Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Mit Windows-VerschlüsselungsTrojaner infiziert!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.06.2012, 21:48   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mit Windows-VerschlüsselungsTrojaner infiziert! - Standard

Mit Windows-VerschlüsselungsTrojaner infiziert!



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Alt 13.06.2012, 13:33   #17
nirmala
 
Mit Windows-VerschlüsselungsTrojaner infiziert! - Standard

Mit Windows-VerschlüsselungsTrojaner infiziert!



Hi,

hier der neue OTL-QuickScan:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.06.2012 14:56:19 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Dokumente und Einstellungen\Nirmala\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,98 Mb Total Physical Memory | 504,05 Mb Available Physical Memory | 49,71% Memory free
2,38 Gb Paging File | 1,87 Gb Available in Paging File | 78,30% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,88 Gb Total Space | 43,43 Gb Free Space | 77,71% Space Free | Partition Type: NTFS
 
Computer Name: SEIDL-PRI9PQQLM | User Name: Nirmala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.13 14:51:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Nirmala\Desktop\OTL.exe
PRC - [2012.05.08 18:32:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 18:32:21 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 18:32:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 18:32:21 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.02 20:46:58 | 000,329,544 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.02.16 15:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2011.11.15 20:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.10.05 17:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2005.05.18 15:57:36 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Programme\ltmoh\ltmoh.exe
PRC - [2005.04.04 21:20:32 | 001,102,848 | ---- | M] (AuthenTec, Inc.) -- C:\Programme\Fingerprint Sensor\ATSwpNav.exe
PRC - [2003.08.19 17:23:34 | 000,032,873 | ---- | M] () -- C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.08 18:32:32 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.04.02 20:46:58 | 000,329,544 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe
MOD - [2009.03.30 04:34:30 | 000,280,143 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\libidn-11.dll
MOD - [2009.03.27 22:02:24 | 000,332,254 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\libssl32.dll
MOD - [2009.03.27 22:02:22 | 001,554,920 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\libeay32.dll
MOD - [2003.08.19 17:23:34 | 000,032,873 | ---- | M] () -- C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.05.08 18:32:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 18:32:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.03 10:53:52 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.11 02:06:10 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012.04.11 01:59:14 | 000,542,552 | ---- | M] () [Auto | Stopped] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.02 20:46:58 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.11.15 20:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2006.10.05 17:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.05.08 18:32:32 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 18:32:32 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006.11.28 20:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.09.12 10:49:44 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005.08.22 18:07:56 | 000,116,669 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2005.07.13 17:26:52 | 003,851,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.02.23 18:03:54 | 000,051,584 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005.02.23 15:56:00 | 000,024,960 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2005.02.23 12:35:40 | 000,014,256 | ---- | M] (ProDyne) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\PDDSLHND.SYS -- (PDDSLHND)
DRV - [2005.02.23 12:35:32 | 000,015,568 | ---- | M] (ProDyne) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PDDSLADP.SYS -- (PDDSLADP)
DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.12.05 21:57:14 | 000,307,456 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2004.10.18 15:08:00 | 000,005,632 | ---- | M] (Fujitsu Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FUJ02E1.sys -- (FUJ02E1)
DRV - [2004.10.14 04:37:22 | 000,046,080 | ---- | M] (Realtek Semiconductor Corporation       ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004.01.17 21:15:20 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2001.08.01 21:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10019&barid={622A4F73-B3CA-11E1-AFA0-001742025ACC}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{B2066193-85ED-4A0E-8EF9-EA6F818D2429}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10019&barid={622A4F73-B3CA-11E1-AFA0-001742025ACC}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1801674531-861567501-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10019&barid={622A4F73-B3CA-11E1-AFA0-001742025ACC}
IE - HKU\S-1-5-21-1801674531-861567501-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1801674531-861567501-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1801674531-861567501-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 6E 54 59 34 CA CC 01  [binary data]
IE - HKU\S-1-5-21-1801674531-861567501-682003330-1005\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-1801674531-861567501-682003330-1005\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-1801674531-861567501-682003330-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1801674531-861567501-682003330-1005\..\SearchScopes\{B2066193-85ED-4A0E-8EF9-EA6F818D2429}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE466
IE - HKU\S-1-5-21-1801674531-861567501-682003330-1005\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10019&barid={622A4F73-B3CA-11E1-AFA0-001742025ACC}
IE - HKU\S-1-5-21-1801674531-861567501-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.03 10:53:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2012.04.03 14:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Nirmala\Anwendungsdaten\Mozilla\Extensions
[2012.06.11 15:36:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Nirmala\Anwendungsdaten\Mozilla\Firefox\Profiles\pg2f7cg2.default\extensions
[2012.06.11 15:37:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.11 15:37:19 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2012.05.03 10:53:52 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.11 20:36:06 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-1801674531-861567501-682003330-1005\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATSwpNav] C:\Programme\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LtMoh] C:\Programme\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1315314076218 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_01)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{630A4E80-41FE-465D-89DF-CDA8A59D2286}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
 
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.13 14:51:18 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Nirmala\Desktop\OTL.exe
[2012.06.12 18:12:41 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\Nirmala\Desktop\unhide2012.exe
[2012.06.11 20:49:25 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.06.11 20:33:12 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012.06.11 19:51:08 | 000,000,000 | ---D | C] -- C:\11.6
[2012.06.11 16:31:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Nirmala\Anwendungsdaten\Malwarebytes
[2012.06.11 16:31:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.06.11 16:30:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.06.11 16:30:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.11 16:30:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.06.11 15:48:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012.06.11 15:48:24 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2012.06.11 15:38:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hotspot Shield
[2012.06.11 15:37:23 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2012.06.11 15:37:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Hotspot Shield
[2012.06.11 15:37:10 | 000,000,000 | ---D | C] -- C:\Programme\Hotspot Shield
[2012.06.11 15:35:57 | 000,000,000 | ---D | C] -- C:\Programme\SweetIM
[2012.06.11 15:35:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2012.06.11 15:30:03 | 001,494,856 | ---- | C] (Aedge Performance BCN SL) -- C:\Programme\FreeCompressor-setup.exe
[2012.06.09 03:14:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware
[2012.06.08 22:55:39 | 000,000,000 | ---D | C] -- C:\8.6
[2012.06.08 06:10:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ant.ware
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.13 15:15:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{913B54A0-09BC-4CC9-AC22-298311CF74C2}.job
[2012.06.13 14:59:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.13 14:51:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Nirmala\Desktop\OTL.exe
[2012.06.13 14:50:20 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012.06.13 14:42:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.13 14:40:16 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.13 14:39:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.13 14:39:56 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.13 14:25:43 | 000,463,382 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.13 14:25:43 | 000,444,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.13 14:25:43 | 000,086,226 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.13 14:25:43 | 000,072,724 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.13 14:16:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.12 18:45:29 | 000,001,710 | ---- | M] () -- C:\Dokumente und Einstellungen\Nirmala\Desktop\Alice Einrichtungsassistent.lnk
[2012.06.12 18:14:47 | 000,001,746 | ---- | M] () -- C:\Dokumente und Einstellungen\Nirmala\Desktop\FOTO THUN AG MAHNUNG Burmakatze.7z
[2012.06.12 18:14:33 | 000,001,858 | ---- | M] () -- C:\Dokumente und Einstellungen\Nirmala\Desktop\Mahnung burmakatze Flirt-Fever Internetional.7z
[2012.06.12 18:12:49 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Dokumente und Einstellungen\Nirmala\Desktop\unhide2012.exe
[2012.06.12 16:36:48 | 000,003,270 | ---- | M] () -- C:\Dokumente und Einstellungen\Nirmala\Desktop\FOTO THUN AG MAHNUNG Burmakatze.eml
[2012.06.12 16:31:03 | 000,003,413 | ---- | M] () -- C:\Dokumente und Einstellungen\Nirmala\Desktop\Mahnung burmakatze Flirt-Fever Internetional.eml
[2012.06.12 16:24:32 | 000,015,500 | ---- | M] () -- C:\Dokumente und Einstellungen\Nirmala\Desktop\Re_ Aw_ Re_  Re_  Re_ Fw_  Re_  diese Woche.eml
[2012.06.12 04:15:01 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.06.11 20:36:06 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012.06.11 16:31:07 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.11 15:58:40 | 000,266,694 | ---- | M] () -- C:\_OTL.7z
[2012.06.11 15:48:12 | 001,110,476 | ---- | M] () -- C:\Programme\7-ZIP-7z920.exe
[2012.06.11 15:39:12 | 000,000,783 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Hotspot Shield Launch.lnk
[2012.06.11 15:30:12 | 001,494,856 | ---- | M] (Aedge Performance BCN SL) -- C:\Programme\FreeCompressor-setup.exe
[2012.05.29 19:09:20 | 000,013,824 | ---- | M] () -- C:\Dokumente und Einstellungen\Nirmala\Desktop\xQETUNyesvLpfg
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.12 18:14:47 | 000,001,746 | ---- | C] () -- C:\Dokumente und Einstellungen\Nirmala\Desktop\FOTO THUN AG MAHNUNG Burmakatze.7z
[2012.06.12 18:14:33 | 000,001,858 | ---- | C] () -- C:\Dokumente und Einstellungen\Nirmala\Desktop\Mahnung burmakatze Flirt-Fever Internetional.7z
[2012.06.12 16:36:47 | 000,003,270 | ---- | C] () -- C:\Dokumente und Einstellungen\Nirmala\Desktop\FOTO THUN AG MAHNUNG Burmakatze.eml
[2012.06.12 16:31:03 | 000,003,413 | ---- | C] () -- C:\Dokumente und Einstellungen\Nirmala\Desktop\Mahnung burmakatze Flirt-Fever Internetional.eml
[2012.06.12 16:24:29 | 000,015,500 | ---- | C] () -- C:\Dokumente und Einstellungen\Nirmala\Desktop\Re_ Aw_ Re_  Re_  Re_ Fw_  Re_  diese Woche.eml
[2012.06.11 21:51:48 | 000,000,386 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012.06.11 16:31:07 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.11 15:58:33 | 000,266,694 | ---- | C] () -- C:\_OTL.7z
[2012.06.11 15:46:03 | 001,110,476 | ---- | C] () -- C:\Programme\7-ZIP-7z920.exe
[2012.06.11 15:39:12 | 000,000,783 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Hotspot Shield Launch.lnk
[2012.02.15 18:25:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.05 10:02:59 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Nirmala\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.09.23 10:39:13 | 000,042,982 | ---- | C] () -- C:\WINDOWS\System32\PDDSLADP.DLL
[2011.09.07 09:24:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.09.06 12:58:58 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2011.09.06 12:58:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011.09.06 11:17:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.09.06 11:15:55 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.09.06 10:49:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.09.06 10:46:23 | 000,001,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2011.09.06 10:44:33 | 000,028,771 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
[2011.09.06 10:44:33 | 000,024,673 | ---- | C] () -- C:\WINDOWS\System32\java.exe
[2011.09.06 10:38:09 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
 
========== LOP Check ==========
 
[2012.06.08 06:12:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ant.ware
[2012.06.11 15:38:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hotspot Shield
[2012.06.11 15:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2012.06.05 13:22:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nirmala\Anwendungsdaten\AliceHilfe
[2012.06.05 13:22:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nirmala\Anwendungsdaten\SumatraPDF
[2012.06.13 15:15:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{913B54A0-09BC-4CC9-AC22-298311CF74C2}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< :OTL >
 
<  >
 
< Code: >
 
< --------- >
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.10 13:36:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nirmala\Anwendungsdaten\Adobe
[2011.10.15 10:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nirmala\Anwendungsdaten\AdobeUM
[2012.06.05 13:22:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nirmala\Anwendungsdaten\AliceHilfe
[2012.03.28 18:13:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nirmala\Anwendungsdaten\Avira
[2012.01.10 14:07:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nirmala\Anwendungsdaten\Google
[2011.09.07 11:54:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nirmala\Anwendungsdaten\Identities
[2011.09.23 10:26:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nirmala\Anwendungsdaten\Macromedia
[2012.06.11 16:31:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nirmala\Anwendungsdaten\Malwarebytes
[2012.06.05 13:22:09 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Nirmala\Anwendungsdaten\Microsoft
[2012.04.03 14:44:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nirmala\Anwendungsdaten\Mozilla
[2012.06.05 13:22:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nirmala\Anwendungsdaten\SumatraPDF
[2011.09.06 10:44:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nirmala\Anwendungsdaten\Sun
 
< %APPDATA%\*.exe /s >
[2011.11.27 21:24:40 | 008,197,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Nirmala\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
 
< %SYSTEMDRIVE%\*.exe >
[2011.07.13 04:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
< MD5 for: AGP440.SYS  >
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2003.04.02 14:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2003.04.23 09:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2003.04.23 09:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2003.04.23 09:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2003.04.02 14:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2003.04.02 14:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2003.04.02 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
[2002.11.22 12:28:16 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=DB15B2FE24ECCE331EA3A954F6F90448 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2003.04.02 14:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 21:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012.04.04 21:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Software\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2003.04.02 14:00:00 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2003.04.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2003.04.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2011.09.06 12:15:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.09.06 12:15:04 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.09.06 12:15:03 | 000,413,696 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< --------- >
 
<  >

< End of report >
         
--- --- ---

Danke!
Gruß,
Nirmala
__________________


Alt 13.06.2012, 16:19   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mit Windows-VerschlüsselungsTrojaner infiziert! - Standard

Mit Windows-VerschlüsselungsTrojaner infiziert!



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10019&barid={622A4F73-B3CA-11E1-AFA0-001742025ACC}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10019&barid={622A4F73-B3CA-11E1-AFA0-001742025ACC}
IE - HKU\S-1-5-21-1801674531-861567501-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10019&barid={622A4F73-B3CA-11E1-AFA0-001742025ACC}
IE - HKU\S-1-5-21-1801674531-861567501-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1801674531-861567501-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1801674531-861567501-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 6E 54 59 34 CA CC 01  [binary data]
IE - HKU\S-1-5-21-1801674531-861567501-682003330-1005\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-1801674531-861567501-682003330-1005\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-1801674531-861567501-682003330-1005\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10019&barid={622A4F73-B3CA-11E1-AFA0-001742025ACC}
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-1801674531-861567501-682003330-1005\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
__________________

Alt 14.06.2012, 08:10   #19
nirmala
 
Mit Windows-VerschlüsselungsTrojaner infiziert! - Standard

Mit Windows-VerschlüsselungsTrojaner infiziert!



Hi,

der neue OTL-Fix:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-1801674531-861567501-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1801674531-861567501-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1801674531-861567501-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1801674531-861567501-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1801674531-861567501-682003330-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll moved successfully.
HKEY_USERS\S-1-5-21-1801674531-861567501-682003330-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1801674531-861567501-682003330-1005\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-1801674531-861567501-682003330-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
C:\Programme\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully.
C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Matthias
->Temp folder emptied: 111987537 bytes
->Temporary Internet Files folder emptied: 13334472 bytes

User: NetworkService
->Temp folder emptied: 1127152 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Nirmala
->Temp folder emptied: 150155940 bytes
->Temporary Internet Files folder emptied: 236894588 bytes
->FireFox cache emptied: 473899729 bytes
->Google Chrome cache emptied: 6851630 bytes
->Flash cache emptied: 8255326 bytes

%systemdrive% .tmp files removed: 290011182 bytes
%systemroot% .tmp files removed: 1119649 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39286379 bytes
RecycleBin emptied: 7631770 bytes

Total Files Cleaned = 1.279,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: Matthias

User: NetworkService

User: Nirmala
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <---------> in the current context!

OTL by OldTimer - Version 3.2.48.0 log created on 06132012_193314

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Danke.
Gruß,
N.

Alt 14.06.2012, 12:22   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mit Windows-VerschlüsselungsTrojaner infiziert! - Standard

Mit Windows-VerschlüsselungsTrojaner infiziert!



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!



Alt 14.06.2012, 13:01   #21
nirmala
 
Mit Windows-VerschlüsselungsTrojaner infiziert! - Standard

Mit Windows-VerschlüsselungsTrojaner infiziert!



Hi,

hier der TDSSScan mit 2 identifizierten Objekten:

13:54:45.0812 2000 TDSS rootkit removing tool 2.7.39.0 Jun 14 2012 08:11:46
13:54:46.0078 2000 ============================================================
13:54:46.0078 2000 Current date / time: 2012/06/14 13:54:46.0078
13:54:46.0078 2000 SystemInfo:
13:54:46.0078 2000
13:54:46.0078 2000 OS Version: 5.1.2600 ServicePack: 3.0
13:54:46.0078 2000 Product type: Workstation
13:54:46.0078 2000 ComputerName: SEIDL-PRI9PQQLM
13:54:46.0078 2000 UserName: Nirmala
13:54:46.0078 2000 Windows directory: C:\WINDOWS
13:54:46.0078 2000 System windows directory: C:\WINDOWS
13:54:46.0078 2000 Processor architecture: Intel x86
13:54:46.0078 2000 Number of processors: 1
13:54:46.0078 2000 Page size: 0x1000
13:54:46.0078 2000 Boot type: Normal boot
13:54:46.0078 2000 ============================================================
13:54:48.0703 2000 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:54:48.0718 2000 ============================================================
13:54:48.0718 2000 \Device\Harddisk0\DR0:
13:54:48.0718 2000 MBR partitions:
13:54:48.0718 2000 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
13:54:48.0718 2000 ============================================================
13:54:49.0109 2000 C: <-> \Device\Harddisk0\DR0\Partition0
13:54:49.0125 2000 ============================================================
13:54:49.0125 2000 Initialize success
13:54:49.0125 2000 ============================================================
13:55:01.0875 2496 ============================================================
13:55:01.0875 2496 Scan started
13:55:01.0875 2496 Mode: Manual; SigCheck; TDLFS;
13:55:01.0875 2496 ============================================================
13:55:02.0515 2496 Abiosdsk - ok
13:55:02.0531 2496 abp480n5 - ok
13:55:02.0593 2496 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:55:03.0843 2496 ACPI - ok
13:55:03.0875 2496 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:55:04.0046 2496 ACPIEC - ok
13:55:04.0062 2496 adpu160m - ok
13:55:04.0078 2496 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:55:04.0250 2496 aec - ok
13:55:04.0296 2496 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:55:04.0359 2496 AFD - ok
13:55:04.0390 2496 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\WINDOWS\system32\agrsmsvc.exe
13:55:04.0468 2496 AgereModemAudio - ok
13:55:04.0578 2496 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
13:55:04.0718 2496 AgereSoftModem - ok
13:55:04.0718 2496 Aha154x - ok
13:55:04.0734 2496 aic78u2 - ok
13:55:04.0750 2496 aic78xx - ok
13:55:04.0796 2496 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
13:55:05.0015 2496 Alerter - ok
13:55:05.0046 2496 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
13:55:05.0281 2496 ALG - ok
13:55:05.0296 2496 AliIde - ok
13:55:05.0312 2496 amsint - ok
13:55:05.0406 2496 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
13:55:05.0453 2496 AntiVirSchedulerService - ok
13:55:05.0484 2496 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
13:55:05.0500 2496 AntiVirService - ok
13:55:05.0546 2496 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
13:55:05.0718 2496 AppMgmt - ok
13:55:05.0750 2496 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:55:05.0906 2496 Arp1394 - ok
13:55:05.0906 2496 asc - ok
13:55:05.0921 2496 asc3350p - ok
13:55:05.0937 2496 asc3550 - ok
13:55:06.0046 2496 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:55:06.0062 2496 aspnet_state - ok
13:55:06.0109 2496 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:55:06.0312 2496 AsyncMac - ok
13:55:06.0343 2496 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:55:06.0546 2496 atapi - ok
13:55:06.0578 2496 Atdisk - ok
13:55:06.0609 2496 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:55:06.0859 2496 Atmarpc - ok
13:55:06.0906 2496 ATSWPDRV (349baffae874167e80a9ed977b4c7397) C:\WINDOWS\system32\Drivers\ATSwpDrv.sys
13:55:06.0984 2496 ATSWPDRV - ok
13:55:07.0000 2496 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
13:55:07.0250 2496 AudioSrv - ok
13:55:07.0265 2496 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:55:07.0468 2496 audstub - ok
13:55:07.0500 2496 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:55:07.0578 2496 avgntflt - ok
13:55:07.0609 2496 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:55:07.0625 2496 avipbb - ok
13:55:07.0656 2496 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
13:55:07.0671 2496 avkmgr - ok
13:55:07.0703 2496 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:55:07.0890 2496 Beep - ok
13:55:07.0937 2496 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\System32\qmgr.dll
13:55:08.0140 2496 BITS - ok
13:55:08.0171 2496 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
13:55:08.0343 2496 Browser - ok
13:55:08.0375 2496 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:55:08.0578 2496 cbidf2k - ok
13:55:08.0578 2496 cd20xrnt - ok
13:55:08.0593 2496 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:55:08.0796 2496 Cdaudio - ok
13:55:08.0843 2496 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:55:09.0000 2496 Cdfs - ok
13:55:09.0031 2496 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:55:09.0203 2496 Cdrom - ok
13:55:09.0218 2496 Changer - ok
13:55:09.0250 2496 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
13:55:09.0437 2496 CiSvc - ok
13:55:09.0437 2496 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
13:55:09.0640 2496 ClipSrv - ok
13:55:09.0765 2496 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:55:09.0796 2496 clr_optimization_v2.0.50727_32 - ok
13:55:09.0843 2496 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:55:10.0000 2496 CmBatt - ok
13:55:10.0015 2496 CmdIde - ok
13:55:10.0031 2496 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:55:10.0218 2496 Compbatt - ok
13:55:10.0234 2496 COMSysApp - ok
13:55:10.0250 2496 Cpqarray - ok
13:55:10.0296 2496 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
13:55:10.0515 2496 CryptSvc - ok
13:55:10.0531 2496 dac2w2k - ok
13:55:10.0546 2496 dac960nt - ok
13:55:10.0593 2496 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
13:55:10.0718 2496 DcomLaunch - ok
13:55:10.0765 2496 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
13:55:11.0000 2496 Dhcp - ok
13:55:11.0015 2496 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:55:11.0218 2496 Disk - ok
13:55:11.0234 2496 dmadmin - ok
13:55:11.0359 2496 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:55:11.0671 2496 dmboot - ok
13:55:11.0718 2496 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:55:11.0968 2496 dmio - ok
13:55:11.0984 2496 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:55:12.0171 2496 dmload - ok
13:55:12.0203 2496 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
13:55:12.0375 2496 dmserver - ok
13:55:12.0406 2496 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:55:12.0578 2496 DMusic - ok
13:55:12.0609 2496 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
13:55:12.0687 2496 Dnscache - ok
13:55:12.0781 2496 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
13:55:13.0015 2496 Dot3svc - ok
13:55:13.0015 2496 dpti2o - ok
13:55:13.0031 2496 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:55:13.0265 2496 drmkaud - ok
13:55:13.0281 2496 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
13:55:13.0531 2496 EapHost - ok
13:55:13.0578 2496 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
13:55:13.0796 2496 ERSvc - ok
13:55:13.0859 2496 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:55:13.0890 2496 Eventlog - ok
13:55:13.0953 2496 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll
13:55:14.0031 2496 EventSystem - ok
13:55:14.0125 2496 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:55:14.0343 2496 Fastfat - ok
13:55:14.0390 2496 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:55:14.0468 2496 FastUserSwitchingCompatibility - ok
13:55:14.0500 2496 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:55:14.0750 2496 Fdc - ok
13:55:14.0781 2496 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:55:14.0968 2496 Fips - ok
13:55:14.0984 2496 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:55:15.0125 2496 Flpydisk - ok
13:55:15.0187 2496 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:55:15.0343 2496 FltMgr - ok
13:55:15.0453 2496 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:55:15.0468 2496 FontCache3.0.0.0 - ok
13:55:15.0500 2496 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:55:15.0687 2496 Fs_Rec - ok
13:55:15.0718 2496 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:55:15.0937 2496 Ftdisk - ok
13:55:15.0968 2496 FUJ02B1 (00845dcd64fe6348ddf7890c310c17b9) C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys
13:55:16.0015 2496 FUJ02B1 - ok
13:55:16.0031 2496 FUJ02E1 (c4942669fde5abd7bbe70027c9de1247) C:\WINDOWS\system32\Drivers\FUJ02E1.sys
13:55:16.0078 2496 FUJ02E1 - ok
13:55:16.0109 2496 FUJ02E3 (ef9f310f86fd504afcdcedf8280091fb) C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys
13:55:16.0140 2496 FUJ02E3 - ok
13:55:16.0187 2496 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:55:16.0375 2496 Gpc - ok
13:55:16.0468 2496 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
13:55:16.0515 2496 gupdate - ok
13:55:16.0515 2496 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
13:55:16.0546 2496 gupdatem - ok
13:55:16.0578 2496 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
13:55:16.0625 2496 gusvc - ok
13:55:16.0671 2496 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
13:55:16.0765 2496 HdAudAddService - ok
13:55:16.0828 2496 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:55:17.0078 2496 HDAudBus - ok
13:55:17.0140 2496 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:55:17.0390 2496 helpsvc - ok
13:55:17.0406 2496 HidServ - ok
13:55:17.0437 2496 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:55:17.0609 2496 HidUsb - ok
13:55:17.0656 2496 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
13:55:17.0828 2496 hkmsvc - ok
13:55:17.0828 2496 hpn - ok
13:55:17.0921 2496 hshld (b7cfe93627e7796624004687125a729f) C:\Programme\Hotspot Shield\bin\openvpnas.exe
13:55:18.0015 2496 hshld - ok
13:55:18.0109 2496 HssSrv (2cfea9c337b699aca38487e8a7438f35) C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
13:55:18.0171 2496 HssSrv - ok
13:55:18.0234 2496 HssTrayService (b3c6eeeff5c5ea3235b7d84317c1fb3f) C:\Programme\Hotspot Shield\bin\HssTrayService.EXE
13:55:18.0250 2496 HssTrayService - ok
13:55:18.0265 2496 HssWd - ok
13:55:18.0328 2496 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:55:18.0375 2496 HTTP - ok
13:55:18.0437 2496 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
13:55:18.0750 2496 HTTPFilter - ok
13:55:18.0765 2496 i2omgmt - ok
13:55:18.0765 2496 i2omp - ok
13:55:18.0796 2496 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:55:18.0968 2496 i8042prt - ok
13:55:19.0046 2496 ialm (0c7b8efc2b1ac4cd62f4e7eafc864b95) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:55:19.0171 2496 ialm - ok
13:55:19.0406 2496 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:55:19.0546 2496 idsvc - ok
13:55:19.0625 2496 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:55:19.0875 2496 Imapi - ok
13:55:19.0906 2496 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\System32\imapi.exe
13:55:20.0156 2496 ImapiService - ok
13:55:20.0171 2496 ini910u - ok
13:55:20.0484 2496 IntcAzAudAddService (1265393299a72ada509f5973040bb93f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:55:20.0984 2496 IntcAzAudAddService - ok
13:55:21.0093 2496 IntelIde - ok
13:55:21.0140 2496 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:55:21.0406 2496 intelppm - ok
13:55:21.0437 2496 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:55:21.0609 2496 ip6fw - ok
13:55:21.0671 2496 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:55:21.0875 2496 IpFilterDriver - ok
13:55:21.0906 2496 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:55:22.0062 2496 IpInIp - ok
13:55:22.0093 2496 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:55:22.0281 2496 IpNat - ok
13:55:22.0296 2496 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:55:22.0484 2496 IPSec - ok
13:55:22.0515 2496 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:55:22.0687 2496 IRENUM - ok
13:55:22.0718 2496 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:55:22.0875 2496 isapnp - ok
13:55:22.0890 2496 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:55:23.0046 2496 Kbdclass - ok
13:55:23.0078 2496 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:55:23.0265 2496 kmixer - ok
13:55:23.0281 2496 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:55:23.0390 2496 KSecDD - ok
13:55:23.0453 2496 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
13:55:23.0515 2496 lanmanserver - ok
13:55:23.0562 2496 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
13:55:23.0609 2496 lanmanworkstation - ok
13:55:23.0625 2496 lbrtfdc - ok
13:55:23.0671 2496 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
13:55:23.0828 2496 LmHosts - ok
13:55:23.0921 2496 MDM (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
13:55:23.0968 2496 MDM - ok
13:55:24.0000 2496 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
13:55:24.0250 2496 Messenger - ok
13:55:24.0296 2496 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:55:24.0562 2496 mnmdd - ok
13:55:24.0609 2496 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
13:55:24.0828 2496 mnmsrvc - ok
13:55:24.0843 2496 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:55:25.0078 2496 Modem - ok
13:55:25.0093 2496 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:55:25.0265 2496 Mouclass - ok
13:55:25.0296 2496 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:55:25.0484 2496 mouhid - ok
13:55:25.0515 2496 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:55:25.0671 2496 MountMgr - ok
13:55:25.0718 2496 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
13:55:25.0750 2496 MozillaMaintenance - ok
13:55:25.0796 2496 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:55:25.0828 2496 MpFilter - ok
13:55:25.0828 2496 mraid35x - ok
13:55:25.0859 2496 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:55:26.0046 2496 MRxDAV - ok
13:55:26.0093 2496 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:55:26.0203 2496 MRxSmb - ok
13:55:26.0265 2496 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
13:55:26.0500 2496 MSDTC - ok
13:55:26.0515 2496 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:55:26.0750 2496 Msfs - ok
13:55:26.0765 2496 MSIServer - ok
13:55:26.0796 2496 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:55:27.0031 2496 MSKSSRV - ok
13:55:27.0093 2496 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Programme\Microsoft Security Client\MsMpEng.exe
13:55:27.0109 2496 MsMpSvc - ok
13:55:27.0140 2496 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:55:27.0312 2496 MSPCLOCK - ok
13:55:27.0343 2496 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:55:27.0484 2496 MSPQM - ok
13:55:27.0531 2496 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:55:27.0718 2496 mssmbios - ok
13:55:27.0750 2496 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:55:27.0828 2496 Mup - ok
13:55:27.0890 2496 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
13:55:28.0093 2496 napagent - ok
13:55:28.0125 2496 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:55:28.0296 2496 NDIS - ok
13:55:28.0328 2496 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:55:28.0375 2496 NdisTapi - ok
13:55:28.0406 2496 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:55:28.0609 2496 Ndisuio - ok
13:55:28.0640 2496 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:55:28.0843 2496 NdisWan - ok
13:55:28.0875 2496 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:55:28.0937 2496 NDProxy - ok
13:55:28.0968 2496 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:55:29.0187 2496 NetBIOS - ok
13:55:29.0218 2496 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:55:29.0437 2496 NetBT - ok
13:55:29.0484 2496 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:55:29.0734 2496 NetDDE - ok
13:55:29.0734 2496 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:55:29.0953 2496 NetDDEdsdm - ok
13:55:29.0984 2496 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
13:55:30.0156 2496 Netlogon - ok
13:55:30.0187 2496 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
13:55:30.0343 2496 Netman - ok
13:55:30.0515 2496 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:55:30.0546 2496 NetTcpPortSharing - ok
13:55:30.0578 2496 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:55:30.0734 2496 NIC1394 - ok
13:55:30.0765 2496 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
13:55:30.0796 2496 Nla - ok
13:55:30.0812 2496 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:55:30.0984 2496 Npfs - ok
13:55:31.0031 2496 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:55:31.0296 2496 Ntfs - ok
13:55:31.0312 2496 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
13:55:31.0515 2496 NtLmSsp - ok
13:55:31.0625 2496 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
13:55:31.0890 2496 NtmsSvc - ok
13:55:31.0921 2496 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:55:32.0093 2496 Null - ok
13:55:32.0140 2496 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:55:32.0359 2496 NwlnkFlt - ok
13:55:32.0375 2496 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:55:32.0593 2496 NwlnkFwd - ok
13:55:32.0625 2496 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:55:32.0781 2496 ohci1394 - ok
13:55:32.0843 2496 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
13:55:32.0859 2496 ose - ok
13:55:32.0890 2496 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
13:55:33.0062 2496 Parport - ok
13:55:33.0093 2496 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:55:33.0250 2496 PartMgr - ok
13:55:33.0265 2496 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:55:33.0453 2496 ParVdm - ok
13:55:33.0453 2496 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:55:33.0640 2496 PCI - ok
13:55:33.0656 2496 PCIDump - ok
13:55:33.0703 2496 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:55:33.0890 2496 PCIIde - ok
13:55:33.0921 2496 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
13:55:34.0109 2496 Pcmcia - ok
13:55:34.0109 2496 PDCOMP - ok
13:55:34.0156 2496 PDDSLADP (c9ba492f64e466f8e50bad61623eff74) C:\WINDOWS\system32\DRIVERS\PDDSLADP.SYS
13:55:34.0265 2496 PDDSLADP ( UnsignedFile.Multi.Generic ) - warning
13:55:34.0265 2496 PDDSLADP - detected UnsignedFile.Multi.Generic (1)
13:55:34.0265 2496 PDDSLHND (837f229398f4bcc6ae69b9574d3699fc) C:\WINDOWS\system32\drivers\PDDSLHND.sys
13:55:34.0328 2496 PDDSLHND ( UnsignedFile.Multi.Generic ) - warning
13:55:34.0328 2496 PDDSLHND - detected UnsignedFile.Multi.Generic (1)
13:55:34.0343 2496 PDFRAME - ok
13:55:34.0359 2496 PDRELI - ok
13:55:34.0375 2496 PDRFRAME - ok
13:55:34.0375 2496 perc2 - ok
13:55:34.0390 2496 perc2hib - ok
13:55:34.0453 2496 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:55:34.0500 2496 PlugPlay - ok
13:55:34.0515 2496 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
13:55:34.0687 2496 PolicyAgent - ok
13:55:34.0718 2496 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:55:34.0921 2496 PptpMiniport - ok
13:55:34.0953 2496 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
13:55:35.0156 2496 Processor - ok
13:55:35.0171 2496 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:55:35.0375 2496 ProtectedStorage - ok
13:55:35.0421 2496 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:55:35.0593 2496 PSched - ok
13:55:35.0625 2496 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:55:35.0828 2496 Ptilink - ok
13:55:35.0843 2496 ql1080 - ok
13:55:35.0843 2496 Ql10wnt - ok
13:55:35.0859 2496 ql12160 - ok
13:55:35.0875 2496 ql1240 - ok
13:55:35.0875 2496 ql1280 - ok
13:55:35.0906 2496 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:55:36.0078 2496 RasAcd - ok
13:55:36.0125 2496 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
13:55:36.0296 2496 RasAuto - ok
13:55:36.0328 2496 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:55:36.0468 2496 Rasl2tp - ok
13:55:36.0515 2496 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
13:55:36.0687 2496 RasMan - ok
13:55:36.0703 2496 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:55:36.0859 2496 RasPppoe - ok
13:55:36.0890 2496 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:55:37.0078 2496 Raspti - ok
13:55:37.0109 2496 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:55:37.0281 2496 Rdbss - ok
13:55:37.0281 2496 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:55:37.0468 2496 RDPCDD - ok
13:55:37.0515 2496 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:55:37.0687 2496 rdpdr - ok
13:55:37.0750 2496 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
13:55:37.0781 2496 RDPWD - ok
13:55:37.0843 2496 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
13:55:38.0000 2496 RDSessMgr - ok
13:55:38.0046 2496 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:55:38.0265 2496 redbook - ok
13:55:38.0312 2496 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
13:55:38.0515 2496 RemoteAccess - ok
13:55:38.0562 2496 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
13:55:38.0781 2496 RemoteRegistry - ok
13:55:38.0812 2496 rimsptsk (a4ba62f85f8ce8dc295e4e1f14fe0ef6) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
13:55:38.0875 2496 rimsptsk - ok
13:55:38.0890 2496 risdptsk (17abac92f20ef39e195511b1386bffbb) C:\WINDOWS\system32\DRIVERS\risdptsk.sys
13:55:38.0953 2496 risdptsk - ok
13:55:39.0000 2496 rismxdp (3f535dd8d6fb8c22c37ba2a8c4a32c81) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
13:55:39.0062 2496 rismxdp - ok
13:55:39.0109 2496 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
13:55:39.0281 2496 RpcLocator - ok
13:55:39.0343 2496 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
13:55:39.0421 2496 RpcSs - ok
13:55:39.0468 2496 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
13:55:39.0750 2496 RSVP - ok
13:55:39.0796 2496 rtl8139 (97fd38456331140c391b4720769b5c2a) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:55:39.0843 2496 rtl8139 - ok
13:55:39.0890 2496 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:55:40.0140 2496 SamSs - ok
13:55:40.0171 2496 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
13:55:40.0359 2496 SCardSvr - ok
13:55:40.0406 2496 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
13:55:40.0562 2496 Schedule - ok
13:55:40.0609 2496 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:55:40.0765 2496 Secdrv - ok
13:55:40.0796 2496 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
13:55:40.0984 2496 seclogon - ok
13:55:41.0015 2496 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
13:55:41.0187 2496 SENS - ok
13:55:41.0218 2496 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
13:55:41.0390 2496 Serial - ok
13:55:41.0437 2496 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:55:41.0625 2496 Sfloppy - ok
13:55:41.0687 2496 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
13:55:41.0906 2496 SharedAccess - ok
13:55:41.0953 2496 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:55:42.0000 2496 ShellHWDetection - ok
13:55:42.0000 2496 Simbad - ok
13:55:42.0015 2496 Sparrow - ok
13:55:42.0046 2496 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:55:42.0234 2496 splitter - ok
13:55:42.0281 2496 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:55:42.0343 2496 Spooler - ok
13:55:42.0390 2496 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:55:42.0546 2496 sr - ok
13:55:42.0593 2496 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll
13:55:42.0765 2496 srservice - ok
13:55:42.0812 2496 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:55:42.0937 2496 Srv - ok
13:55:42.0968 2496 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
13:55:43.0171 2496 SSDPSRV - ok
13:55:43.0218 2496 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:55:43.0234 2496 ssmdrv - ok
13:55:43.0296 2496 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
13:55:43.0578 2496 stisvc - ok
13:55:43.0625 2496 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:55:43.0843 2496 swenum - ok
13:55:43.0875 2496 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:55:44.0109 2496 swmidi - ok
13:55:44.0125 2496 SwPrv - ok
13:55:44.0140 2496 symc810 - ok
13:55:44.0156 2496 symc8xx - ok
13:55:44.0171 2496 sym_hi - ok
13:55:44.0171 2496 sym_u3 - ok
13:55:44.0234 2496 SynTP (c8e69f21a7f12d9d2d0241f12d14a5c9) C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:55:44.0312 2496 SynTP - ok
13:55:44.0343 2496 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:55:44.0578 2496 sysaudio - ok
13:55:44.0625 2496 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
13:55:44.0875 2496 SysmonLog - ok
13:55:44.0921 2496 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
13:55:45.0171 2496 TapiSrv - ok
13:55:45.0218 2496 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:55:45.0281 2496 Tcpip - ok
13:55:45.0312 2496 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:55:45.0468 2496 TDPIPE - ok
13:55:45.0500 2496 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:55:45.0671 2496 TDTCP - ok
13:55:45.0718 2496 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:55:45.0890 2496 TermDD - ok
13:55:45.0937 2496 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
13:55:46.0125 2496 TermService - ok
13:55:46.0171 2496 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:55:46.0203 2496 Themes - ok
13:55:46.0265 2496 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\System32\tlntsvr.exe
13:55:46.0453 2496 TlntSvr - ok
13:55:46.0468 2496 TosIde - ok
13:55:46.0515 2496 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
13:55:46.0687 2496 TrkWks - ok
13:55:46.0750 2496 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:55:46.0921 2496 Udfs - ok
13:55:46.0937 2496 ultra - ok
13:55:46.0984 2496 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:55:47.0203 2496 Update - ok
13:55:47.0265 2496 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
13:55:47.0500 2496 upnphost - ok
13:55:47.0515 2496 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
13:55:47.0703 2496 UPS - ok
13:55:47.0734 2496 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:55:47.0890 2496 usbehci - ok
13:55:47.0921 2496 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:55:48.0093 2496 usbhub - ok
13:55:48.0125 2496 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:55:48.0296 2496 usbstor - ok
13:55:48.0328 2496 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:55:48.0484 2496 usbuhci - ok
13:55:48.0500 2496 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:55:48.0656 2496 VgaSave - ok
13:55:48.0671 2496 ViaIde - ok
13:55:48.0718 2496 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:55:48.0875 2496 VolSnap - ok
13:55:48.0968 2496 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
13:55:49.0140 2496 VSS - ok
13:55:49.0453 2496 w29n51 (9ee38ffcb4cbe5bee6c305700ddc4725) C:\WINDOWS\system32\DRIVERS\w29n51.sys
13:55:49.0765 2496 w29n51 - ok
13:55:49.0984 2496 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\System32\w32time.dll
13:55:50.0265 2496 W32Time - ok
13:55:50.0296 2496 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:55:50.0468 2496 Wanarp - ok
13:55:50.0484 2496 WDICA - ok
13:55:50.0500 2496 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:55:50.0671 2496 wdmaud - ok
13:55:50.0703 2496 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
13:55:50.0875 2496 WebClient - ok
13:55:50.0937 2496 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:55:51.0109 2496 winmgmt - ok
13:55:51.0234 2496 WinRM (f10075c2ec96d2eb118012e78ece2fc2) C:\WINDOWS\system32\WsmSvc.dll
13:55:51.0437 2496 WinRM - ok
13:55:51.0515 2496 WmdmPmSN (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\System32\mspmsnsv.dll
13:55:51.0703 2496 WmdmPmSN - ok
13:55:51.0781 2496 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
13:55:51.0859 2496 Wmi - ok
13:55:51.0953 2496 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
13:55:52.0140 2496 WmiApSrv - ok
13:55:52.0187 2496 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
13:55:52.0406 2496 wscsvc - ok
13:55:52.0421 2496 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
13:55:52.0593 2496 wuauserv - ok
13:55:52.0656 2496 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
13:55:52.0828 2496 WZCSVC - ok
13:55:52.0875 2496 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
13:55:53.0031 2496 xmlprov - ok
13:55:53.0078 2496 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
13:55:53.0921 2496 \Device\Harddisk0\DR0 - ok
13:55:53.0921 2496 Boot (0x1200) (8fdd73e27545194a43e6eb04ca717c5a) \Device\Harddisk0\DR0\Partition0
13:55:53.0937 2496 \Device\Harddisk0\DR0\Partition0 - ok
13:55:53.0937 2496 ============================================================
13:55:53.0937 2496 Scan finished
13:55:53.0937 2496 ============================================================
13:55:54.0046 2756 Detected object count: 2
13:55:54.0046 2756 Actual detected object count: 2
13:56:21.0421 2756 PDDSLADP ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:21.0421 2756 PDDSLADP ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:56:21.0421 2756 PDDSLHND ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:21.0421 2756 PDDSLHND ( UnsignedFile.Multi.Generic ) - User select action: Skip

Gruß,
N.

Alt 14.06.2012, 13:35   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mit Windows-VerschlüsselungsTrojaner infiziert! - Standard

Mit Windows-VerschlüsselungsTrojaner infiziert!



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Alt 14.06.2012, 15:53   #23
nirmala
 
Mit Windows-VerschlüsselungsTrojaner infiziert! - Standard

Mit Windows-VerschlüsselungsTrojaner infiziert!



Hi, hier die ComboFix-Scan-Log-Datei:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-06-14.01 - Nirmala 14.06.2012  16:32:29.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1014.668 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Nirmala\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\Mozilla Maintenance Service
c:\programme\Mozilla Maintenance Service\maintenanceservice.exe
c:\programme\Mozilla Maintenance Service\Uninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MozillaMaintenance
-------\Service_MozillaMaintenance
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-14 bis 2012-06-14  ))))))))))))))))))))))))))))))
.
.
2012-06-13 17:05 . 2012-06-13 17:05	--------	d-----w-	C:\_OTL
2012-06-13 08:06 . 2012-05-11 14:40	521728	-c----w-	c:\windows\system32\dllcache\jsdbgui.dll
2012-06-11 18:49 . 2012-06-11 18:49	--------	d-----w-	c:\programme\ESET
2012-06-11 18:33 . 2011-07-13 02:55	2237440	----a-r-	C:\OTLPE.exe
2012-06-11 17:51 . 2012-06-11 17:53	--------	d-----w-	C:\11.6
2012-06-11 14:31 . 2012-06-11 14:31	--------	d-----w-	c:\dokumente und einstellungen\Nirmala\Anwendungsdaten\Malwarebytes
2012-06-11 14:30 . 2012-06-11 14:30	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-06-11 13:48 . 2012-06-11 13:48	--------	d-----w-	c:\programme\7-Zip
2012-06-11 13:46 . 2012-06-11 13:48	1110476	----a-w-	c:\programme\7-ZIP-7z920.exe
2012-06-11 13:38 . 2012-06-11 13:38	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Hotspot Shield
2012-06-11 13:37 . 2012-06-11 13:39	--------	d-----w-	C:\Hotspot Shield
2012-06-11 13:37 . 2012-06-11 13:39	--------	d-----w-	c:\programme\Hotspot Shield
2012-06-11 13:35 . 2012-06-11 13:39	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SweetIM
2012-06-11 13:35 . 2012-06-11 13:36	--------	d-----w-	c:\programme\SweetIM
2012-06-11 13:30 . 2012-06-11 13:30	1494856	----a-w-	c:\programme\FreeCompressor-setup.exe
2012-06-09 01:14 . 2012-06-09 02:03	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware
2012-06-08 20:55 . 2012-06-09 01:33	--------	d-----w-	C:\8.6
2012-06-08 04:10 . 2012-06-08 04:12	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ant.ware
2012-06-07 22:06 . 2012-06-07 22:06	--------	d-----r-	c:\dokumente und einstellungen\LocalService\Eigene Dateien
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2002-09-23 13:10	604160	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2003-04-02 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2003-04-02 12:00	1863296	----a-w-	c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2003-04-02 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2003-04-02 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2011-09-06 12:43	385024	------w-	c:\windows\system32\html.iec
2012-05-08 16:32 . 2012-03-28 15:56	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 16:32 . 2012-03-28 15:56	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-05 03:14 . 2003-04-02 12:00	2194944	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2002-08-29 03:41	2071424	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-09-06 08:36	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-11 15:40 . 2012-04-11 15:40	37376	----a-w-	c:\windows\system32\drivers\HssDrv.sys
2012-05-03 08:53 . 2012-04-03 12:44	97208	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\programme\Fingerprint Sensor\ATSwpNav -run" [X]
"SunJavaUpdateSched"="c:\programme\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 32873]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [2005-01-07 61952]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-02-22 126976]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-06-02 725082]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 14679552]
"AGRSMMSG"="AGRSMMSG.exe" [2005-07-01 88201]
"LtMoh"="c:\programme\ltmoh\Ltmoh.exe" [2005-05-18 188416]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung 
.
R0 PDDSLHND;PDDSLHND;c:\windows\system32\drivers\PDDSLHND.SYS [23.09.2011 10:39 14256]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [28.03.2012 17:56 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [28.03.2012 17:56 86224]
R2 HssWd;Hotspot Shield Monitoring Service;c:\programme\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\programme\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [06.09.2011 12:29 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [06.09.2011 12:29 4864]
R3 PDDSLADP;ProDyne DSL Adapter;c:\windows\system32\drivers\PDDSLADP.SYS [23.09.2011 10:39 15568]
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [10.01.2012 13:37 136176]
S2 hshld;Hotspot Shield Service;c:\programme\Hotspot Shield\bin\openvpnas.exe [11.04.2012 01:59 542552]
S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [02.04.2003 14:00 14336]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [10.01.2012 13:37 136176]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [02.04.2003 14:00 14336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [02.04.2003 14:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ   	WINRM
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-01-10 11:37]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-01-10 11:37]
.
2012-06-14 c:\windows\Tasks\User_Feed_Synchronization-{913B54A0-09BC-4CC9-AC22-298311CF74C2}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mStart Page = 
uInternet Connection Wizard,ShellNext = "c:\programme\Outlook Express\msimn.exe" //eml:c:\dokumente und einstellungen\Nirmala\Desktop\Antje.eml
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Web-Suche - c:\programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\Nirmala\Anwendungsdaten\Mozilla\Firefox\Profiles\pg2f7cg2.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-MsMpSvc
AddRemove-MozillaMaintenanceService - c:\programme\Mozilla Maintenance Service\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-06-14 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3608)
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Hotspot Shield\HssWPR\hsssrv.exe
c:\programme\Hotspot Shield\bin\hsswd.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Fingerprint Sensor\ATSwpNav.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-14  16:48:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-14 14:48
.
Vor Suchlauf: 11 Verzeichnis(se), 47.796.531.200 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 47.968.657.408 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - B33A803D12F068877151CA9009F5094B
         
--- --- ---

Kommen wir damit weiter? Danke!
Grüße,
N.

Alt 15.06.2012, 09:03   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mit Windows-VerschlüsselungsTrojaner infiziert! - Standard

Mit Windows-VerschlüsselungsTrojaner infiziert!



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
File::
c:\programme\FreeCompressor-setup.exe
c:\windows\system32\drivers\PDDSLHND.SYS

Driver::
PDDSLHND
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Alt 15.06.2012, 11:14   #25
nirmala
 
Mit Windows-VerschlüsselungsTrojaner infiziert! - Standard

Mit Windows-VerschlüsselungsTrojaner infiziert!



Hi,

anbei der ComboFix, hoffe, daß ich alle Virenprogramme ausgeschaltet hatte.
Danke. Gruß,
N.

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-06-15.02 - Nirmala 15.06.2012  11:39:51.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1014.776 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Nirmala\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Nirmala\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\programme\FreeCompressor-setup.exe"
"c:\windows\system32\drivers\PDDSLHND.SYS"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PDDSLHND
-------\Service_PDDSLHND
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-15 bis 2012-06-15  ))))))))))))))))))))))))))))))
.
.
2012-06-13 17:05 . 2012-06-13 17:05	--------	d-----w-	C:\_OTL
2012-06-13 08:06 . 2012-05-11 14:40	521728	-c----w-	c:\windows\system32\dllcache\jsdbgui.dll
2012-06-11 18:49 . 2012-06-11 18:49	--------	d-----w-	c:\programme\ESET
2012-06-11 18:33 . 2011-07-13 02:55	2237440	----a-r-	C:\OTLPE.exe
2012-06-11 17:51 . 2012-06-11 17:53	--------	d-----w-	C:\11.6
2012-06-11 14:31 . 2012-06-11 14:31	--------	d-----w-	c:\dokumente und einstellungen\Nirmala\Anwendungsdaten\Malwarebytes
2012-06-11 14:30 . 2012-06-11 14:30	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-06-11 13:48 . 2012-06-11 13:48	--------	d-----w-	c:\programme\7-Zip
2012-06-11 13:46 . 2012-06-11 13:48	1110476	----a-w-	c:\programme\7-ZIP-7z920.exe
2012-06-11 13:38 . 2012-06-11 13:38	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Hotspot Shield
2012-06-11 13:37 . 2012-06-11 13:39	--------	d-----w-	C:\Hotspot Shield
2012-06-11 13:37 . 2012-06-11 13:39	--------	d-----w-	c:\programme\Hotspot Shield
2012-06-11 13:35 . 2012-06-11 13:39	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SweetIM
2012-06-11 13:35 . 2012-06-11 13:36	--------	d-----w-	c:\programme\SweetIM
2012-06-11 13:30 . 2012-06-11 13:30	1494856	----a-w-	c:\programme\FreeCompressor-setup.exe
2012-06-09 01:14 . 2012-06-09 02:03	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware
2012-06-08 20:55 . 2012-06-09 01:33	--------	d-----w-	C:\8.6
2012-06-08 04:10 . 2012-06-08 04:12	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ant.ware
2012-06-07 22:06 . 2012-06-07 22:06	--------	d-----r-	c:\dokumente und einstellungen\LocalService\Eigene Dateien
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2002-09-23 13:10	604160	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2003-04-02 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2003-04-02 12:00	1863296	----a-w-	c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2003-04-02 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2003-04-02 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2011-09-06 12:43	385024	------w-	c:\windows\system32\html.iec
2012-05-08 16:32 . 2012-03-28 15:56	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 16:32 . 2012-03-28 15:56	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-05 03:14 . 2003-04-02 12:00	2194944	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2002-08-29 03:41	2071424	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-09-06 08:36	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-11 15:40 . 2012-04-11 15:40	37376	----a-w-	c:\windows\system32\drivers\HssDrv.sys
2012-05-03 08:53 . 2012-04-03 12:44	97208	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-14_14.43.27   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-06 08:45 . 2012-06-14 15:20	2270208              c:\windows\Installer\1a19bd.msi
- 2011-09-06 08:45 . 2012-06-14 08:51	2270208              c:\windows\Installer\1a19bd.msi
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\programme\Fingerprint Sensor\ATSwpNav -run" [X]
"SunJavaUpdateSched"="c:\programme\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 32873]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [2005-01-07 61952]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-02-22 126976]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-06-02 725082]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 14679552]
"AGRSMMSG"="AGRSMMSG.exe" [2005-07-01 88201]
"LtMoh"="c:\programme\ltmoh\Ltmoh.exe" [2005-05-18 188416]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung 
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [28.03.2012 17:56 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [28.03.2012 17:56 86224]
R2 HssWd;Hotspot Shield Monitoring Service;c:\programme\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\programme\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [06.09.2011 12:29 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [06.09.2011 12:29 4864]
R3 PDDSLADP;ProDyne DSL Adapter;c:\windows\system32\drivers\PDDSLADP.SYS [23.09.2011 10:39 15568]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [10.01.2012 13:37 136176]
S2 hshld;Hotspot Shield Service;c:\programme\Hotspot Shield\bin\openvpnas.exe [11.04.2012 01:59 542552]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [10.01.2012 13:37 136176]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [02.04.2003 14:00 14336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [02.04.2003 14:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ   	WINRM
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-01-10 11:37]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-01-10 11:37]
.
2012-06-15 c:\windows\Tasks\User_Feed_Synchronization-{913B54A0-09BC-4CC9-AC22-298311CF74C2}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mStart Page = 
uInternet Connection Wizard,ShellNext = "c:\programme\Outlook Express\msimn.exe" //eml:c:\dokumente und einstellungen\Nirmala\Desktop\Antje.eml
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Web-Suche - c:\programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\Nirmala\Anwendungsdaten\Mozilla\Firefox\Profiles\pg2f7cg2.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-15 12:03
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(2668)
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Hotspot Shield\HssWPR\hsssrv.exe
c:\programme\Hotspot Shield\bin\hsswd.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Fingerprint Sensor\ATSwpNav.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-15  12:07:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-15 10:07
ComboFix2.txt  2012-06-14 14:48
.
Vor Suchlauf: 12 Verzeichnis(se), 47.923.527.680 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 47.993.049.088 Bytes frei
.
- - End Of File - - C022A3697F3F0380D7CA8698D978288F
         
--- --- ---

Alt 15.06.2012, 15:00   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mit Windows-VerschlüsselungsTrojaner infiziert! - Standard

Mit Windows-VerschlüsselungsTrojaner infiziert!



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Alt 16.06.2012, 12:00   #27
nirmala
 
Mit Windows-VerschlüsselungsTrojaner infiziert! - Standard

Mit Windows-VerschlüsselungsTrojaner infiziert!



Hi Arne,

1. GMER-Scan:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-16 09:42:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK6006GAH rev.BZ002A
Running: GMER.exe; Driver: C:\DOKUME~1\Nirmala\LOKALE~1\Temp\agxirkoc.sys


---- System - GMER 1.0.15 ----

SSDT            F7BE0FBC                                                                                                        ZwClose
SSDT            F7BE0F76                                                                                                        ZwCreateKey
SSDT            F7BE0FC6                                                                                                        ZwCreateSection
SSDT            F7BE0F6C                                                                                                        ZwCreateThread
SSDT            F7BE0F7B                                                                                                        ZwDeleteKey
SSDT            F7BE0F85                                                                                                        ZwDeleteValueKey
SSDT            F7BE0FB7                                                                                                        ZwDuplicateObject
SSDT            F7BE0F8A                                                                                                        ZwLoadKey
SSDT            F7BE0F58                                                                                                        ZwOpenProcess
SSDT            F7BE0F5D                                                                                                        ZwOpenThread
SSDT            F7BE0FDF                                                                                                        ZwQueryValueKey
SSDT            F7BE0F94                                                                                                        ZwReplaceKey
SSDT            F7BE0FD0                                                                                                        ZwRequestWaitReplyPort
SSDT            F7BE0F8F                                                                                                        ZwRestoreKey
SSDT            F7BE0FCB                                                                                                        ZwSetContextThread
SSDT            F7BE0FD5                                                                                                        ZwSetSecurityObject
SSDT            F7BE0F80                                                                                                        ZwSetValueKey
SSDT            F7BE0FDA                                                                                                        ZwSystemDebugControl
SSDT            F7BE0F67                                                                                                        ZwTerminateProcess

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxParamW                                     7E3747AB 5 Bytes  JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[760] USER32.dll!SetWindowsHookExW                                   7E37820F 5 Bytes  JMP 41269A65 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[760] USER32.dll!CallNextHookEx                                      7E37B3C6 5 Bytes  JMP 4125D0DD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[760] USER32.dll!CreateWindowExW                                     7E37D0A3 5 Bytes  JMP 4126DAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[760] USER32.dll!UnhookWindowsHookEx                                 7E37D5F3 5 Bytes  JMP 411D466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxIndirectParamW                             7E382072 5 Bytes  JMP 41367207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxIndirectA                                 7E38A082 5 Bytes  JMP 41367139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxParamA                                     7E38B144 5 Bytes  JMP 413671A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxExW                                       7E3A0838 5 Bytes  JMP 4136700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxExA                                       7E3A085C 5 Bytes  JMP 4136706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxIndirectParamA                             7E3A6D7D 5 Bytes  JMP 4136726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxIndirectW                                 7E3B64D5 5 Bytes  JMP 413670CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[760] ole32.dll!CoCreateInstance                                     774CF1BC 5 Bytes  JMP 4126DB30 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[760] ole32.dll!OleLoadFromStream                                    774F983B 5 Bytes  JMP 4136756F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[1156] USER32.dll!DialogBoxParamW                                    7E3747AB 5 Bytes  JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[1156] USER32.dll!CreateWindowExW                                    7E37D0A3 5 Bytes  JMP 4126DAD4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[1156] USER32.dll!DialogBoxIndirectParamW                            7E382072 5 Bytes  JMP 41367207 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[1156] USER32.dll!MessageBoxIndirectA                                7E38A082 5 Bytes  JMP 41367139 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[1156] USER32.dll!DialogBoxParamA                                    7E38B144 5 Bytes  JMP 413671A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[1156] USER32.dll!MessageBoxExW                                      7E3A0838 5 Bytes  JMP 4136700A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[1156] USER32.dll!MessageBoxExA                                      7E3A085C 5 Bytes  JMP 4136706C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[1156] USER32.dll!DialogBoxIndirectParamA                            7E3A6D7D 5 Bytes  JMP 4136726A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[1156] USER32.dll!MessageBoxIndirectW                                7E3B64D5 5 Bytes  JMP 413670CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Programme\Internet Explorer\iexplore.exe[760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]  [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                         SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                         SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----
         
--- --- ---

2. OSAM-Scan:

HTML-Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Report of OSAM: Autorun Manager v5.0.11926.0</title>
<style type="text/css">
body
{
    margin                    : 10px 10px 10px 20px;
    color                     : #000000;
    background-color          : #fffbf0;
    font                      : 10pt Tahoma, Verdana, Arial, Helvetica, sans-serif;
    scrollbar-3dlight-color   : #fffbf0;
    scrollbar-arrow-color     : #000000;
    scrollbar-darkshadow-color: #000000;
    scrollbar-face-color      : #fffbf0;
    scrollbar-highlight-color : #000000;
    scrollbar-shadow-color    : #fffbf0;
    scrollbar-track-color     : #fffbf0;
}
a:link
{
    color: #e15616;
}
a:visited 
{
    color: #e15616;
}
a:hover
{
    color: #e4743f;
}
a:active
{
    color: #e4743f;
}
.header1
{
    font-size  : 115%;
    font-weight: bold;
    margin-left: 0px;
}
table
{
    border-collapse: collapse;
    border         : 1px solid #000000;
    cellpadding    : 0;
    cellspacing    : 0;
    width          : 90%;
}
td,th
{
    font-size     : 12px;
    color         : #000000;
    background    : #fffbf0;
    border        : 1px solid #000000;
    text-align    : left;
    vertical-align: top;
    padding       : 2px 4px 2px 4px;
}
.cap
{
    font-weight: bold;
    font-size  : 10pt;
    padding    : 2px 4px 2px 4px;
    border     : 1px solid #000000;
}
.group
{
    font-weight: bold;
    font-size  : 10pt;
    padding    : 2px 4px 2px 4px;
    text-align : center;
}
.reg
{
    font-weight: bold;
    font-size  : 10pt;
    border     : 0px none;
    padding    : 2px 4px 2px 4px;
}
.notfound
{
    background-color: #B3DDFF;
}
.blocked
{
    background-color: #FF96EB;
}
.nodetails
{
    background-color: #FFFF75;
}
.trusted
{
    background-color: #C8FFC8;
}
.rootkit
{
    background-color: #FF8696;
}
td.rs { text-align: center; vertical-align: center; font-family: courier; }
td.rs.rm { background: #F90424; title: "Malware"; }
td.rs.ri { background: #F90424; title: "Infected"; color: #21F411; }
td.rs.rw { background: #F90424; title: "Unwanted"; }
td.rs.rs { background: #F90424; title: "Suspicious"; }
td.rs.rt { background: #21F411; title: "Trusted"; }
td.rs.rc { background: #21F411; title: "Checked"; }
td.rs.ry { background: #21F411; title: "Up-to-You"; }
td.rs.rr { background: #F6EB13; title: "Riskware"; }
td.rs.ru { background: #D4D0C8; title: "Unknown"; }
td.rs.rn { background: #FFFFFF; title: "Not checked"; }
</style>
</head>
<body>
<p><span class="header1">Report of OSAM: Autorun Manager v5.0.11926.0</span><br>
<a href="hxxp://www.online-solutions.ru/en/" target="_blank">hxxp://www.online-solutions.ru/en/</a><br>
Saved at 10:03:41 on 16.06.2012</p>
<b>OS</b>: Windows XP Professional Service Pack 3 (Build 2600)<br>
<b>Default Browser</b>: Microsoft Corporation Internet Explorer 8.00.6001.18702<br>
<br><b>Scanner Settings</b><br>
<input type="checkbox" disabled checked>Rootkits detection (hidden registry)<br>
<input type="checkbox" disabled checked>Rootkits detection (hidden files)<br>
<input type="checkbox" disabled checked>Retrieve files information<br>
<input type="checkbox" disabled checked>Check Microsoft signatures<br>
<br><b>Filters</b><br>
<input type="checkbox" disabled>Trusted entries<br>
<input type="checkbox" disabled>Empty entries<br>
<input type="checkbox" disabled checked>Hidden registry entries (rootkit activity)<br>
<input type="checkbox" disabled checked>Exclusively opened files<br>
<input type="checkbox" disabled checked>Not found files<br>
<input type="checkbox" disabled checked>Files without detailed information<br>
<input type="checkbox" disabled checked>Existing files<br>
<input type="checkbox" disabled>Non-startable services<br>
<input type="checkbox" disabled>Non-startable drivers<br>
<input type="checkbox" disabled checked>Active entries<br>
<input type="checkbox" disabled checked>Disabled entries<br>
<br>
<table border="1" cellpadding="0" cellspacing="0">
<tr>
<th class="cap" width="20">&nbsp;</th>
<th class="cap">Risk</th>
<th class="cap">Name</th>
<th class="cap">Publisher</th>
<th class="cap">Full Path</th>
<th class="cap">Status</th>
</tr>
<tr>
<td class="group" colspan="6">Common</td>
</tr>
<tr>
<td class="reg" colspan="6">%SystemRoot%\Tasks</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"GoogleUpdateTaskMachineCore.job"</td>
<td>"Google Inc."</td>
<td>C:\Programme\Google\Update\GoogleUpdate.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"GoogleUpdateTaskMachineUA.job"</td>
<td>"Google Inc."</td>
<td>C:\Programme\Google\Update\GoogleUpdate.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Control Panel Objects</td>
</tr>
<tr>
<td class="reg" colspan="6">%SystemRoot%\system32</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"ATCPanel.cpl"</td>
<td>"AuthenTec, Inc."</td>
<td>C:\WINDOWS\system32\ATCPanel.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"FlashPlayerCPLApp.cpl"</td>
<td>"Adobe Systems Incorporated"</td>
<td>C:\WINDOWS\system32\FlashPlayerCPLApp.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"infocardcpl.cpl"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\infocardcpl.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"jpicpl32.cpl"</td>
<td>"Sun Microsystems"</td>
<td>C:\WINDOWS\system32\jpicpl32.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Drivers</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"avgntflt" (avgntflt)</td>
<td>"Avira GmbH"</td>
<td>C:\WINDOWS\System32\DRIVERS\avgntflt.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"avipbb" (avipbb)</td>
<td>"Avira GmbH"</td>
<td>C:\WINDOWS\System32\DRIVERS\avipbb.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"avkmgr" (avkmgr)</td>
<td>"Avira GmbH"</td>
<td>C:\WINDOWS\System32\DRIVERS\avkmgr.sys</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"catchme" (catchme)</td>
<td class="notfound"></td>
<td class="notfound">C:\ComboFix\catchme.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"Changer" (Changer)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\Changer.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"i2omgmt" (i2omgmt)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\i2omgmt.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"lbrtfdc" (lbrtfdc)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\lbrtfdc.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"PCIDump" (PCIDump)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\PCIDump.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"PDCOMP" (PDCOMP)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\PDCOMP.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"PDFRAME" (PDFRAME)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\PDFRAME.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"PDRELI" (PDRELI)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\PDRELI.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"PDRFRAME" (PDRFRAME)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\PDRFRAME.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"ProDyne DSL Adapter" (PDDSLADP)</td>
<td>"ProDyne"</td>
<td>C:\WINDOWS\System32\DRIVERS\PDDSLADP.SYS</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"ssmdrv" (ssmdrv)</td>
<td>"Avira GmbH"</td>
<td>C:\WINDOWS\System32\DRIVERS\ssmdrv.sys</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"WDICA" (WDICA)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\WDICA.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="group" colspan="6">Explorer</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath"</td>
<td>"Microsoft Corporation"</td>
<td>c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Classes\Protocols\Filter</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\mscoree.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\mscoree.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\mscoree.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{807553E5-5146-11D5-A672-00B0D022E945} "text/xml"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Classes\Protocols\Handler</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension"</td>
<td>"Igor Pavlov"</td>
<td>C:\Programme\7-Zip\7-zip.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache"</td>
<td>"Microsoft Corporation"</td>
<td>c:\WINDOWS\system32\mscoree.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{32683183-48a0-441b-a342-7c2a440a9478} "Media Band"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Programme\Microsoft Office\OFFICE11\msohev.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning"</td>
<td>"Avira Operations GmbH & Co. KG"</td>
<td>C:\Programme\Avira\AntiVir Desktop\shlext.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References"</td>
<td>"Microsoft Corporation"</td>
<td>c:\WINDOWS\system32\dfshim.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References"</td>
<td>"Microsoft Corporation"</td>
<td>c:\WINDOWS\system32\dfshim.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Internet Explorer</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td><binary data> "Google Toolbar"</td>
<td>"Google Inc."</td>
<td>C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">ITBar7Height "ITBar7Height"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound"><binary data> "ITBar7Layout"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.4.2_01"<br>hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab</td>
<td>"JavaSoft / Sun Microsystems, Inc."</td>
<td>C:\Programme\Java\j2re1.4.2_01\bin\npjpi142_01.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} "Java Plug-in 1.4.2_01"<br>hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab</td>
<td>"JavaSoft / Sun Microsystems, Inc."</td>
<td>C:\Programme\Java\j2re1.4.2_01\bin\npjpi142_01.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control"<br>hxxp://download.eset.com/special/eos/OnlineScanner.cab</td>
<td>"ESET"</td>
<td>C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"<br>hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab</td>
<td>"Adobe Systems, Inc."</td>
<td>C:\WINDOWS\system32\Macromed\Flash\Flash11g.ocx</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td><binary data> "Google Toolbar"</td>
<td>"Google Inc."</td>
<td>C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class"</td>
<td>"Adobe Systems Incorporated"</td>
<td>C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper"</td>
<td>"Google Inc."</td>
<td>C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO"</td>
<td>"Google Inc."</td>
<td>C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Logon</td>
</tr>
<tr>
<td class="reg" colspan="6">%AllUsersProfile%\Startmenü\Programme\Autostart</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"desktop.ini"</td>
<td></td>
<td>C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">%UserProfile%\Startmenü\Programme\Autostart</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"desktop.ini"</td>
<td></td>
<td>C:\Dokumente und Einstellungen\Nirmala\Startmenü\Programme\Autostart\desktop.ini</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"swg"</td>
<td>"Google Inc."</td>
<td>"C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Run</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"ATSwpNav"</td>
<td>"AuthenTec, Inc."</td>
<td>"C:\Programme\Fingerprint Sensor\ATSwpNav" -run</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"avgnt"</td>
<td>"Avira Operations GmbH & Co. KG"</td>
<td>"C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"LtMoh"</td>
<td>"Agere Systems"</td>
<td>C:\Programme\ltmoh\Ltmoh.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="nodetails"><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td class="nodetails">"SunJavaUpdateSched"</td>
<td class="nodetails"></td>
<td class="nodetails">C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td class="group" colspan="6">Print Monitors</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Microsoft Document Imaging Writer Monitor"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\mdimon.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Services</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32)</td>
<td>"Microsoft Corporation"</td>
<td>c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"ASP.NET-Zustandsdienst" (aspnet_state)</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Avira Echtzeit Scanner" (AntiVirService)</td>
<td>"Avira Operations GmbH & Co. KG"</td>
<td>C:\Programme\Avira\AntiVir Desktop\avguard.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Avira Planer" (AntiVirSchedulerService)</td>
<td>"Avira Operations GmbH & Co. KG"</td>
<td>C:\Programme\Avira\AntiVir Desktop\sched.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"Google Software Updater" (gusvc)</td>
<td>"Google"</td>
<td>C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"Google Update Service (gupdate)" (gupdate)</td>
<td>"Google Inc."</td>
<td>C:\Programme\Google\Update\GoogleUpdate.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"Google Update-Dienst (gupdatem)" (gupdatem)</td>
<td>"Google Inc."</td>
<td>C:\Programme\Google\Update\GoogleUpdate.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="nodetails"><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td class="nodetails">"Hotspot Shield Monitoring Service" (HssWd)</td>
<td class="nodetails"></td>
<td class="nodetails">C:\Programme\Hotspot Shield\bin\hsswd.exe</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Hotspot Shield Routing Service" (HssSrv)</td>
<td></td>
<td>C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="nodetails"><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="nodetails">"Hotspot Shield Service" (hshld)</td>
<td class="nodetails"></td>
<td class="nodetails">C:\Programme\Hotspot Shield\bin\openvpnas.exe</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td class="nodetails"><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="nodetails">"Hotspot Shield Tray Service" (HssTrayService)</td>
<td class="nodetails"></td>
<td class="nodetails">C:\Programme\Hotspot Shield\bin\HssTrayService.EXE</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"Machine Debug Manager" (MDM)</td>
<td>"Microsoft Corporation"</td>
<td>C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Office Source Engine" (ose)</td>
<td>"Microsoft Corporation"</td>
<td>C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Windows CardSpace" (idsvc)</td>
<td>"Microsoft Corporation"</td>
<td>c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"Windows Defender" (WinDefend)</td>
<td class="notfound"></td>
<td class="notfound">C:\Programme\Windows Defender\mpsvc.dll</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0)</td>
<td>"Microsoft Corporation"</td>
<td>c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Winlogon</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\Control Panel\IOProcs</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"MVB"</td>
<td class="notfound"></td>
<td class="notfound">mvfs32.dll</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"WgaLogon"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\WgaLogon.dll</td>
<td>File exists</td>
</tr>
</table>
<p>If You have questions or want to get some help, You can visit <a href="hxxp://forum.online-solutions.ru" target="_blank">hxxp://forum.online-solutions.ru</a></p>
</body></html>

3.aswMBR-Scan:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-16 10:05:27
-----------------------------
10:05:27.156    OS Version: Windows 5.1.2600 Service Pack 3
10:05:27.156    Number of processors: 1 586 0xD08
10:05:27.156    ComputerName: SEIDL-PRI9PQQLM  UserName: Nirmala
10:05:28.343    Initialize success
10:15:39.921    AVAST engine defs: 12061501
10:15:58.546    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:15:58.546    Disk 0 Vendor: TOSHIBA_MK6006GAH BZ002A Size: 57231MB BusType: 3
10:15:58.562    Disk 0 MBR read successfully
10:15:58.562    Disk 0 MBR scan
10:15:58.625    Disk 0 Windows XP default MBR code
10:15:58.625    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        57223 MB offset 63
10:15:58.640    Disk 0 scanning sectors +117194175
10:15:58.750    Disk 0 scanning C:\WINDOWS\system32\drivers
10:16:16.953    Service scanning
10:16:39.843    Modules scanning
10:16:47.078    Disk 0 trace - called modules:
10:16:47.109    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
10:16:47.109    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864fbab8]
10:16:47.515    3 CLASSPNP.SYS[f7650fd7] -> nt!IofCallDriver -> \Device\00000075[0x86592f18]
10:16:47.515    5 ACPI.sys[f74c6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x864c7940]
10:16:48.156    AVAST engine scan C:\WINDOWS
10:17:06.171    AVAST engine scan C:\WINDOWS\system32
10:21:06.578    AVAST engine scan C:\WINDOWS\system32\drivers
10:21:30.375    AVAST engine scan C:\Dokumente und Einstellungen\Nirmala
10:29:40.765    AVAST engine scan C:\Dokumente und Einstellungen\All Users
10:30:07.171    Scan finished successfully
11:48:16.093    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Nirmala\Desktop\MBR.dat"
11:48:16.109    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Nirmala\Desktop\aswMBR.scan.txt"
         

Danke fürs Screen!

LG,
Nirmala

Geändert von cosinus (18.06.2012 um 11:16 Uhr) Grund: CODE-Tags

Alt 17.06.2012, 20:44   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mit Windows-VerschlüsselungsTrojaner infiziert! - Standard

Mit Windows-VerschlüsselungsTrojaner infiziert!



Das OSAM-Log hast du falsch erstellt!
Es sollte als Log gespeichert werden und nicht im HTML-Format!

Alt 18.06.2012, 09:08   #29
nirmala
 
Mit Windows-VerschlüsselungsTrojaner infiziert! - Standard

Mit Windows-VerschlüsselungsTrojaner infiziert!



Hi,

hier der neue Osam-Scan:

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 10:05:29 on 18.06.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ATCPanel.cpl" - "AuthenTec, Inc." - C:\WINDOWS\system32\ATCPanel.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"jpicpl32.cpl" - "Sun Microsystems" - C:\WINDOWS\system32\jpicpl32.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"ProDyne DSL Adapter" (PDDSLADP) - "ProDyne" - C:\WINDOWS\System32\DRIVERS\PDDSLADP.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.4.2_01" - "JavaSoft / Sun Microsystems, Inc." - C:\Programme\Java\j2re1.4.2_01\bin\npjpi142_01.dll / Java Plug-in Technology
{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} "Java Plug-in 1.4.2_01" - "JavaSoft / Sun Microsystems, Inc." - C:\Programme\Java\j2re1.4.2_01\bin\npjpi142_01.dll / Java Plug-in Technology
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash11g.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Nirmala\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ATSwpNav" - "AuthenTec, Inc." - "C:\Programme\Fingerprint Sensor\ATSwpNav" -run
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"LtMoh" - "Agere Systems" - C:\Programme\ltmoh\Ltmoh.exe
"SunJavaUpdateSched" - ? - C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Hotspot Shield Monitoring Service" (HssWd) - ? - C:\Programme\Hotspot Shield\bin\hsswd.exe  (File found, but it contains no detailed information)
"Hotspot Shield Routing Service" (HssSrv) - ? - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
"Hotspot Shield Service" (hshld) - ? - C:\Programme\Hotspot Shield\bin\openvpnas.exe  (File found, but it contains no detailed information)
"Hotspot Shield Tray Service" (HssTrayService) - ? - C:\Programme\Hotspot Shield\bin\HssTrayService.EXE  (File found, but it contains no detailed information)
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Defender" (WinDefend) - ? - C:\Programme\Windows Defender\mpsvc.dll  (File not found)
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

Danke, Gruß,
N.

Alt 18.06.2012, 11:17   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mit Windows-VerschlüsselungsTrojaner infiziert! - Standard

Mit Windows-VerschlüsselungsTrojaner infiziert!



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Antwort

Themen zu Mit Windows-VerschlüsselungsTrojaner infiziert!
.exe, bekannte, betreff, datei, durchgeführt, email, erhalte, erhalten, erschein, erscheint, externes, externes laufwerk, infiziert, laptop, laufwerk, meldung, otl.exe, otlpe, otlpenet.exe, plötzlich, poste, rechnung, scan, wiederholten



Ähnliche Themen: Mit Windows-VerschlüsselungsTrojaner infiziert!


  1. Windows 7 Pro Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 27.04.2013 (47)
  2. Windows-Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (4)
  3. Laptop mit einem Verschlüsselungstrojaner infiziert,was tun?
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (1)
  4. Windows XP Pro, Verschlüsselungstrojaner, Windows fährt nicht vollständig hoch
    Plagegeister aller Art und deren Bekämpfung - 21.06.2012 (1)
  5. Erwischt: Windows Verschlüsselungstrojaner unter Windows XP via E-Mail
    Log-Analyse und Auswertung - 17.06.2012 (11)
  6. Windows Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 15.06.2012 (13)
  7. Windows verschlüsselungstrojaner
    Log-Analyse und Auswertung - 14.06.2012 (3)
  8. Windows Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (1)
  9. Sie haben sich mit einem Windows - Verschlüsselungstrojaner infiziert!
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  10. Windows-Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (21)
  11. gestern infiziert: Verschlüsselungstrojaner auf XP Rechner
    Log-Analyse und Auswertung - 19.05.2012 (3)
  12. Windows Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 05.05.2012 (17)
  13. Sie haben sich mit einem Windows Verschlüsselungstrojaner infiziert...
    Log-Analyse und Auswertung - 03.05.2012 (56)
  14. Verschlüsselungstrojaner infiziert
    Log-Analyse und Auswertung - 03.05.2012 (1)
  15. Sie haben sich mit einem Windows Verschlüsselungstrojaner infiziert 50Euro Ukash Code
    Log-Analyse und Auswertung - 29.04.2012 (12)
  16. Windows Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (3)
  17. Windows Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (1)

Zum Thema Mit Windows-VerschlüsselungsTrojaner infiziert! - Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: - Mit Windows-VerschlüsselungsTrojaner infiziert!...
Archiv
Du betrachtest: Mit Windows-VerschlüsselungsTrojaner infiziert! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.