foren-Gemeinde,

mein Großvater hat mir gestern seinen Rechner vorbeigebracht mit einem Problem, er sagte mir er könne nicht mehr Google verwenden und er würde langsam werden.
Es handelt sich um einen Windows XP Rechner mit Installiertem Service Pack 3. Das System ist ein 32 Bit System.

Nachdem ich nun den AVG Virenscanner im normalen Modus laufen lassen habe, hat dieser den Trojaner PSW.Generic.RDX gefunden. Und zwar einmal im RAM und einmal in der services.exe im System32 Ordner. Den im RAM konnte der AVG wohl entfernen, aber den im System32 Ordner wohl nicht.
Also habe ich das ganze noch einmal im Abgesicherten Modus wiederholt, dort hat er aber gar nicht erst etwas gefunden.
Als ich nun den Rechner wieder normal bootete, und AVG erneut Scannen lies (Zur Sicherheit) tauchte der Trojaner immernoch auf und nun noch zusätzlich in der iexplorer.exe

Gibt es eine Möglichkeit das System noch zu säubern oder komme ich um eine Neu-Installation nicht herum?

Habe euch auch die passenden Log Files mit geliefert.

Falls noch etwas gewünscht wird, sagt es ruhig Ich Danke schon einmal im Vorraus

OTL.txt
Code:
ATTFilter
OTL logfile created on: 31.12.2011 18:33:16 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\xxxxxxx\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1015,17 Mb Total Physical Memory | 436,32 Mb Available Physical Memory | 42,98% Memory free
3,87 Gb Paging File | 3,43 Gb Available in Paging File | 88,62% Paging File free
Paging file location(s): C:\pagefile.sys 3048 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137,04 Gb Total Space | 97,40 Gb Free Space | 71,08% Space Free | Partition Type: NTFS
 
Computer Name: LUFIFESKTOP | User Name: xxxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.31 18:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\OTL.exe
PRC - [2011.12.31 10:45:23 | 000,855,904 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011.12.31 10:45:18 | 000,827,232 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2011.11.14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2011.04.18 16:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe
PRC - [2011.04.18 16:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.03.28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgcsrvx.exe
PRC - [2011.03.16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgemcx.exe
PRC - [2011.03.16 15:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe
PRC - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe
PRC - [2011.02.08 04:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe
PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.31 10:45:23 | 000,855,904 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
MOD - [2011.12.31 10:45:18 | 000,827,232 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2011.12.31 10:45:17 | 000,692,224 | ---- | M] () -- C:\Programme\AVG Secure Search\iGearedHelper.dll
MOD - [2011.11.14 16:06:56 | 000,108,496 | ---- | M] () -- C:\Programme\PC Tools Security\BDT\BSPatch.dll
MOD - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (Norton Internet Security)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.12.31 10:45:23 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011.11.22 19:41:50 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011.11.22 18:20:06 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011.11.14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programme\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011.11.10 14:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.04.18 16:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2008.07.16 13:00:00 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.05.05 23:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Programme\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005.02.09 10:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] --  -- (xcpip)
DRV - [2011.11.22 19:43:02 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2011.11.22 19:42:40 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2011.11.22 19:38:04 | 000,253,096 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011.11.14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011.10.07 17:52:12 | 000,660,992 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011.10.07 17:52:06 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011.09.28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.04.14 20:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.02.10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.01.07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009.03.23 13:06:52 | 000,130,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.02.20 08:45:28 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.02.20 08:43:38 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.02.20 08:42:26 | 005,030,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.07.16 12:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2008.04.13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.01.04 08:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005.12.21 08:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005.12.21 08:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005.12.21 08:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2003.07.24 11:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=0&o=xph&d=0510&m=el1600
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=0&o=xph&d=0510&m=el1600
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:blank|hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bb02f40dc-6f5b-4343-b428-1843e8e01c8a%7D&mid=9dead1a333d9602cc6c0e745f9141804-ff410752225ab06f23d3680d7640feb22c7c4f1b&ds=AVG&v=9.0.0.18.1&lang=de&pr=fr&d=2011-12-31%2010%3A44%3A48&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2011.09.01 12:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\9.0.0.18\ [2011.12.31 10:45:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Programme\PC Tools Security\BDT\Firefox\ [2011.12.31 14:03:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.10 09:32:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2010.05.21 08:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\Mozilla\Extensions
[2010.05.21 08:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2011.09.10 09:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.31 10:45:42 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\AVG SECURE SEARCH\9.0.0.18
[2010.05.09 11:13:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.12.31 14:03:39 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAMME\PC TOOLS SECURITY\BDT\FIREFOX
[2010.05.11 08:09:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.09.03 07:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.31 10:45:16 | 000,003,766 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Programme\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.09 13:06:40 | 000,000,087 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell - "" = AutoRun
O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell - "" = AutoRun
O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell - "" = AutoRun
O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "WTGService"
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "TomTomHOMEService"
MsConfig - Services: "RichVideo"
MsConfig - Services: "Pml Driver HPZ12"
MsConfig - Services: "PCLEPCI"
MsConfig - Services: "osppsvc"
MsConfig - Services: "ose"
MsConfig - Services: "Norton Internet Security"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "GameConsoleService"
MsConfig - Services: "ETService"
MsConfig - Services: "!SASCORE"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^F1U201.401.lnk - C:\Programme\Belkin\F1U201.401\usbshare.exe - ()
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Photosmart Premier – Schnellstart.lnk - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= -  File not found
MsConfig - StartUpReg: eRecoveryService - hkey= - key= -  File not found
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSPY2002 - hkey= - key= -  File not found
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: PHIME2002A - hkey= - key= -  File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= -  File not found
MsConfig - StartUpReg: Reminder - hkey= - key= - C:\Programme\Microsoft Money\System\REMINDER.EXE (Microsoft Corporation)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig - StartUpReg: USB2Check - hkey= - key= -  File not found
MsConfig - StartUpReg: WarReg_PopUp - hkey= - key= - C:\Programme\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.31 18:26:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxxxx\Desktop\OTL.exe
[2011.12.31 14:26:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxxx\Lokale Einstellungen\Anwendungsdaten\Threat Expert
[2011.12.31 14:03:37 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2011.12.31 14:03:36 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011.12.31 14:03:35 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011.12.31 14:03:35 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011.12.31 13:59:30 | 000,660,992 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011.12.31 13:59:30 | 000,341,656 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011.12.31 13:59:23 | 000,253,096 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011.12.31 13:58:53 | 000,331,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011.12.31 13:58:53 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011.12.31 13:58:35 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2011.12.31 13:58:35 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2011.12.31 13:58:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PC Tools Security
[2011.12.31 13:58:19 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011.12.31 13:58:00 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools
[2011.12.31 13:20:14 | 000,000,000 | ---D | C] -- C:\Programme\PC Tools Security
[2011.12.31 13:17:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2011.12.31 10:54:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hitman Pro
[2011.12.31 10:53:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxxxxx\Eigene Dateien\Downloads
[2011.12.31 10:50:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\AVG Secure Search
[2011.12.31 10:45:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
[2011.12.31 10:45:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search
[2011.12.31 10:45:16 | 000,000,000 | ---D | C] -- C:\Programme\AVG Secure Search
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.31 18:26:51 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\defogger_reenable
[2011.12.31 18:26:40 | 000,460,416 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.12.31 18:26:40 | 000,442,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.12.31 18:26:40 | 000,085,618 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.12.31 18:26:40 | 000,072,102 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.12.31 18:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\OTL.exe
[2011.12.31 18:21:26 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\Defogger.exe
[2011.12.31 18:21:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.31 18:21:14 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.31 18:21:14 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\53f5srff.exe
[2011.12.31 17:13:16 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BF366C04-092C-4F25-A053-9F7AEAA24F19}.job
[2011.12.31 14:27:09 | 000,001,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Tools Spyware Doctor mit Antivirus.lnk
[2011.12.31 13:59:58 | 000,600,874 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011.12.31 13:17:58 | 000,512,992 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\sdsetup_revwire207[1].exe
[2011.12.31 10:54:44 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011.12.31 10:44:33 | 091,376,667 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011.12.31 10:25:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.25 18:26:26 | 000,000,041 | ---- | M] () -- C:\WINDOWS\MAHJONGG.INI
[2011.12.18 21:16:04 | 000,000,349 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PCLECHAL.INI
[2011.12.16 17:10:10 | 009,412,608 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\Meine Finanzen.mny
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.31 18:26:51 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\defogger_reenable
[2011.12.31 18:26:32 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\53f5srff.exe
[2011.12.31 18:26:21 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\Defogger.exe
[2011.12.31 18:21:14 | 1064,554,496 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.31 14:27:08 | 000,001,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Tools Spyware Doctor mit Antivirus.lnk
[2011.12.31 14:03:36 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011.12.31 14:03:36 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011.12.31 14:03:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011.12.31 14:03:36 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011.12.31 14:03:36 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011.12.31 13:59:32 | 000,600,874 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011.12.31 13:17:59 | 000,512,992 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\sdsetup_revwire207[1].exe
[2011.12.31 10:54:44 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010.05.13 21:45:43 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010.05.13 15:56:07 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MAHJONGG.INI
[2010.05.13 15:52:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\stduser.ini
[2010.05.13 15:36:13 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.13 15:17:13 | 000,128,150 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010.05.10 17:15:59 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010.05.10 17:15:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010.05.10 17:15:57 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2010.05.09 14:04:04 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2010.05.09 13:23:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.05.09 13:10:32 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.05.09 13:06:39 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2010.05.09 13:06:39 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2010.05.09 13:06:39 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2010.05.09 13:06:39 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2010.05.09 13:06:39 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2010.05.09 10:46:59 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\INT15.dll
[2009.02.26 11:35:25 | 000,460,416 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2009.02.26 11:35:25 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2009.02.26 11:35:25 | 000,085,618 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2009.02.26 11:35:25 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2009.02.26 11:35:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009.02.26 11:35:19 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009.02.26 11:35:19 | 000,442,454 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009.02.26 11:35:19 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009.02.26 11:35:19 | 000,072,102 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009.02.26 11:35:19 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009.02.26 11:35:19 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009.02.26 11:35:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009.02.26 11:35:17 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009.02.26 11:35:17 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009.02.26 11:35:14 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009.02.26 11:35:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009.02.26 04:15:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.02.26 03:07:07 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.02.26 03:04:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.02.26 02:53:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009.02.26 02:53:10 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.02.26 02:52:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.02.26 02:48:29 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.02.26 02:47:17 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.02.26 02:43:47 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.02.26 02:43:01 | 000,367,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.04.20 01:28:30 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006.01.04 10:12:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2001.07.07 02:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
 
========== LOP Check ==========
 
[2011.12.31 10:45:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
[2010.11.22 18:00:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar
[2010.11.22 17:38:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10
[2010.11.22 17:30:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2010.11.22 17:38:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2011.12.31 10:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hitman Pro
[2011.05.25 15:41:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2010.05.09 13:17:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2010.05.09 13:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio
[2011.12.31 18:24:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2010.05.21 08:58:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2009.02.26 03:40:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WildTangent
[2011.12.31 10:50:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\AVG Secure Search
[2010.11.22 17:43:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\AVG10
[2010.05.09 12:21:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\OpenOffice.org
[2010.05.09 13:48:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\proDAD
[2010.05.21 08:58:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\TomTom
[2011.12.31 17:13:16 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BF366C04-092C-4F25-A053-9F7AEAA24F19}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.

 >
[2011.07.15 12:10:53 | 000,000,000 | -H-D | M] -- C:\$AVG
[2010.05.09 11:59:02 | 000,000,000 | ---D | M] -- C:\a46e3e7a20cc69a3039b15ac07
[2010.05.09 10:56:54 | 000,000,000 | -H-D | M] -- C:\ACER
[2010.05.09 10:56:48 | 000,000,000 | -H-D | M] -- C:\ACERSW
[2010.05.13 15:27:03 | 000,000,000 | ---D | M] -- C:\bin
[2009.02.26 03:09:39 | 000,000,000 | ---D | M] -- C:\Book
[2011.12.31 13:59:05 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2011.09.27 14:09:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2008.09.11 08:23:36 | 000,000,000 | ---D | M] -- C:\DOTNETFX
[2011.09.10 09:30:48 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.08.31 22:33:59 | 000,000,000 | ---D | M] -- C:\i386
[2009.02.26 02:58:04 | 000,000,000 | ---D | M] -- C:\Intel
[2010.06.14 17:37:06 | 000,000,000 | ---D | M] -- C:\Microsoft Money Sicherung
[2011.01.23 15:38:28 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.05.09 10:46:33 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.12.31 13:20:14 | 000,000,000 | R--D | M] -- C:\Programme
[2010.05.09 11:12:16 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.12.31 13:59:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.09.11 08:23:33 | 000,000,000 | ---D | M] -- C:\VALUEADD
[2011.12.31 18:22:02 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe

 >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s

 >
 
< %systemroot%\system32\*.manifest /3

 >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: AFD.SYS  >
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\SoftwareDistribution\Download\43f8920a763d09a9c6404053368aa5ee\SP3GDR\afd.sys
[2008.04.14 13:00:00 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\SoftwareDistribution\Download\43f8920a763d09a9c6404053368aa5ee\SP3QFE\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: IPSEC.SYS  >
[2008.04.14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2008.04.14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
 
< MD5 for: REGEDIT.EXE  >
[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\i386\REGEDIT.EXE
[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
 >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.06.06 12:35:26 | 001,859,072 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
 >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
 >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-09 11:47:58
 
<  >
 
<  >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 207 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:430C6D84

< End of report >
         
Angehängte Dateien
Dateityp: txt gmer.txt (24,0 KB, 261x aufgerufen)
Dateityp: txt Extras.Txt (47,7 KB, 205x aufgerufen)

Alt 02.01.2012, 15:11   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe - Standard

Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 03.01.2012, 14:40   #3
SaschaW
 
Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe - Standard

Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe



Es scheint auf jeden Fall schon etwas gebracht zu haben. Ich kann endlich wieder die Browser nutzen und nun auch die Logfiles direkt von dem Rechner hochladen.
Jedoch musste ich zwei Programme deinstallieren:
PC Tools und Browser Defender keine Ahnung was das beides war.

Ältere Logs von Malware Bytes hänge ich dir an.

Log Von Malware Bytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.02.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ludi :: LUFIFESKTOP [Administrator]

02.01.2012 20:34:23
mbam-log-2012-01-02 (20-34-23).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 270371
Laufzeit: 46 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Temp\winlogon.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Temp\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Log von ESET Online Scanner

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7dbaae8f9584844ea28d730b8d1f8a11
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-02 10:40:30
# local_time=2012-01-02 11:40:30 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777189 100 95 9734 68705977 0 0
# compatibility_mode=8192 67108863 100 0 4238 4238 0 0
# scanned=104955
# found=0
# cleaned=0
# scan_time=5799
         
__________________
Angehängte Dateien
Dateityp: txt mbam-log-2011-09-09 (14-12-19).txt (1,0 KB, 152x aufgerufen)
Dateityp: txt mbam-log-2011-09-09 (18-25-41).txt (1,1 KB, 151x aufgerufen)

Alt 03.01.2012, 19:11   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe - Standard

Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.01.2012, 21:08   #5
SaschaW
 
Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe - Standard

Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe



Hier der OTL-Log

Musste den Rechner 2 mal neubooten, weil er sich beim booten immer aufhing
Code:
ATTFilter
OTL logfile created on: 03.01.2012 20:53:26 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Ludi\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1015,17 Mb Total Physical Memory | 476,75 Mb Available Physical Memory | 46,96% Memory free
3,87 Gb Paging File | 3,44 Gb Available in Paging File | 88,87% Paging File free
Paging file location(s): C:\pagefile.sys 3048 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 137,04 Gb Total Space | 95,77 Gb Free Space | 69,88% Space Free | Partition Type: NTFS
 
Computer Name: LUFIFESKTOP | User Name: Ludi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.31 18:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ludi\Desktop\OTL.exe
PRC - [2011.12.31 10:45:23 | 000,855,904 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011.12.31 10:45:18 | 000,827,232 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2011.09.10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe
PRC - [2011.09.09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgnsx.exe
PRC - [2011.08.18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe
PRC - [2011.08.18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.05.23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe
PRC - [2011.03.16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgemcx.exe
PRC - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe
PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.31 10:45:23 | 000,855,904 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
MOD - [2011.12.31 10:45:18 | 000,827,232 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2011.12.31 10:45:17 | 000,692,224 | ---- | M] () -- C:\Programme\AVG Secure Search\iGearedHelper.dll
MOD - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (Norton Internet Security)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.12.31 10:45:23 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011.11.10 14:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.08.18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2008.07.16 13:00:00 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.05.05 23:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Programme\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005.02.09 10:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] --  -- (xcpip)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.05.27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.02.10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.01.07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009.03.23 13:06:52 | 000,130,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.02.20 08:45:28 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.02.20 08:43:38 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.02.20 08:42:26 | 005,030,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.07.16 12:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2008.04.13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.01.04 08:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005.12.21 08:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005.12.21 08:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005.12.21 08:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2003.07.24 11:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=0&o=xph&d=0510&m=el1600
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=0&o=xph&d=0510&m=el1600
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:blank|hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bb02f40dc-6f5b-4343-b428-1843e8e01c8a%7D&mid=9dead1a333d9602cc6c0e745f9141804-ff410752225ab06f23d3680d7640feb22c7c4f1b&ds=AVG&v=9.0.0.18.1&lang=de&pr=fr&d=2011-12-31%2010%3A44%3A48&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2012.01.03 09:13:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\9.0.0.18\ [2011.12.31 10:45:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.10 09:32:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2010.05.21 08:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Mozilla\Extensions
[2010.05.21 08:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2011.09.10 09:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.31 10:45:42 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\AVG SECURE SEARCH\9.0.0.18
[2012.01.03 09:13:34 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAMME\AVG\AVG10\FIREFOX4
[2010.05.09 11:13:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.05.11 08:09:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.09.03 07:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.31 10:45:16 | 000,003,766 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Programme\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7B70EA1-72BC-47CB-8B27-45B6C5ED70E8}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.09 13:06:40 | 000,000,087 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell - "" = AutoRun
O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell - "" = AutoRun
O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell - "" = AutoRun
O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "WTGService"
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "TomTomHOMEService"
MsConfig - Services: "RichVideo"
MsConfig - Services: "Pml Driver HPZ12"
MsConfig - Services: "PCLEPCI"
MsConfig - Services: "osppsvc"
MsConfig - Services: "ose"
MsConfig - Services: "Norton Internet Security"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "GameConsoleService"
MsConfig - Services: "ETService"
MsConfig - Services: "!SASCORE"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^F1U201.401.lnk - C:\Programme\Belkin\F1U201.401\usbshare.exe - ()
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Photosmart Premier – Schnellstart.lnk - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= -  File not found
MsConfig - StartUpReg: eRecoveryService - hkey= - key= -  File not found
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSPY2002 - hkey= - key= -  File not found
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: PHIME2002A - hkey= - key= -  File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= -  File not found
MsConfig - StartUpReg: Reminder - hkey= - key= - C:\Programme\Microsoft Money\System\REMINDER.EXE (Microsoft Corporation)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig - StartUpReg: USB2Check - hkey= - key= -  File not found
MsConfig - StartUpReg: WarReg_PopUp - hkey= - key= - C:\Programme\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.02 21:53:15 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.12.31 18:26:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ludi\Desktop\OTL.exe
[2011.12.31 14:26:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\Threat Expert
[2011.12.31 13:20:14 | 000,000,000 | ---D | C] -- C:\Programme\PC Tools Security
[2011.12.31 13:17:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2011.12.31 10:54:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hitman Pro
[2011.12.31 10:53:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Downloads
[2011.12.31 10:50:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\AVG Secure Search
[2011.12.31 10:45:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
[2011.12.31 10:45:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search
[2011.12.31 10:45:16 | 000,000,000 | ---D | C] -- C:\Programme\AVG Secure Search
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.03 20:55:44 | 142,155,899 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012.01.03 20:54:56 | 000,460,416 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.01.03 20:54:56 | 000,442,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.03 20:54:56 | 000,085,618 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.01.03 20:54:56 | 000,072,102 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.03 20:53:08 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BF366C04-092C-4F25-A053-9F7AEAA24F19}.job
[2012.01.03 20:48:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.03 20:48:23 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.03 09:13:35 | 000,000,688 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2011.lnk
[2012.01.02 16:35:58 | 000,000,758 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.02 16:33:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.02 16:33:47 | 000,367,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.01 00:10:35 | 000,608,848 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012.01.01 00:10:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.31 18:26:51 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\defogger_reenable
[2011.12.31 18:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ludi\Desktop\OTL.exe
[2011.12.31 18:21:26 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\Defogger.exe
[2011.12.31 18:21:14 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\53f5srff.exe
[2011.12.31 14:27:09 | 000,001,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Tools Spyware Doctor mit Antivirus.lnk
[2011.12.31 13:17:58 | 000,512,992 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\sdsetup_revwire207[1].exe
[2011.12.31 10:54:44 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011.12.25 18:26:26 | 000,000,041 | ---- | M] () -- C:\WINDOWS\MAHJONGG.INI
[2011.12.18 21:16:04 | 000,000,349 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PCLECHAL.INI
[2011.12.16 17:10:10 | 009,412,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\Meine Finanzen.mny
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.02 16:35:58 | 000,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.31 18:26:51 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\defogger_reenable
[2011.12.31 18:26:32 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\53f5srff.exe
[2011.12.31 18:26:21 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\Defogger.exe
[2011.12.31 18:21:14 | 1064,554,496 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.31 14:27:08 | 000,001,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Tools Spyware Doctor mit Antivirus.lnk
[2011.12.31 13:59:32 | 000,608,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011.12.31 13:17:59 | 000,512,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\sdsetup_revwire207[1].exe
[2011.12.31 10:54:44 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010.05.13 21:45:43 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010.05.13 15:56:07 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MAHJONGG.INI
[2010.05.13 15:52:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\stduser.ini
[2010.05.13 15:36:13 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.13 15:17:13 | 000,128,150 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010.05.10 17:15:59 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010.05.10 17:15:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010.05.10 17:15:57 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2010.05.09 14:04:04 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2010.05.09 13:23:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.05.09 13:10:32 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.05.09 13:06:39 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2010.05.09 13:06:39 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2010.05.09 13:06:39 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2010.05.09 13:06:39 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2010.05.09 13:06:39 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2010.05.09 10:46:59 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\INT15.dll
[2009.02.26 11:35:25 | 000,460,416 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2009.02.26 11:35:25 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2009.02.26 11:35:25 | 000,085,618 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2009.02.26 11:35:25 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2009.02.26 11:35:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009.02.26 11:35:19 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009.02.26 11:35:19 | 000,442,454 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009.02.26 11:35:19 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009.02.26 11:35:19 | 000,072,102 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009.02.26 11:35:19 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009.02.26 11:35:19 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009.02.26 11:35:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009.02.26 11:35:17 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009.02.26 11:35:17 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009.02.26 11:35:14 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009.02.26 11:35:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009.02.26 04:15:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.02.26 03:07:07 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.02.26 03:04:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.02.26 02:53:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009.02.26 02:53:10 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.02.26 02:52:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.02.26 02:48:29 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.02.26 02:47:17 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009.02.26 02:43:47 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.02.26 02:43:01 | 000,367,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.04.20 01:28:30 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006.01.04 10:12:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2001.07.07 02:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
 
========== LOP Check ==========
 
[2011.12.31 10:45:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
[2010.11.22 18:00:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar
[2010.11.22 17:38:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10
[2010.11.22 17:30:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2010.11.22 17:38:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2011.12.31 10:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hitman Pro
[2011.05.25 15:41:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2010.05.09 13:17:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2010.05.09 13:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio
[2012.01.02 21:55:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2010.05.21 08:58:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2009.02.26 03:40:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WildTangent
[2011.12.31 10:50:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\AVG Secure Search
[2010.11.22 17:43:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\AVG10
[2010.05.09 12:21:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\OpenOffice.org
[2010.05.09 13:48:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\proDAD
[2010.05.21 08:58:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\TomTom
[2012.01.03 20:53:08 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BF366C04-092C-4F25-A053-9F7AEAA24F19}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.05.09 14:14:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Adobe
[2011.12.31 10:50:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\AVG Secure Search
[2010.11.22 17:43:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\AVG10
[2010.05.13 21:45:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\CyberLink
[2010.05.13 19:41:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Help
[2010.06.15 16:21:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\HP
[2011.08.31 18:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\HpUpdate
[2009.02.26 02:53:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Identities
[2009.02.26 03:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\InstallShield
[2010.05.09 11:11:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Macromedia
[2011.09.09 13:10:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Malwarebytes
[2011.09.09 09:48:26 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Microsoft
[2011.09.10 09:37:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Mozilla
[2010.05.09 12:21:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\OpenOffice.org
[2010.05.09 13:48:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\proDAD
[2009.02.26 03:18:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Sun
[2011.09.09 13:09:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\SUPERAntiSpyware.com
[2010.05.21 08:58:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\TomTom
[2011.09.12 13:38:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\U3
 
< %APPDATA%\*.exe /s >
[2011.07.21 11:22:17 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Microsoft\Installer\{069730C2-755A-485B-A205-27A1AAFA836A}\ARPPRODUCTICON.exe
[2006.05.24 12:36:38 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\U3\temp\cleanup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.02.26 03:42:43 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.02.26 03:42:43 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.02.26 03:42:43 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:DFC5A2B2

< End of report >
         


Alt 04.01.2012, 16:15   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe - Standard

Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
SRV - File not found [Disabled | Stopped] --  -- (Norton Internet Security)
DRV - File not found [Kernel | On_Demand | Running] --  -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] --  -- (xcpip)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=0&o=xph&d=0510&m=el1600
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=0&o=xph&d=0510&m=el1600
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.09 13:06:40 | 000,000,087 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell - "" = AutoRun
O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell - "" = AutoRun
O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell - "" = AutoRun
O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun\command - "" = E:\AutoRun.exe
@Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:DFC5A2B2
:Files
C:\WINDOWS\jestertb.dll
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe

Alt 05.01.2012, 10:37   #7
SaschaW
 
Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe - Standard

Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe



OTL hat einen Reboot gemacht, leider hat sich danach Windows komplett aufgehängt so das ich den PC beim Booten neubooten musste, folgender Log kamdann:
Code:
ATTFilter
All processes killed
========== OTL ==========
Service Norton Internet Security stopped successfully!
Service Norton Internet Security deleted successfully!
Error: Unable to stop service xpsec!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xpsec deleted successfully.
Error: Unable to stop service xcpip!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xcpip deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca758172-b35a-11df-b2ad-00146cec8b46}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca758172-b35a-11df-b2ad-00146cec8b46}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca758172-b35a-11df-b2ad-00146cec8b46}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca758175-b35a-11df-b2ad-00146cec8b46}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca758175-b35a-11df-b2ad-00146cec8b46}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca758175-b35a-11df-b2ad-00146cec8b46}\ not found.
File E:\AutoRun.exe not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:430C6D84 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:DFC5A2B2 deleted successfully.
========== FILES ==========
C:\WINDOWS\jestertb.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 8024639 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 1256858 bytes
 
User: Ludi
->Temp folder emptied: 1096587558 bytes
->Temporary Internet Files folder emptied: 16510736 bytes
->Java cache emptied: 904233 bytes
->FireFox cache emptied: 40785959 bytes
->Flash cache emptied: 470 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 21792647 bytes
%systemroot%\System32\dllcache .tmp files removed: 999424 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13892792 bytes
RecycleBin emptied: 109227633 bytes
 
Total Files Cleaned = 1.249,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01042012_224917

Files\Folders moved on Reboot...
C:\WINDOWS\temp\1ea9eb89 moved successfully.
C:\WINDOWS\temp\7a3e4688 moved successfully.
C:\WINDOWS\temp\aee07271 moved successfully.
C:\WINDOWS\temp\e441a9f3 moved successfully.

Registry entries deleted on Reboot...
         

Alt 05.01.2012, 12:58   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe - Standard

Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.01.2012, 13:41   #9
SaschaW
 
Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe - Standard

Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe



Scan ohne zu löschen ausgeführt, Log ist hier:
Code:
ATTFilter
14:38:06.0562 3744	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:38:08.0343 3744	============================================================
14:38:08.0343 3744	Current date / time: 2012/01/05 14:38:08.0343
14:38:08.0343 3744	SystemInfo:
14:38:08.0343 3744	
14:38:08.0343 3744	OS Version: 5.1.2600 ServicePack: 3.0
14:38:08.0343 3744	Product type: Workstation
14:38:08.0343 3744	ComputerName: LUFIFESKTOP
14:38:08.0343 3744	UserName: Ludi
14:38:08.0343 3744	Windows directory: C:\WINDOWS
14:38:08.0343 3744	System windows directory: C:\WINDOWS
14:38:08.0343 3744	Processor architecture: Intel x86
14:38:08.0343 3744	Number of processors: 2
14:38:08.0343 3744	Page size: 0x1000
14:38:08.0343 3744	Boot type: Normal boot
14:38:08.0343 3744	============================================================
14:38:10.0203 3744	Initialize success
14:38:28.0625 2332	============================================================
14:38:28.0625 2332	Scan started
14:38:28.0625 2332	Mode: Manual; SigCheck; TDLFS; 
14:38:28.0625 2332	============================================================
14:38:28.0921 2332	Abiosdsk - ok
14:38:28.0984 2332	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:38:29.0296 2332	abp480n5 - ok
14:38:29.0421 2332	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:38:29.0656 2332	ACPI - ok
14:38:29.0687 2332	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:38:29.0890 2332	ACPIEC - ok
14:38:30.0046 2332	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:38:30.0265 2332	adpu160m - ok
14:38:30.0312 2332	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:38:30.0531 2332	aec - ok
14:38:30.0890 2332	AegisP          (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:38:30.0906 2332	AegisP ( UnsignedFile.Multi.Generic ) - warning
14:38:30.0906 2332	AegisP - detected UnsignedFile.Multi.Generic (1)
14:38:31.0078 2332	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:38:31.0203 2332	AFD - ok
14:38:31.0250 2332	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:38:31.0453 2332	agp440 - ok
14:38:31.0578 2332	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:38:31.0796 2332	agpCPQ - ok
14:38:31.0812 2332	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:38:31.0906 2332	Aha154x - ok
14:38:31.0937 2332	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:38:32.0156 2332	aic78u2 - ok
14:38:32.0281 2332	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:38:32.0515 2332	aic78xx - ok
14:38:32.0546 2332	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:38:32.0765 2332	AliIde - ok
14:38:32.0781 2332	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:38:33.0000 2332	alim1541 - ok
14:38:33.0187 2332	Ambfilt         (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
14:38:33.0312 2332	Ambfilt - ok
14:38:33.0453 2332	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:38:33.0687 2332	amdagp - ok
14:38:33.0718 2332	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:38:33.0812 2332	amsint - ok
14:38:33.0968 2332	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:38:34.0187 2332	asc - ok
14:38:34.0218 2332	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:38:34.0328 2332	asc3350p - ok
14:38:34.0468 2332	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:38:34.0703 2332	asc3550 - ok
14:38:34.0750 2332	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:38:34.0953 2332	AsyncMac - ok
14:38:35.0000 2332	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:38:35.0281 2332	atapi - ok
14:38:35.0390 2332	Atdisk - ok
14:38:35.0453 2332	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:38:35.0781 2332	Atmarpc - ok
14:38:35.0953 2332	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:38:36.0156 2332	audstub - ok
14:38:36.0234 2332	AVGIDSDriver    (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
14:38:36.0312 2332	AVGIDSDriver - ok
14:38:36.0375 2332	AVGIDSEH        (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
14:38:36.0390 2332	AVGIDSEH - ok
14:38:36.0531 2332	AVGIDSFilter    (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
14:38:36.0546 2332	AVGIDSFilter - ok
14:38:36.0609 2332	AVGIDSShim      (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
14:38:36.0656 2332	AVGIDSShim - ok
14:38:36.0718 2332	Avgldx86        (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
14:38:36.0750 2332	Avgldx86 - ok
14:38:36.0875 2332	Avgmfx86        (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
14:38:36.0906 2332	Avgmfx86 - ok
14:38:36.0921 2332	Avgrkx86        (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
14:38:36.0953 2332	Avgrkx86 - ok
14:38:37.0000 2332	Avgtdix         (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
14:38:37.0031 2332	Avgtdix - ok
14:38:37.0109 2332	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:38:37.0312 2332	Beep - ok
14:38:37.0468 2332	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:38:37.0687 2332	cbidf - ok
14:38:37.0703 2332	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:38:37.0921 2332	cbidf2k - ok
14:38:37.0953 2332	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:38:38.0171 2332	CCDECODE - ok
14:38:38.0312 2332	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:38:38.0421 2332	cd20xrnt - ok
14:38:38.0468 2332	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:38:38.0671 2332	Cdaudio - ok
14:38:38.0828 2332	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:38:39.0062 2332	Cdfs - ok
14:38:39.0109 2332	Cdrom           (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:38:39.0140 2332	Cdrom - ok
14:38:39.0265 2332	Changer - ok
14:38:39.0328 2332	CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:38:39.0546 2332	CmdIde - ok
14:38:39.0593 2332	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:38:39.0812 2332	Cpqarray - ok
14:38:39.0984 2332	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:38:40.0203 2332	dac2w2k - ok
14:38:40.0218 2332	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:38:40.0437 2332	dac960nt - ok
14:38:40.0609 2332	DCamUSBEMPIA    (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys
14:38:40.0671 2332	DCamUSBEMPIA - ok
14:38:40.0734 2332	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:38:40.0953 2332	Disk - ok
14:38:41.0140 2332	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
14:38:41.0406 2332	dmboot - ok
14:38:41.0546 2332	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
14:38:41.0781 2332	dmio - ok
14:38:41.0812 2332	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:38:42.0031 2332	dmload - ok
14:38:42.0203 2332	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:38:42.0421 2332	DMusic - ok
14:38:42.0468 2332	DNINDIS5        (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
14:38:42.0484 2332	DNINDIS5 ( UnsignedFile.Multi.Generic ) - warning
14:38:42.0484 2332	DNINDIS5 - detected UnsignedFile.Multi.Generic (1)
14:38:42.0656 2332	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:38:42.0875 2332	dpti2o - ok
14:38:42.0921 2332	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:38:43.0125 2332	drmkaud - ok
14:38:43.0312 2332	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:38:43.0546 2332	Fastfat - ok
14:38:43.0609 2332	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:38:43.0875 2332	Fdc - ok
14:38:44.0031 2332	FiltUSBEMPIA    (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys
14:38:44.0078 2332	FiltUSBEMPIA - ok
14:38:44.0125 2332	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
14:38:44.0359 2332	Fips - ok
14:38:44.0515 2332	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:38:44.0734 2332	Flpydisk - ok
14:38:44.0796 2332	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:38:45.0046 2332	FltMgr - ok
14:38:45.0218 2332	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:38:45.0437 2332	Fs_Rec - ok
14:38:45.0453 2332	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:38:45.0687 2332	Ftdisk - ok
14:38:45.0859 2332	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:38:46.0078 2332	Gpc - ok
14:38:46.0125 2332	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:38:46.0375 2332	HDAudBus - ok
14:38:46.0546 2332	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:38:46.0765 2332	hidusb - ok
14:38:46.0796 2332	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:38:47.0015 2332	hpn - ok
14:38:47.0171 2332	HPZid412        (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:38:47.0234 2332	HPZid412 - ok
14:38:47.0265 2332	HPZipr12        (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:38:47.0312 2332	HPZipr12 - ok
14:38:47.0468 2332	HPZius12        (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:38:47.0531 2332	HPZius12 - ok
14:38:47.0593 2332	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:38:47.0656 2332	HTTP - ok
14:38:47.0781 2332	hwdatacard - ok
14:38:47.0843 2332	i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:38:48.0062 2332	i2omgmt - ok
14:38:48.0078 2332	i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:38:48.0312 2332	i2omp - ok
14:38:48.0453 2332	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:38:48.0687 2332	i8042prt - ok
14:38:48.0921 2332	ialm            (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:38:49.0218 2332	ialm - ok
14:38:49.0406 2332	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:38:49.0625 2332	Imapi - ok
14:38:49.0687 2332	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:38:49.0921 2332	ini910u - ok
14:38:50.0093 2332	int15           (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\WINDOWS\system32\drivers\int15.sys
14:38:50.0125 2332	int15 - ok
14:38:50.0140 2332	int15.sys - ok
14:38:50.0328 2332	IntcAzAudAddService (f9bb9063a6557098dbaf7396e026c922) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:38:50.0593 2332	IntcAzAudAddService - ok
14:38:50.0750 2332	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:38:51.0000 2332	IntelIde - ok
14:38:51.0250 2332	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:38:51.0468 2332	intelppm - ok
14:38:51.0500 2332	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:38:51.0718 2332	Ip6Fw - ok
14:38:51.0859 2332	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:38:52.0078 2332	IpFilterDriver - ok
14:38:52.0109 2332	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:38:52.0343 2332	IpInIp - ok
14:38:52.0515 2332	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:38:52.0734 2332	IpNat - ok
14:38:52.0750 2332	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:38:52.0968 2332	IPSec - ok
14:38:53.0000 2332	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:38:53.0109 2332	IRENUM - ok
14:38:53.0281 2332	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:38:53.0484 2332	isapnp - ok
14:38:53.0515 2332	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:38:53.0734 2332	Kbdclass - ok
14:38:53.0781 2332	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:38:54.0000 2332	kbdhid - ok
14:38:54.0187 2332	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:38:54.0453 2332	kmixer - ok
14:38:54.0500 2332	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:38:54.0546 2332	KSecDD - ok
14:38:54.0671 2332	lbrtfdc - ok
14:38:54.0781 2332	MarvinBus       (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
14:38:54.0812 2332	MarvinBus ( UnsignedFile.Multi.Generic ) - warning
14:38:54.0812 2332	MarvinBus - detected UnsignedFile.Multi.Generic (1)
14:38:55.0093 2332	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:38:55.0359 2332	mnmdd - ok
14:38:55.0687 2332	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
14:38:55.0953 2332	Modem - ok
14:38:56.0468 2332	Monfilt         (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
14:38:56.0625 2332	Monfilt - ok
14:38:56.0968 2332	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:38:57.0203 2332	Mouclass - ok
14:38:57.0312 2332	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:38:57.0531 2332	mouhid - ok
14:38:57.0593 2332	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:38:57.0812 2332	MountMgr - ok
14:38:57.0906 2332	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
14:38:58.0125 2332	MPE - ok
14:38:58.0171 2332	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:38:58.0406 2332	mraid35x - ok
14:38:58.0468 2332	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:38:58.0687 2332	MRxDAV - ok
14:38:58.0734 2332	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:38:58.0796 2332	MRxSmb - ok
14:38:58.0921 2332	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:38:59.0156 2332	Msfs - ok
14:38:59.0187 2332	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:38:59.0406 2332	MSKSSRV - ok
14:38:59.0500 2332	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:38:59.0718 2332	MSPCLOCK - ok
14:38:59.0734 2332	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:38:59.0968 2332	MSPQM - ok
14:39:00.0140 2332	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:39:00.0343 2332	mssmbios - ok
14:39:00.0390 2332	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:39:00.0609 2332	MSTEE - ok
14:39:00.0781 2332	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:39:00.0828 2332	Mup - ok
14:39:00.0875 2332	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:39:01.0093 2332	NABTSFEC - ok
14:39:01.0171 2332	NAVENG - ok
14:39:01.0171 2332	NAVEX15 - ok
14:39:01.0343 2332	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:39:01.0843 2332	NDIS - ok
14:39:02.0000 2332	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:39:02.0218 2332	NdisIP - ok
14:39:02.0250 2332	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:39:02.0296 2332	NdisTapi - ok
14:39:02.0468 2332	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:39:02.0703 2332	Ndisuio - ok
14:39:02.0765 2332	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:39:02.0968 2332	NdisWan - ok
14:39:03.0265 2332	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:39:03.0343 2332	NDProxy - ok
14:39:03.0515 2332	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:39:03.0734 2332	NetBIOS - ok
14:39:03.0781 2332	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:39:03.0984 2332	NetBT - ok
14:39:04.0031 2332	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:39:04.0281 2332	Npfs - ok
14:39:04.0468 2332	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:39:04.0687 2332	Ntfs - ok
14:39:04.0750 2332	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:39:04.0953 2332	Null - ok
14:39:05.0093 2332	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:39:05.0328 2332	NwlnkFlt - ok
14:39:05.0343 2332	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:39:05.0562 2332	NwlnkFwd - ok
14:39:05.0609 2332	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
14:39:05.0859 2332	Parport - ok
14:39:06.0031 2332	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:39:06.0250 2332	PartMgr - ok
14:39:06.0296 2332	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
14:39:06.0531 2332	ParVdm - ok
14:39:06.0781 2332	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
14:39:07.0015 2332	PCI - ok
14:39:07.0015 2332	PCIDump - ok
14:39:07.0031 2332	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:39:07.0250 2332	PCIIde - ok
14:39:07.0312 2332	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:39:07.0531 2332	Pcmcia - ok
14:39:07.0656 2332	PDCOMP - ok
14:39:07.0671 2332	PDFRAME - ok
14:39:07.0687 2332	PDRELI - ok
14:39:07.0703 2332	PDRFRAME - ok
14:39:07.0765 2332	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:39:07.0984 2332	perc2 - ok
14:39:08.0015 2332	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:39:08.0234 2332	perc2hib - ok
14:39:08.0453 2332	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:39:08.0671 2332	PptpMiniport - ok
14:39:08.0687 2332	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:39:08.0921 2332	PSched - ok
14:39:08.0921 2332	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:39:09.0156 2332	Ptilink - ok
14:39:09.0312 2332	PxHelp20        (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:39:09.0343 2332	PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
14:39:09.0343 2332	PxHelp20 - detected UnsignedFile.Multi.Generic (1)
14:39:09.0406 2332	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:39:09.0609 2332	ql1080 - ok
14:39:09.0890 2332	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:39:10.0265 2332	Ql10wnt - ok
14:39:10.0453 2332	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:39:10.0750 2332	ql12160 - ok
14:39:10.0765 2332	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:39:11.0062 2332	ql1240 - ok
14:39:11.0343 2332	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:39:11.0984 2332	ql1280 - ok
14:39:12.0062 2332	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:39:12.0390 2332	RasAcd - ok
14:39:12.0578 2332	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:39:12.0937 2332	Rasl2tp - ok
14:39:12.0968 2332	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:39:13.0328 2332	RasPppoe - ok
14:39:13.0500 2332	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:39:14.0281 2332	Raspti - ok
14:39:14.0546 2332	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:39:14.0796 2332	Rdbss - ok
14:39:14.0968 2332	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:39:15.0187 2332	RDPCDD - ok
14:39:15.0234 2332	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:39:15.0453 2332	rdpdr - ok
14:39:15.0640 2332	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:39:15.0734 2332	RDPWD - ok
14:39:15.0906 2332	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:39:16.0125 2332	redbook - ok
14:39:16.0218 2332	RTLE8023xp      (20f8e21af426bf61881981452b3c3370) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:39:16.0312 2332	RTLE8023xp - ok
14:39:16.0468 2332	SASDIFSV        (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
14:39:16.0500 2332	SASDIFSV - ok
14:39:16.0531 2332	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
14:39:16.0562 2332	SASKUTIL - ok
14:39:16.0718 2332	ScanUSBEMPIA    (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys
14:39:16.0765 2332	ScanUSBEMPIA - ok
14:39:16.0828 2332	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:39:16.0953 2332	Secdrv - ok
14:39:17.0078 2332	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:39:17.0296 2332	serenum - ok
14:39:17.0328 2332	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
14:39:17.0562 2332	Serial - ok
14:39:17.0656 2332	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:39:17.0906 2332	Sfloppy - ok
14:39:18.0046 2332	Simbad - ok
14:39:18.0140 2332	sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:39:18.0375 2332	sisagp - ok
14:39:18.0718 2332	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:39:18.0968 2332	SLIP - ok
14:39:19.0156 2332	SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:39:19.0984 2332	SONYPVU1 - ok
14:39:20.0093 2332	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:39:20.0218 2332	Sparrow - ok
14:39:20.0265 2332	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:39:20.0468 2332	splitter - ok
14:39:20.0593 2332	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
14:39:20.0750 2332	sr - ok
14:39:20.0875 2332	SRTSP - ok
14:39:20.0890 2332	SRTSPX - ok
14:39:20.0968 2332	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:39:21.0046 2332	Srv - ok
14:39:21.0218 2332	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:39:21.0437 2332	streamip - ok
14:39:21.0484 2332	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:39:21.0703 2332	swenum - ok
14:39:21.0843 2332	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:39:22.0078 2332	swmidi - ok
14:39:22.0140 2332	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:39:22.0343 2332	symc810 - ok
14:39:22.0593 2332	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:39:22.0812 2332	symc8xx - ok
14:39:22.0859 2332	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:39:23.0078 2332	sym_hi - ok
14:39:23.0218 2332	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:39:23.0421 2332	sym_u3 - ok
14:39:23.0468 2332	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:39:23.0703 2332	sysaudio - ok
14:39:23.0890 2332	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:39:23.0968 2332	Tcpip - ok
14:39:24.0000 2332	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:39:24.0203 2332	TDPIPE - ok
14:39:24.0328 2332	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:39:24.0546 2332	TDTCP - ok
14:39:24.0578 2332	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:39:24.0781 2332	TermDD - ok
14:39:24.0859 2332	TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
14:39:25.0062 2332	TosIde - ok
14:39:25.0218 2332	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:39:25.0453 2332	Udfs - ok
14:39:25.0500 2332	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:39:25.0609 2332	ultra - ok
14:39:25.0750 2332	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:39:25.0968 2332	Update - ok
14:39:26.0031 2332	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:39:26.0265 2332	usbaudio - ok
14:39:26.0437 2332	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:39:26.0656 2332	usbccgp - ok
14:39:26.0703 2332	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:39:26.0937 2332	usbehci - ok
14:39:27.0046 2332	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:39:27.0265 2332	usbhub - ok
14:39:27.0359 2332	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:39:27.0593 2332	usbprint - ok
14:39:27.0640 2332	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:39:27.0859 2332	usbscan - ok
14:39:27.0953 2332	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:39:28.0171 2332	USBSTOR - ok
14:39:28.0359 2332	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:39:28.0593 2332	usbuhci - ok
14:39:28.0609 2332	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:39:28.0828 2332	VgaSave - ok
14:39:28.0859 2332	viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:39:29.0078 2332	viaagp - ok
14:39:29.0234 2332	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:39:29.0453 2332	ViaIde - ok
14:39:29.0484 2332	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
14:39:29.0703 2332	VolSnap - ok
14:39:29.0937 2332	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:39:30.0156 2332	Wanarp - ok
14:39:30.0156 2332	WDICA - ok
14:39:30.0203 2332	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:39:30.0421 2332	wdmaud - ok
14:39:30.0625 2332	WPN111 - ok
14:39:30.0703 2332	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:39:30.0890 2332	WS2IFSL - ok
14:39:31.0125 2332	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:39:31.0343 2332	WSTCODEC - ok
14:39:31.0390 2332	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:39:31.0453 2332	WudfPf - ok
14:39:31.0609 2332	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:39:31.0671 2332	WudfRd - ok
14:39:31.0703 2332	xcpip - ok
14:39:31.0718 2332	xpsec - ok
14:39:31.0781 2332	MBR (0x1B8)     (199d66d15be31321331253788f490d3d) \Device\Harddisk0\DR0
14:39:31.0781 2332	\Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
14:39:31.0781 2332	\Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
14:39:31.0921 2332	Boot (0x1200)   (0d6367f75c725cbc0527cd41a14a9f16) \Device\Harddisk0\DR0\Partition0
14:39:31.0921 2332	\Device\Harddisk0\DR0\Partition0 - ok
14:39:31.0921 2332	============================================================
14:39:31.0921 2332	Scan finished
14:39:31.0921 2332	============================================================
14:39:32.0046 2124	Detected object count: 5
14:39:32.0046 2124	Actual detected object count: 5
14:39:48.0203 2124	AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
14:39:48.0203 2124	AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:39:48.0203 2124	DNINDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
14:39:48.0203 2124	DNINDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:39:48.0203 2124	MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
14:39:48.0203 2124	MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:39:48.0218 2124	PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
14:39:48.0218 2124	PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:39:48.0218 2124	\Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - skipped by user
14:39:48.0218 2124	\Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Skip
         

Alt 05.01.2012, 14:35   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe - Standard

Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe



Zitat:
14:39:48.0218 2124 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - skipped by user
14:39:48.0218 2124 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Skip
Sinowal bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.01.2012, 18:32   #11
SaschaW
 
Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe - Standard

Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe



Neugestartet und neuen Log erstellt.

Code:
ATTFilter
19:29:31.0375 3960	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
19:29:33.0390 3960	============================================================
19:29:33.0390 3960	Current date / time: 2012/01/05 19:29:33.0390
19:29:33.0390 3960	SystemInfo:
19:29:33.0390 3960	
19:29:33.0390 3960	OS Version: 5.1.2600 ServicePack: 3.0
19:29:33.0390 3960	Product type: Workstation
19:29:33.0609 3960	ComputerName: LUFIFESKTOP
19:29:33.0609 3960	UserName: Ludi
19:29:33.0609 3960	Windows directory: C:\WINDOWS
19:29:33.0609 3960	System windows directory: C:\WINDOWS
19:29:33.0609 3960	Processor architecture: Intel x86
19:29:33.0609 3960	Number of processors: 2
19:29:33.0609 3960	Page size: 0x1000
19:29:33.0609 3960	Boot type: Normal boot
19:29:33.0609 3960	============================================================
19:29:35.0953 3960	Initialize success
19:29:52.0921 1824	============================================================
19:29:52.0921 1824	Scan started
19:29:52.0921 1824	Mode: Manual; SigCheck; TDLFS; 
19:29:52.0921 1824	============================================================
19:29:54.0312 1824	Abiosdsk - ok
19:29:54.0843 1824	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:30:01.0171 1824	abp480n5 - ok
19:30:01.0468 1824	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:30:01.0953 1824	ACPI - ok
19:30:02.0406 1824	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:30:02.0812 1824	ACPIEC - ok
19:30:03.0171 1824	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:30:03.0625 1824	adpu160m - ok
19:30:03.0906 1824	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:30:04.0218 1824	aec - ok
19:30:04.0421 1824	AegisP          (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:30:04.0453 1824	AegisP ( UnsignedFile.Multi.Generic ) - warning
19:30:04.0453 1824	AegisP - detected UnsignedFile.Multi.Generic (1)
19:30:04.0578 1824	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:30:04.0656 1824	AFD - ok
19:30:04.0718 1824	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:30:04.0937 1824	agp440 - ok
19:30:05.0046 1824	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:30:05.0265 1824	agpCPQ - ok
19:30:05.0312 1824	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:30:05.0421 1824	Aha154x - ok
19:30:05.0453 1824	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:30:05.0718 1824	aic78u2 - ok
19:30:05.0968 1824	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:30:06.0187 1824	aic78xx - ok
19:30:06.0250 1824	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:30:06.0453 1824	AliIde - ok
19:30:06.0562 1824	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:30:06.0812 1824	alim1541 - ok
19:30:06.0890 1824	Ambfilt         (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
19:30:07.0062 1824	Ambfilt - ok
19:30:07.0203 1824	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:30:07.0515 1824	amdagp - ok
19:30:07.0656 1824	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
19:30:07.0781 1824	amsint - ok
19:30:07.0812 1824	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
19:30:08.0078 1824	asc - ok
19:30:08.0218 1824	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:30:08.0343 1824	asc3350p - ok
19:30:08.0359 1824	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:30:09.0031 1824	asc3550 - ok
19:30:09.0468 1824	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:30:09.0875 1824	AsyncMac - ok
19:30:10.0093 1824	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:30:10.0390 1824	atapi - ok
19:30:10.0687 1824	Atdisk - ok
19:30:11.0046 1824	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:30:11.0453 1824	Atmarpc - ok
19:30:11.0640 1824	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:30:11.0968 1824	audstub - ok
19:30:12.0203 1824	AVGIDSDriver    (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
19:30:12.0531 1824	AVGIDSDriver - ok
19:30:12.0734 1824	AVGIDSEH        (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
19:30:12.0781 1824	AVGIDSEH - ok
19:30:12.0796 1824	AVGIDSFilter    (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
19:30:12.0843 1824	AVGIDSFilter - ok
19:30:13.0078 1824	AVGIDSShim      (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
19:30:13.0125 1824	AVGIDSShim - ok
19:30:13.0312 1824	Avgldx86        (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:30:13.0359 1824	Avgldx86 - ok
19:30:13.0515 1824	Avgmfx86        (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:30:13.0562 1824	Avgmfx86 - ok
19:30:13.0578 1824	Avgrkx86        (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:30:13.0640 1824	Avgrkx86 - ok
19:30:13.0703 1824	Avgtdix         (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:30:13.0750 1824	Avgtdix - ok
19:30:13.0859 1824	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:30:14.0203 1824	Beep - ok
19:30:14.0437 1824	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:30:14.0812 1824	cbidf - ok
19:30:14.0984 1824	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:30:15.0281 1824	cbidf2k - ok
19:30:15.0453 1824	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:30:15.0671 1824	CCDECODE - ok
19:30:15.0703 1824	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:30:15.0859 1824	cd20xrnt - ok
19:30:16.0015 1824	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:30:16.0281 1824	Cdaudio - ok
19:30:16.0343 1824	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:30:16.0593 1824	Cdfs - ok
19:30:16.0765 1824	Cdrom           (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:30:16.0875 1824	Cdrom - ok
19:30:17.0000 1824	Changer - ok
19:30:17.0062 1824	CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:30:17.0328 1824	CmdIde - ok
19:30:17.0484 1824	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:30:17.0718 1824	Cpqarray - ok
19:30:17.0750 1824	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:30:17.0984 1824	dac2w2k - ok
19:30:18.0140 1824	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:30:18.0406 1824	dac960nt - ok
19:30:18.0453 1824	DCamUSBEMPIA    (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys
19:30:18.0546 1824	DCamUSBEMPIA - ok
19:30:18.0734 1824	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:30:19.0000 1824	Disk - ok
19:30:19.0062 1824	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
19:30:19.0375 1824	dmboot - ok
19:30:19.0484 1824	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
19:30:19.0750 1824	dmio - ok
19:30:19.0765 1824	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:30:20.0062 1824	dmload - ok
19:30:20.0093 1824	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:30:20.0328 1824	DMusic - ok
19:30:20.0500 1824	DNINDIS5        (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
19:30:20.0515 1824	DNINDIS5 ( UnsignedFile.Multi.Generic ) - warning
19:30:20.0515 1824	DNINDIS5 - detected UnsignedFile.Multi.Generic (1)
19:30:20.0609 1824	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:30:20.0859 1824	dpti2o - ok
19:30:20.0984 1824	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:30:21.0203 1824	drmkaud - ok
19:30:21.0296 1824	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:30:21.0515 1824	Fastfat - ok
19:30:21.0687 1824	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:30:21.0937 1824	Fdc - ok
19:30:21.0968 1824	FiltUSBEMPIA    (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys
19:30:22.0031 1824	FiltUSBEMPIA - ok
19:30:22.0203 1824	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
19:30:22.0421 1824	Fips - ok
19:30:22.0484 1824	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:30:22.0734 1824	Flpydisk - ok
19:30:22.0890 1824	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:30:23.0125 1824	FltMgr - ok
19:30:23.0171 1824	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:30:23.0406 1824	Fs_Rec - ok
19:30:23.0640 1824	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:30:23.0906 1824	Ftdisk - ok
19:30:24.0078 1824	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:30:24.0328 1824	Gpc - ok
19:30:24.0375 1824	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:30:24.0609 1824	HDAudBus - ok
19:30:24.0750 1824	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:30:24.0968 1824	hidusb - ok
19:30:25.0015 1824	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
19:30:25.0234 1824	hpn - ok
19:30:25.0390 1824	HPZid412        (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:30:25.0484 1824	HPZid412 - ok
19:30:25.0781 1824	HPZipr12        (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:30:25.0906 1824	HPZipr12 - ok
19:30:26.0062 1824	HPZius12        (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:30:26.0140 1824	HPZius12 - ok
19:30:26.0296 1824	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:30:26.0421 1824	HTTP - ok
19:30:26.0531 1824	hwdatacard - ok
19:30:26.0609 1824	i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:30:26.0843 1824	i2omgmt - ok
19:30:26.0875 1824	i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:30:27.0093 1824	i2omp - ok
19:30:27.0250 1824	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:30:27.0468 1824	i8042prt - ok
19:30:27.0687 1824	ialm            (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:30:28.0078 1824	ialm - ok
19:30:28.0265 1824	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:30:28.0500 1824	Imapi - ok
19:30:28.0562 1824	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:30:28.0796 1824	ini910u - ok
19:30:28.0968 1824	int15           (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\WINDOWS\system32\drivers\int15.sys
19:30:29.0000 1824	int15 - ok
19:30:29.0000 1824	int15.sys - ok
19:30:29.0218 1824	IntcAzAudAddService (f9bb9063a6557098dbaf7396e026c922) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:30:29.0484 1824	IntcAzAudAddService - ok
19:30:29.0640 1824	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:30:29.0875 1824	IntelIde - ok
19:30:29.0906 1824	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:30:30.0140 1824	intelppm - ok
19:30:30.0281 1824	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:30:30.0500 1824	Ip6Fw - ok
19:30:30.0531 1824	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:30:30.0750 1824	IpFilterDriver - ok
19:30:30.0890 1824	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:30:31.0109 1824	IpInIp - ok
19:30:31.0156 1824	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:30:31.0390 1824	IpNat - ok
19:30:31.0578 1824	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:30:31.0796 1824	IPSec - ok
19:30:31.0812 1824	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:30:31.0937 1824	IRENUM - ok
19:30:32.0109 1824	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:30:32.0312 1824	isapnp - ok
19:30:32.0328 1824	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:30:32.0562 1824	Kbdclass - ok
19:30:32.0734 1824	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:30:32.0953 1824	kbdhid - ok
19:30:33.0015 1824	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:30:33.0218 1824	kmixer - ok
19:30:33.0406 1824	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:30:33.0484 1824	KSecDD - ok
19:30:33.0656 1824	lbrtfdc - ok
19:30:33.0781 1824	MarvinBus       (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
19:30:33.0812 1824	MarvinBus ( UnsignedFile.Multi.Generic ) - warning
19:30:33.0812 1824	MarvinBus - detected UnsignedFile.Multi.Generic (1)
19:30:34.0000 1824	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:30:34.0218 1824	mnmdd - ok
19:30:34.0234 1824	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
19:30:34.0468 1824	Modem - ok
19:30:34.0656 1824	Monfilt         (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
19:30:34.0781 1824	Monfilt - ok
19:30:34.0937 1824	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:30:35.0171 1824	Mouclass - ok
19:30:35.0218 1824	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:30:35.0437 1824	mouhid - ok
19:30:35.0593 1824	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:30:35.0828 1824	MountMgr - ok
19:30:35.0859 1824	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
19:30:36.0062 1824	MPE - ok
19:30:36.0218 1824	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:30:36.0437 1824	mraid35x - ok
19:30:36.0468 1824	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:30:36.0671 1824	MRxDAV - ok
19:30:36.0812 1824	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:30:36.0906 1824	MRxSmb - ok
19:30:36.0984 1824	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:30:37.0203 1824	Msfs - ok
19:30:37.0359 1824	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:30:37.0578 1824	MSKSSRV - ok
19:30:37.0593 1824	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:30:37.0828 1824	MSPCLOCK - ok
19:30:37.0843 1824	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:30:38.0062 1824	MSPQM - ok
19:30:38.0234 1824	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:30:38.0437 1824	mssmbios - ok
19:30:38.0593 1824	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:30:38.0828 1824	MSTEE - ok
19:30:39.0000 1824	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:30:39.0046 1824	Mup - ok
19:30:39.0093 1824	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:30:39.0328 1824	NABTSFEC - ok
19:30:39.0406 1824	NAVENG - ok
19:30:39.0406 1824	NAVEX15 - ok
19:30:39.0593 1824	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:30:39.0843 1824	NDIS - ok
19:30:39.0875 1824	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:30:40.0093 1824	NdisIP - ok
19:30:40.0250 1824	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:30:40.0359 1824	NdisTapi - ok
19:30:40.0406 1824	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:30:40.0640 1824	Ndisuio - ok
19:30:40.0812 1824	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:30:41.0031 1824	NdisWan - ok
19:30:41.0093 1824	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:30:41.0156 1824	NDProxy - ok
19:30:41.0343 1824	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:30:41.0562 1824	NetBIOS - ok
19:30:41.0609 1824	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:30:41.0828 1824	NetBT - ok
19:30:42.0046 1824	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:30:42.0265 1824	Npfs - ok
19:30:42.0328 1824	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:30:42.0562 1824	Ntfs - ok
19:30:42.0609 1824	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:30:42.0828 1824	Null - ok
19:30:43.0000 1824	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:30:43.0203 1824	NwlnkFlt - ok
19:30:43.0218 1824	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:30:43.0437 1824	NwlnkFwd - ok
19:30:43.0500 1824	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
19:30:43.0718 1824	Parport - ok
19:30:43.0890 1824	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:30:44.0109 1824	PartMgr - ok
19:30:44.0156 1824	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
19:30:44.0375 1824	ParVdm - ok
19:30:44.0546 1824	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
19:30:44.0781 1824	PCI - ok
19:30:44.0781 1824	PCIDump - ok
19:30:44.0796 1824	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:30:45.0015 1824	PCIIde - ok
19:30:45.0062 1824	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:30:45.0281 1824	Pcmcia - ok
19:30:45.0390 1824	PDCOMP - ok
19:30:45.0406 1824	PDFRAME - ok
19:30:45.0421 1824	PDRELI - ok
19:30:45.0437 1824	PDRFRAME - ok
19:30:45.0484 1824	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
19:30:45.0703 1824	perc2 - ok
19:30:45.0734 1824	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:30:45.0953 1824	perc2hib - ok
19:30:46.0171 1824	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:30:46.0375 1824	PptpMiniport - ok
19:30:46.0390 1824	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:30:46.0625 1824	PSched - ok
19:30:46.0656 1824	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:30:46.0875 1824	Ptilink - ok
19:30:47.0000 1824	PxHelp20        (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:30:47.0031 1824	PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
19:30:47.0031 1824	PxHelp20 - detected UnsignedFile.Multi.Generic (1)
19:30:47.0093 1824	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:30:47.0312 1824	ql1080 - ok
19:30:47.0484 1824	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:30:47.0703 1824	Ql10wnt - ok
19:30:47.0750 1824	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:30:47.0953 1824	ql12160 - ok
19:30:48.0109 1824	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:30:48.0328 1824	ql1240 - ok
19:30:48.0359 1824	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:30:48.0562 1824	ql1280 - ok
19:30:48.0609 1824	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:30:48.0812 1824	RasAcd - ok
19:30:49.0000 1824	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:30:49.0234 1824	Rasl2tp - ok
19:30:49.0250 1824	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:30:49.0468 1824	RasPppoe - ok
19:30:49.0468 1824	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:30:49.0687 1824	Raspti - ok
19:30:49.0718 1824	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:30:49.0953 1824	Rdbss - ok
19:30:50.0125 1824	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:30:50.0328 1824	RDPCDD - ok
19:30:50.0390 1824	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:30:50.0640 1824	rdpdr - ok
19:30:50.0812 1824	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:30:50.0906 1824	RDPWD - ok
19:30:51.0078 1824	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:30:51.0296 1824	redbook - ok
19:30:51.0406 1824	RTLE8023xp      (20f8e21af426bf61881981452b3c3370) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:30:51.0500 1824	RTLE8023xp - ok
19:30:51.0640 1824	SASDIFSV        (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
19:30:51.0671 1824	SASDIFSV - ok
19:30:51.0687 1824	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
19:30:51.0718 1824	SASKUTIL - ok
19:30:51.0875 1824	ScanUSBEMPIA    (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys
19:30:51.0921 1824	ScanUSBEMPIA - ok
19:30:52.0000 1824	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:30:52.0109 1824	Secdrv - ok
19:30:52.0234 1824	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:30:52.0453 1824	serenum - ok
19:30:52.0484 1824	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
19:30:52.0703 1824	Serial - ok
19:30:52.0781 1824	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:30:53.0000 1824	Sfloppy - ok
19:30:53.0125 1824	Simbad - ok
19:30:53.0203 1824	sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:30:53.0421 1824	sisagp - ok
19:30:53.0453 1824	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:30:53.0687 1824	SLIP - ok
19:30:53.0843 1824	SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:30:54.0046 1824	SONYPVU1 - ok
19:30:54.0109 1824	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:30:54.0234 1824	Sparrow - ok
19:30:54.0343 1824	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:30:54.0546 1824	splitter - ok
19:30:54.0609 1824	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
19:30:54.0734 1824	sr - ok
19:30:54.0859 1824	SRTSP - ok
19:30:54.0875 1824	SRTSPX - ok
19:30:54.0953 1824	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:30:55.0046 1824	Srv - ok
19:30:55.0218 1824	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:30:55.0500 1824	streamip - ok
19:30:55.0546 1824	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:30:55.0781 1824	swenum - ok
19:30:55.0906 1824	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:30:56.0125 1824	swmidi - ok
19:30:56.0156 1824	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:30:56.0375 1824	symc810 - ok
19:30:56.0421 1824	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:30:56.0640 1824	symc8xx - ok
19:30:56.0828 1824	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:30:57.0031 1824	sym_hi - ok
19:30:57.0078 1824	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:30:57.0296 1824	sym_u3 - ok
19:30:57.0453 1824	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:30:57.0671 1824	sysaudio - ok
19:30:57.0750 1824	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:30:57.0859 1824	Tcpip - ok
19:30:58.0031 1824	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:30:58.0250 1824	TDPIPE - ok
19:30:58.0296 1824	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:30:58.0531 1824	TDTCP - ok
19:30:58.0734 1824	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:30:58.0953 1824	TermDD - ok
19:30:59.0046 1824	TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
19:30:59.0250 1824	TosIde - ok
19:30:59.0421 1824	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:30:59.0640 1824	Udfs - ok
19:30:59.0671 1824	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
19:30:59.0781 1824	ultra - ok
19:30:59.0953 1824	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:31:00.0187 1824	Update - ok
19:31:00.0250 1824	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:31:00.0468 1824	usbaudio - ok
19:31:00.0609 1824	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:31:00.0828 1824	usbccgp - ok
19:31:00.0890 1824	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:31:01.0109 1824	usbehci - ok
19:31:01.0234 1824	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:31:01.0453 1824	usbhub - ok
19:31:01.0500 1824	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:31:01.0718 1824	usbprint - ok
19:31:01.0875 1824	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:31:02.0078 1824	usbscan - ok
19:31:02.0125 1824	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:31:02.0359 1824	USBSTOR - ok
19:31:02.0515 1824	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:31:02.0718 1824	usbuhci - ok
19:31:02.0765 1824	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:31:02.0968 1824	VgaSave - ok
19:31:03.0140 1824	viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:31:03.0343 1824	viaagp - ok
19:31:03.0359 1824	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:31:03.0593 1824	ViaIde - ok
19:31:03.0750 1824	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
19:31:03.0968 1824	VolSnap - ok
19:31:04.0015 1824	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:31:04.0234 1824	Wanarp - ok
19:31:04.0343 1824	WDICA - ok
19:31:04.0421 1824	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:31:04.0640 1824	wdmaud - ok
19:31:04.0718 1824	WPN111 - ok
19:31:04.0765 1824	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:31:04.0968 1824	WS2IFSL - ok
19:31:05.0140 1824	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:31:05.0359 1824	WSTCODEC - ok
19:31:05.0421 1824	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:31:05.0484 1824	WudfPf - ok
19:31:05.0640 1824	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:31:05.0687 1824	WudfRd - ok
19:31:05.0718 1824	xcpip - ok
19:31:05.0734 1824	xpsec - ok
19:31:05.0796 1824	MBR (0x1B8)     (ea228d2d5aad83b7544d12986bdf25a2) \Device\Harddisk0\DR0
19:31:07.0890 1824	\Device\Harddisk0\DR0 - ok
19:31:07.0921 1824	Boot (0x1200)   (0d6367f75c725cbc0527cd41a14a9f16) \Device\Harddisk0\DR0\Partition0
19:31:07.0921 1824	\Device\Harddisk0\DR0\Partition0 - ok
19:31:07.0921 1824	============================================================
19:31:07.0921 1824	Scan finished
19:31:07.0921 1824	============================================================
19:31:08.0046 1960	Detected object count: 4
19:31:08.0046 1960	Actual detected object count: 4
19:31:13.0203 1960	AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:13.0203 1960	AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:31:13.0203 1960	DNINDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:13.0218 1960	DNINDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:31:13.0218 1960	MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:13.0218 1960	MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:31:13.0218 1960	PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
19:31:13.0218 1960	PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 05.01.2012, 20:52   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe - Standard

Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.01.2012, 23:19   #13
SaschaW
 
Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe - Standard

Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe



Hier nun das Ergebnis von ComboFix:
Code:
ATTFilter
ComboFix 12-01-05.02 - Ludi 06.01.2012   0:01.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1015.424 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Ludi\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-05 bis 2012-01-05  ))))))))))))))))))))))))))))))
.
.
2012-01-04 21:49 . 2012-01-04 21:49	--------	d-----w-	C:\_OTL
2012-01-02 20:53 . 2012-01-02 20:53	--------	d-----w-	c:\programme\ESET
2011-12-31 13:26 . 2011-12-31 13:26	--------	d-----w-	c:\dokumente und einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\Threat Expert
2011-12-31 12:20 . 2012-01-02 20:56	--------	d-----w-	c:\programme\PC Tools Security
2011-12-31 12:17 . 2012-01-02 20:54	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2011-12-31 09:54 . 2011-12-31 09:54	23624	----a-w-	c:\windows\system32\drivers\hitmanpro35.sys
2011-12-31 09:54 . 2011-12-31 09:54	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Hitman Pro
2011-12-31 09:50 . 2011-12-31 09:50	--------	d-----w-	c:\dokumente und einstellungen\Ludi\Anwendungsdaten\AVG Secure Search
2011-12-31 09:45 . 2011-12-31 09:45	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVG Secure Search
2011-12-31 09:45 . 2011-12-31 09:45	--------	d-----w-	c:\programme\Gemeinsame Dateien\AVG Secure Search
2011-12-31 09:45 . 2011-12-31 09:45	--------	d-----w-	c:\programme\AVG Secure Search
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 14:24 . 2011-09-09 12:08	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-23 14:40 . 2009-02-26 10:35	1859712	----a-w-	c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2009-02-26 10:35	916992	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2009-02-26 10:35	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2009-02-26 10:35	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2009-02-26 10:35	385024	----a-w-	c:\windows\system32\html.iec
2011-11-01 16:07 . 2009-02-26 10:35	1288704	----a-w-	c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2009-02-26 10:35	33280	----a-w-	c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 07:30	2029568	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-14 07:29	2151424	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2009-02-26 10:35	186880	----a-w-	c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-02-26 01:48	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-09-03 06:18 . 2011-09-10 08:32	134104	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-20 18085888]
"UpdatePSTShortCut"="c:\programme\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"UpdateP2GoShortCut"="c:\programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"AVG_TRAY"="c:\programme\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"vProt"="c:\programme\AVG Secure Search\vprot.exe" [2011-12-31 827232]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^F1U201.401.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\F1U201.401.lnk
backup=c:\windows\pss\F1U201.401.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Photosmart Premier – Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Photosmart Premier – Schnellstart.lnk
backup=c:\windows\pss\HP Photosmart Premier – Schnellstart.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07	932288	----a-r-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44	35760	----a-w-	c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2009-02-20 07:45	57344	----a-w-	c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-12-24 10:29	103720	------w-	c:\programme\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-01-12 09:26	166424	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-01-12 09:25	141848	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00	208952	----a-w-	c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17	52256	----a-w-	c:\programme\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52	1695232	----a-w-	c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00	59392	----a-w-	c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-01-12 09:26	137752	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00	455168	----a-w-	c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00	455168	----a-w-	c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
1999-03-14 22:00	37376	----a-w-	c:\programme\Microsoft Money\System\REMINDER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 19:01	71216	------w-	c:\programme\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43	248040	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-08-12 21:37	4603264	----a-w-	c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21	247728	----a-w-	c:\programme\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2006-11-06 11:31	81920	----a-w-	c:\windows\system32\PCLECoInst.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-11-04 05:19	57344	----a-w-	c:\programme\eMachines\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WTGService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"TomTomHOMEService"=2 (0x2)
"RichVideo"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PCLEPCI"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"Norton Internet Security"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"GameConsoleService"=3 (0x3)
"ETService"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Programme\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Programme\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Programme\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programme\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programme\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programme\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Programme\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Programme\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.09.2010 16:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07.09.2010 03:48 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07.09.2010 03:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07.09.2010 03:49 297168]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [12.07.2011 22:55 67664]
R2 AVGIDSAgent;AVGIDSAgent;c:\programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.08.2011 01:33 7390560]
R2 avgwd;AVG WatchDog;c:\programme\AVG\AVG10\avgwdsvc.exe [08.02.2011 04:33 269520]
R2 vToolbarUpdater;vToolbarUpdater;c:\programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [31.12.2011 10:45 855904]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.08.2010 21:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.08.2010 21:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.08.2010 21:42 27216]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.02.2009 03:01 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programme\AVG\AVG10\Toolbar\ToolbarBroker.exe [25.05.2011 15:53 167264]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [10.05.2010 17:15 17149]
S3 osppsvc;Office Software Protection Platform;c:\programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 20:37 4640000]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 !SASCORE;SAS Core Service;c:\programme\SUPERAntiSpyware\SASCore.exe [12.08.2011 00:38 116608]
S4 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [09.05.2010 10:46 24576]
S4 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [22.04.2011 13:21 92592]
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-05 c:\windows\Tasks\User_Feed_Synchronization-{BF366C04-092C-4F25-A053-9F7AEAA24F19}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\dokumente und einstellungen\Ludi\Anwendungsdaten\Mozilla\Firefox\Profiles\az320fnm.default\
FF - prefs.js: browser.startup.homepage - about:blank|hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb02f40dc-6f5b-4343-b428-1843e8e01c8a%7D&mid=9dead1a333d9602cc6c0e745f9141804-ff410752225ab06f23d3680d7640feb22c7c4f1b&ds=AVG&v=9.0.0.18.1&lang=de&pr=fr&d=2011-12-31%2010%3A44%3A48&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-06 00:12
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-874574627-502627533-162025716-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-874574627-502627533-162025716-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-874574627-502627533-162025716-1005)
@Allowed: (Read) (S-1-5-21-874574627-502627533-162025716-1005)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
Zeit der Fertigstellung: 2012-01-06  00:16:07
ComboFix-quarantined-files.txt  2012-01-05 23:16
.
Vor Suchlauf: 15 Verzeichnis(se), 103.857.537.024 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 103.957.307.392 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8F8505799F1922BEE3CF119F517DC0E7
         

Alt 06.01.2012, 13:10   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe - Standard

Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.01.2012, 13:39   #15
SaschaW
 
Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe - Standard

Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe



Huhu,

Habe ich nun ausgeführt, ich wurde nur nicht zum Neustart aufgefordert, der Log ist hier:
Code:
ATTFilter
ComboFix 12-01-05.04 - Ludi 06.01.2012  14:23:53.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1015.388 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Ludi\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Ludi\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-06 bis 2012-01-06  ))))))))))))))))))))))))))))))
.
.
2012-01-04 21:49 . 2012-01-04 21:49	--------	d-----w-	C:\_OTL
2012-01-02 20:53 . 2012-01-02 20:53	--------	d-----w-	c:\programme\ESET
2011-12-31 13:26 . 2011-12-31 13:26	--------	d-----w-	c:\dokumente und einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\Threat Expert
2011-12-31 12:20 . 2012-01-02 20:56	--------	d-----w-	c:\programme\PC Tools Security
2011-12-31 12:17 . 2012-01-02 20:54	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2011-12-31 09:54 . 2011-12-31 09:54	23624	----a-w-	c:\windows\system32\drivers\hitmanpro35.sys
2011-12-31 09:54 . 2011-12-31 09:54	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Hitman Pro
2011-12-31 09:50 . 2011-12-31 09:50	--------	d-----w-	c:\dokumente und einstellungen\Ludi\Anwendungsdaten\AVG Secure Search
2011-12-31 09:45 . 2011-12-31 09:45	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVG Secure Search
2011-12-31 09:45 . 2011-12-31 09:45	--------	d-----w-	c:\programme\Gemeinsame Dateien\AVG Secure Search
2011-12-31 09:45 . 2011-12-31 09:45	--------	d-----w-	c:\programme\AVG Secure Search
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 14:24 . 2011-09-09 12:08	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-23 14:40 . 2009-02-26 10:35	1859712	----a-w-	c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2009-02-26 10:35	916992	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2009-02-26 10:35	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2009-02-26 10:35	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2009-02-26 10:35	385024	----a-w-	c:\windows\system32\html.iec
2011-11-01 16:07 . 2009-02-26 10:35	1288704	----a-w-	c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2009-02-26 10:35	33280	----a-w-	c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 07:30	2029568	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-14 07:29	2151424	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2009-02-26 10:35	186880	----a-w-	c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-02-26 01:48	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-09-03 06:18 . 2011-09-10 08:32	134104	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-01-05_23.12.09   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-26 10:35 . 2012-01-06 13:22	72102              c:\windows\system32\perfc009.dat
- 2009-02-26 10:35 . 2012-01-05 22:58	72102              c:\windows\system32\perfc009.dat
- 2009-02-26 10:35 . 2012-01-05 22:58	85618              c:\windows\system32\perfc007.dat
+ 2009-02-26 10:35 . 2012-01-06 13:22	85618              c:\windows\system32\perfc007.dat
+ 2009-02-26 10:35 . 2012-01-06 13:22	442454              c:\windows\system32\perfh009.dat
- 2009-02-26 10:35 . 2012-01-05 22:58	442454              c:\windows\system32\perfh009.dat
+ 2009-02-26 10:35 . 2012-01-06 13:22	460416              c:\windows\system32\perfh007.dat
- 2009-02-26 10:35 . 2012-01-05 22:58	460416              c:\windows\system32\perfh007.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-20 18085888]
"UpdatePSTShortCut"="c:\programme\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"UpdateP2GoShortCut"="c:\programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"AVG_TRAY"="c:\programme\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"vProt"="c:\programme\AVG Secure Search\vprot.exe" [2011-12-31 827232]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^F1U201.401.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\F1U201.401.lnk
backup=c:\windows\pss\F1U201.401.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Photosmart Premier – Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Photosmart Premier – Schnellstart.lnk
backup=c:\windows\pss\HP Photosmart Premier – Schnellstart.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07	932288	----a-r-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44	35760	----a-w-	c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2009-02-20 07:45	57344	----a-w-	c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-12-24 10:29	103720	------w-	c:\programme\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-01-12 09:26	166424	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-01-12 09:25	141848	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00	208952	----a-w-	c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17	52256	----a-w-	c:\programme\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52	1695232	----a-w-	c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00	59392	----a-w-	c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-01-12 09:26	137752	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00	455168	----a-w-	c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00	455168	----a-w-	c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
1999-03-14 22:00	37376	----a-w-	c:\programme\Microsoft Money\System\REMINDER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 19:01	71216	------w-	c:\programme\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43	248040	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-08-12 21:37	4603264	----a-w-	c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21	247728	----a-w-	c:\programme\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2006-11-06 11:31	81920	----a-w-	c:\windows\system32\PCLECoInst.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-11-04 05:19	57344	----a-w-	c:\programme\eMachines\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WTGService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"TomTomHOMEService"=2 (0x2)
"RichVideo"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PCLEPCI"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"Norton Internet Security"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"GameConsoleService"=3 (0x3)
"ETService"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Programme\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Programme\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Programme\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programme\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programme\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programme\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Programme\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Programme\\AVG\\AVG10\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.09.2010 16:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07.09.2010 03:48 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07.09.2010 03:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07.09.2010 03:49 297168]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [12.07.2011 22:55 67664]
R2 avgwd;AVG WatchDog;c:\programme\AVG\AVG10\avgwdsvc.exe [08.02.2011 04:33 269520]
R2 vToolbarUpdater;vToolbarUpdater;c:\programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [31.12.2011 10:45 855904]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.08.2010 21:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.08.2010 21:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.08.2010 21:42 27216]
S2 AVGIDSAgent;AVGIDSAgent;c:\programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.08.2011 01:33 7390560]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.02.2009 03:01 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programme\AVG\AVG10\Toolbar\ToolbarBroker.exe [25.05.2011 15:53 167264]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [10.05.2010 17:15 17149]
S3 osppsvc;Office Software Protection Platform;c:\programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 20:37 4640000]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 !SASCORE;SAS Core Service;c:\programme\SUPERAntiSpyware\SASCore.exe [12.08.2011 00:38 116608]
S4 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [09.05.2010 10:46 24576]
S4 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [22.04.2011 13:21 92592]
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-06 c:\windows\Tasks\User_Feed_Synchronization-{BF366C04-092C-4F25-A053-9F7AEAA24F19}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\dokumente und einstellungen\Ludi\Anwendungsdaten\Mozilla\Firefox\Profiles\az320fnm.default\
FF - prefs.js: browser.startup.homepage - about:blank|hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb02f40dc-6f5b-4343-b428-1843e8e01c8a%7D&mid=9dead1a333d9602cc6c0e745f9141804-ff410752225ab06f23d3680d7640feb22c7c4f1b&ds=AVG&v=9.0.0.18.1&lang=de&pr=fr&d=2011-12-31%2010%3A44%3A48&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-06 14:32
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-874574627-502627533-162025716-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-874574627-502627533-162025716-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-874574627-502627533-162025716-1005)
@Allowed: (Read) (S-1-5-21-874574627-502627533-162025716-1005)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(684)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2012-01-06  14:35:40
ComboFix-quarantined-files.txt  2012-01-06 13:35
ComboFix2.txt  2012-01-05 23:16
.
Vor Suchlauf: 20 Verzeichnis(se), 103.980.253.184 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 103.958.396.928 Bytes frei
.
- - End Of File - - 40611F9464F44EDFB0602FF80515461B
         

Antwort

Themen zu Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe
0x00000001, 32 bit, alternate, avg, avg secure search, avg security toolbar, bho, browser, c:\windows\system32\rundll32.exe, c:\windows\system32\services.exe, cid, document, einstellungen, entfernen, excel.exe, firefox, format, google, home, langsam, logfile, popup, problem, realtek, registry, required, rundll, scan, secure search, security, security update, services.exe, sicherheit, system, trojaner, vtoolbarupdater, win32k.sys, windows, windows xp



Ähnliche Themen: Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe


  1. Virus in 'C:\Windows\System32\services.exe'
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (5)
  2. C:\Windows\System32\services.exe Infiziert!
    Plagegeister aller Art und deren Bekämpfung - 25.05.2013 (58)
  3. W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe
    Log-Analyse und Auswertung - 23.05.2013 (54)
  4. 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe'
    Log-Analyse und Auswertung - 15.05.2013 (24)
  5. Trojaner: Patched_c.LYU laut AVG in c:\Windows\System32\services.exe!
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (13)
  6. Malware-gen in C:\Windows\System32\services.exe Windows 7 Service Pack 1 x86 NTFS
    Log-Analyse und Auswertung - 11.11.2012 (13)
  7. TR/ATRAPS.Gen2, TR/Sirefef.16896 (in C:\Windows\Installer\...) und W32/Patched.UA (C:\Windows\System32\services.exe)
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (5)
  8. Trojaner Dropper.Generic_c.MMI in C:\Windows\system32\services.exe
    Log-Analyse und Auswertung - 15.08.2012 (3)
  9. W32/Patched.UB in c:\windows\system32\services.exe
    Log-Analyse und Auswertung - 02.08.2012 (7)
  10. Avast Fehler bei windows\System32\services.exe
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  11. Trojaner: Patched_c.LYU laut AVG in c:\Windows\System32\services.exe!
    Plagegeister aller Art und deren Bekämpfung - 06.07.2012 (6)
  12. C:\windows\system32\services.exe - SVC Host trojaner
    Log-Analyse und Auswertung - 04.07.2012 (3)
  13. Generic Host Process for Win32 Services hat ein Problem festgestellt = W32/Generic.worm!p2p
    Log-Analyse und Auswertung - 06.09.2011 (25)
  14. Generic Host process for win32 services windows xp sp3
    Log-Analyse und Auswertung - 31.10.2010 (1)
  15. c:\windows\system32\userinit.exe mit Trojaner (Generic 18.BESH) infiziert, Bereinigung ohne Erfolg
    Plagegeister aller Art und deren Bekämpfung - 10.08.2010 (8)
  16. Generic Host process for win32 services windows xp sp3
    Log-Analyse und Auswertung - 24.06.2009 (15)
  17. C:\\windows\system32\services.exe Problem
    Log-Analyse und Auswertung - 28.06.2007 (6)

Zum Thema Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe - Hallo Liebe Foren-Gemeinde, mein Großvater hat mir gestern seinen Rechner vorbeigebracht mit einem Problem, er sagte mir er könne nicht mehr Google verwenden und er würde langsam werden. Es handelt - Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe...
Archiv
Du betrachtest: Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.