Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Auch bei meinem PC klemmts....

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 24.07.2010, 14:28   #1
airwavemagic
 
Auch bei meinem PC klemmts.... - Icon17

Auch bei meinem PC klemmts....



...und auch ich hoffe, dass mir jemand hilft, den folgenden Log zu verstehen -- diverese Suchen haben mich Null weitergebracht. Und ich hoffe, dass ein testweise klicken auf "fix selected items" nicht schon irgendeinen Schaden erzeugt hat. Sorry for being so

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:06:29, on 24.07.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\xxx\My Documents\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT1750559
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: CDelHotkeys Object - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O3 - Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GBMLite8AgentLaCie] C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [GBMLite8AgentLaCie] C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe
O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8985 bytes
         
--- --- ---

Alt 25.07.2010, 10:18   #2
airwavemagic
 
Auch bei meinem PC klemmts.... - Standard

Auch bei meinem PC klemmts....



Hm, keine Antwort -- heisst das vielleicht, dass man zum Interpretieren des Logs mehr wissen musss? Nur was?

Das Problem meines Notebooks ist, dass es neulich ganz plötzlich extrem langsam geworden ist. Es lief in diesem Moment zwei Stunden unbenutzt vor sich hin und anders also sonst war eigentlich nur, dass in diesen Tagen ein Kollege Facebook intensiv genutzt hat (was ich nie nutze).

Ich habe dann unter Laufwerkeigenschaften mehrmals die Aufräum- und die Defragmentierungsfunktion laufen lassen und habe möglichst scharf überflüssige Programme deinstalliert (leider war da der Audio-Treiber dabei und es war ziemlich mühsam, den im Netz wiederzufinden).

Manchmal kann man nun wieder ganz passable arbeiten (beim Aufstarten allerdings dauert es immer noch ziemlich lange und wenn man z.B. Firefox startet, brennt die Festplatten-LED 1-2 Minuten, bis das Programm dann endlich erscheint).

Jetzt kam zum dritten Mal (in ganz unterschiedlichen Situationen) der blaue Bildschirm mit der weissen Schrift: problem detected, windows is shutting down, attempt to execute non-executable memory -- und etwas weiter unter die Stop-Info: 0x000000FC (0x00760065, 0x31846867, 0xF79E5DE4, 0x00000000), wobei die zweite Zahl in der Klammer 0x3A487867 bzw. 0x1C5FD025 gelautet hatte.

Ist das irgendein Hinweis auf Malware o.ö.?
__________________


Alt 25.07.2010, 15:58   #3
markusg
/// Malware-holic
 
Auch bei meinem PC klemmts.... - Standard

Auch bei meinem PC klemmts....



erzähl doch ma worin dein problem besteht.
__________________

Alt 25.07.2010, 16:04   #4
airwavemagic
 
Auch bei meinem PC klemmts.... - Standard

Auch bei meinem PC klemmts....



Mein Problem besteht eben darin, dass das Gerät bisweilen irgendwie merkwürdig beschäftigt ist (in den Prozessen kann ich allerdings nichts verdächtiges entdecken, allerdings weiss ich eben auch nicht wirklich, worauf ich achten soll) und dauerhafter Zugriff auf die Festplatte stattfindet -- und schon dreimal der beschriebene Systemabsturz ("attempt to execute non-executable memory") passiert ist.

Kann das etwas mit den Themen zu tun haben, die Gegenstand dieses Forums sind?

Alt 25.07.2010, 16:23   #5
markusg
/// Malware-holic
 
Auch bei meinem PC klemmts.... - Standard

Auch bei meinem PC klemmts....



sehen wir bald :-)
download malwarebytes:
Malwarebytes
instalieren, updaten, über die registerkarte aktualisierung.
dann schalte alles an laufenden programmen ab, auch antivirus.
trenne die internetverbindung, in dem du wlan abschaltest, bzw das netzwerkkabel ziehst.
starte nun nen komplett scan, funde löschen, log nach aktivierung von internet und antivirus posten.
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide


Alt 25.07.2010, 23:05   #6
airwavemagic
 
Auch bei meinem PC klemmts.... - Standard

Auch bei meinem PC klemmts....



Herzlichen Dank für den Tip. War der zweite Teil (OTL) als zweiter Schritt oder als (verzichtbare) Alternative gemeint? Den ersten Teil habe ich durchgeführt (s.u.). Zwar wurde ein Treffer erzielt, aber irgendwie klang das zu harmlos, als das der wirkliche Grund für die Abstürze sein kann, oder?

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4346

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

25.07.2010 22:02:01
mbam-log-2010-07-25 (22-02-01).txt

Scan type: Full scan (C:\|)
Objects scanned: 175407
Time elapsed: 3 hour(s), 3 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\D3DX8ab.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Alt 26.07.2010, 12:18   #7
markusg
/// Malware-holic
 
Auch bei meinem PC klemmts.... - Standard

Auch bei meinem PC klemmts....



nein als zweiter schritt :-)

Alt 27.07.2010, 20:41   #8
airwavemagic
 
Auch bei meinem PC klemmts.... - Standard

Auch bei meinem PC klemmts....



So, jetzt ist auch der zweite Schritt getan und natürlich bin ich gespannt, ob jemand aus diesen Report irgendetwas ablesen kann -- ich verstehe nur Bahnhof...
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.07.2010 19:20:12 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Documents and Settings\York\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000807 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
1'014.00 Mb Total Physical Memory | 447.00 Mb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 27.66 Gb Free Space | 49.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: YORK-9F8D73CD96
Current User Name: York
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\York\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd)
PRC - C:\Program Files\NavNT\rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
PRC - C:\Program Files\NavNT\defwatch.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\CBA\XFR.EXE (Intel Corporation)
PRC - C:\WINDOWS\system32\CBA\PDS.EXE (Intel Corporation)
PRC - C:\WINDOWS\system32\MSGSYS.EXE (Intel Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\York\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\hccutils.dll (Intel Corporation)
MOD - C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll (Nuance Communications, Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
SRV - (Norton AntiVirus Server) -- C:\Program Files\NavNT\rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\NavNT\defwatch.exe (Symantec Corporation)
SRV - (Intel File Transfer) -- C:\WINDOWS\system32\CBA\XFR.EXE (Intel Corporation)
SRV - (Intel PDS) -- C:\WINDOWS\system32\CBA\PDS.EXE (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDC_SAM) -- C:\WINDOWS\System32\DRIVERS\wdcsam.sys File not found
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\NAVENG.SYS (Symantec Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVAP) -- C:\Program Files\NavNT\navap.sys ()
DRV - (NAVAPEL) -- C:\Program Files\NavNT\Navapel.sys ()
DRV - (QCEmerald) -- C:\WINDOWS\system32\drivers\OVCE.sys (Microsoft Corporation)
DRV - (lusbaudio) -- C:\WINDOWS\system32\drivers\OVSound2.sys (Microsoft Corporation)
DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-507921405-152049171-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKU\S-1-5-21-507921405-152049171-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.073
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.24 16:44:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.25 00:40:09 | 000,000,000 | ---D | M]
 
[2010.02.26 22:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Mozilla\Extensions
[2010.07.26 01:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Mozilla\Firefox\Profiles\9j6o0a3c.default\extensions
[2010.07.25 22:44:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\York\Application Data\Mozilla\Firefox\Profiles\9j6o0a3c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.13 21:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\York\Application Data\Mozilla\Firefox\Profiles\9j6o0a3c.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010.07.26 01:15:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.29 11:55:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.29 11:55:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
[2010.07.05 15:01:59 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.05 15:01:59 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.14 22:56:09 | 000,000,143 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\foxsearch.src
[2010.07.05 15:01:59 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.05 15:02:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.05 15:02:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (CDelHotkeys Object) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-152049171-1606980848-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-507921405-152049171-1606980848-1003\..\Toolbar\WebBrowser: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [GBMLite8AgentLaCie] C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-507921405-152049171-1606980848-1003..\Run: [GBMLite8AgentLaCie] C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)
O4 - HKU\S-1-5-21-507921405-152049171-1606980848-1003..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\York\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-152049171-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.12 19:10:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{73553f62-6b08-11df-9c05-00188ba89ece}\Shell\Shell00\Command - "" = E:\Start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.25 17:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\York\Application Data\Malwarebytes
[2010.07.25 17:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.07.24 17:01:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.07.24 16:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.07.24 11:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\York\Application Data\Uniblue
[2010.07.18 19:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\York\My Documents\=Katja=
[2010.07.18 18:26:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.07.14 23:23:05 | 000,339,968 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2010.07.14 23:21:34 | 000,172,032 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacapi.dll
[2010.07.14 22:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010.07.14 22:55:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\York\Application Data\Gutscheinmieze
[2010.07.14 18:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2010.07.14 18:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\SigmaTel
[2010.07.14 18:35:54 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2010.07.13 21:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010.07.09 17:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010.07.05 16:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\York\Application Data\Google
[2010.07.05 16:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010.07.05 16:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\York\Local Settings\Application Data\Temp
[2010.07.05 16:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010.07.05 16:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\York\Local Settings\Application Data\Google
[2010.07.05 12:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\MaxPunkte 6
[2010.07.05 12:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\York\My Documents\MaxPunkte
[2010.07.05 12:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\MaxPunkte
[2010.06.28 14:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.27 18:23:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.27 18:22:20 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
[2010.07.27 18:21:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.27 18:21:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.27 18:21:05 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.26 01:49:19 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\York\NTUSER.DAT
[2010.07.26 01:49:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\York\ntuser.ini
[2010.07.25 00:45:17 | 000,000,614 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.07.25 00:45:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.25 00:45:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.07.24 16:34:45 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\York\Desktop\CCleaner.lnk
[2010.07.22 19:07:38 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\York\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.11 09:54:56 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\York\Desktop\PowerPoint 2007.lnk
[2010.07.08 13:09:07 | 000,211,968 | ---- | M] () -- C:\Documents and Settings\York\My Documents\FormResearchPlan[1]_tb100707_knk.doc
[2010.07.06 22:49:29 | 002,279,936 | ---- | M] () -- C:\Documents and Settings\York\My Documents\Copy of WM Tippspiel_Halbfinals.xls
[2010.07.06 14:04:04 | 002,279,424 | ---- | M] () -- C:\Documents and Settings\York\My Documents\Copy of WM Tippspiel.xls
[2010.07.06 13:51:47 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\York\Desktop\Office Excel 2007.lnk
[2010.07.01 21:51:43 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\York\My Documents\JobDescription YL -- Version Jul2010.doc
[2010.06.28 14:44:48 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\York\g2mdlhlpx.exe
[2010.06.27 22:59:41 | 000,493,258 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.27 22:59:41 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.27 22:59:41 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.25 00:45:17 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\York\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010.07.24 16:34:45 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\York\Desktop\CCleaner.lnk
[2010.07.18 18:59:55 | 000,211,968 | ---- | C] () -- C:\Documents and Settings\York\My Documents\FormResearchPlan[1]_tb100707_knk.doc
[2010.07.06 22:49:29 | 002,279,936 | ---- | C] () -- C:\Documents and Settings\York\My Documents\Copy of WM Tippspiel_Halbfinals.xls
[2010.07.01 20:33:35 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\York\My Documents\JobDescription YL -- Version Jul2010.doc
[2010.06.28 14:44:47 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\York\g2mdlhlpx.exe
[2010.04.24 10:58:37 | 000,000,065 | ---- | C] () -- C:\WINDOWS\Maus2.INI
[2010.02.28 18:47:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2010.02.28 18:38:30 | 000,000,244 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.02.28 18:32:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010.02.28 18:13:17 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2010.02.28 18:12:46 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2010.02.27 19:22:29 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2010.02.27 19:22:29 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2010.02.27 19:22:29 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2010.02.27 19:22:29 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010.02.27 19:22:29 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1430.ini
[2010.02.27 19:22:29 | 000,000,039 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2010.02.27 19:22:29 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010.02.27 19:22:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BROHL143.INI
[2010.02.27 19:22:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010.02.27 19:22:28 | 000,013,109 | ---- | C] () -- C:\WINDOWS\HL-1430.INI
[2010.02.27 19:22:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010.02.27 19:22:17 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010.02.27 19:22:16 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010.02.27 17:39:07 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010.02.12 21:06:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010.02.12 21:06:06 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010.02.12 20:01:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.12.11 13:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2001.09.24 08:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[1997.06.06 11:08:30 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL
 
========== LOP Check ==========
 
[2010.03.08 22:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010.02.27 17:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010.03.13 18:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010.02.15 14:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010.05.29 22:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\BSplayer
[2010.05.29 22:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\BSplayer Pro
[2010.02.27 18:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Canon
[2010.07.24 16:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Delicious IE Extension
[2010.04.23 16:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\FileZilla
[2010.06.03 20:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Genie-soft
[2010.07.20 22:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Gutscheinmieze
[2010.04.03 10:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Information Factory
[2010.02.28 18:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Panasonic
[2010.02.27 17:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\ScanSoft
[2010.07.24 11:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Uniblue
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2010.02.27 19:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010.03.08 22:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010.07.13 21:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010.02.27 17:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010.07.25 17:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.07.13 21:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010.02.12 20:59:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010.02.12 21:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010.02.27 17:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010.02.15 13:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2010.03.08 21:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2010.03.13 18:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010.02.28 18:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010.03.13 18:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010.03.29 21:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.06.05 21:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Adobe
[2010.03.13 21:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\AdobeUM
[2010.05.29 22:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\BSplayer
[2010.05.29 22:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\BSplayer Pro
[2010.02.27 18:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Canon
[2010.07.24 16:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Delicious IE Extension
[2010.04.23 16:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\FileZilla
[2010.06.03 20:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Genie-soft
[2010.07.05 16:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Google
[2010.07.20 22:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Gutscheinmieze
[2010.02.12 19:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Identities
[2010.04.03 10:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Information Factory
[2010.02.28 18:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\InstallShield
[2010.02.28 14:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Macromedia
[2010.07.25 17:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Malwarebytes
[2010.06.05 15:18:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\York\Application Data\Microsoft
[2010.02.26 22:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Mozilla
[2010.02.28 18:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Panasonic
[2010.02.27 17:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\ScanSoft
[2010.03.13 18:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Sun
[2010.07.24 11:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\York\Application Data\Uniblue
 
< %APPDATA%\*.exe /s >
[2009.08.11 21:21:26 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\York\Application Data\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 21:21:30 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\York\Application Data\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 14:52:04 | 000,697,690 | ---- | M] () -- C:\Documents and Settings\York\Application Data\BSplayer\AC3 Filter\unins000.exe
[2010.02.23 17:01:52 | 001,185,871 | ---- | M] () -- C:\Documents and Settings\York\Application Data\BSplayer\FFDShow\unins000.exe
[2009.11.14 19:11:36 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\York\Application Data\BSplayer\Haali media splitter\dsmux.exe
[2009.11.14 19:33:40 | 000,357,888 | ---- | M] () -- C:\Documents and Settings\York\Application Data\BSplayer\Haali media splitter\gdsmux.exe
[2009.11.14 19:11:36 | 000,136,704 | ---- | M] () -- C:\Documents and Settings\York\Application Data\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.02.23 16:00:42 | 000,042,288 | ---- | M] () -- C:\Documents and Settings\York\Application Data\BSplayer\Haali media splitter\uninstall.exe
[2010.04.12 14:33:56 | 000,825,344 | ---- | M] (Synatix GmbH) -- C:\Documents and Settings\York\Application Data\Gutscheinmieze\uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.04.14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 10:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 10:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2009.01.04 18:43:34 | 000,032,768 | ---- | M] (Panasonic Corporation) MD5=F113CB0CD335B41D55AB7803ECAD7739 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO\Core\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2008.05.08 00:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\WINDOWS\Dell\Intel\IaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: NVGTS.SYS  >
[2008.01.21 20:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\WINDOWS\Dell\NVidia\nvgts.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2010.02.12 10:52:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.02.12 10:52:08 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.02.12 10:52:07 | 000,925,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
         
--- --- ---

Alt 27.07.2010, 20:56   #9
markusg
/// Malware-holic
 
Auch bei meinem PC klemmts.... - Standard

Auch bei meinem PC klemmts....



Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun das Folgende in die Textbox.

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found
O4 - HKLM..\Run: [CmPCIaudio] File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

:Files
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O33 - MountPoints2\{73553f62-6b08-11df-9c05-00188ba89ece}\Shell\Shell00\Command - "" = E:\Start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten

nutze den ccleaner, bereinige dateien + registry:
http://www.trojaner-board.de/51464-a...-ccleaner.html
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Alt 27.07.2010, 21:50   #10
airwavemagic
 
Auch bei meinem PC klemmts.... - Standard

Auch bei meinem PC klemmts....



Danke für die Antwort -- bevor ich das mache, hier aber noch eine Frage: Inzwischen kam eine Meldung von Norton AntiVirus:

Prüfungstyp: Echtzeitschutz Prüfung
Ereignis: Virus festgestellt!
Virusname: Bloodhound.MalPE
Datei: C:\System Volume Information\_restore{FBB22C24-B5D2-43B4-8F4F-81EC7A20B631}\RP94\A0018844.dll
Ablageort: Isolieren
Computer: YORK-9F8D73CD96
Benutzer: SYSTEM
Durchgeführte Aktion: Säubern fehlgeschlagen : Isolieren erfolgreich : Zugriff verweigert
Gefundenes Datum: Tue Jul 27 21:03:10 2010

Eine solche Meldung habe ich ewig nicht mehr (noch nie?) bekommen. Gibt es einen Zusammenhang? Soll ich den OTL-Fix dennoch durchführen?

Danke für die Hilfen!!!

Alt 27.07.2010, 23:45   #11
airwavemagic
 
Auch bei meinem PC klemmts.... - Standard

Auch bei meinem PC klemmts....



Oups, da war ja noch der zweite (für mich ebenso unverständliche) OTL-Report -- aber die Frage bleibt: unabhängig von der Virusmeldung nun als nächstes den OTL-Fix durchführen?
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.07.2010 19:20:12 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Documents and Settings\York\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000807 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
1'014.00 Mb Total Physical Memory | 447.00 Mb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 27.66 Gb Free Space | 49.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: YORK-9F8D73CD96
Current User Name: York
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-21-507921405-152049171-1606980848-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO HD Edition
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9A162C1-031F-4EBF-A3E6-C45F7FCCBB9E}_is1" = Genie Backup Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Brother HL-1430" = Brother HL-1430
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Delicious Add-on for Internet Explorer" = Delicious Add-on for Internet Explorer
"DW WLAN Card Utility" = DW WLAN Card Utility
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.2.7.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"MaxPunkte_is1" = MaxPunkte Ver. 6.2.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"WebmailSync_is1" = WebmailSync 1.17
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.06.2010 16:15:08 | Computer Name = YORK-9F8D73CD96 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This operation returned because the timeout period expired.  
 
Error - 10.06.2010 16:15:09 | Computer Name = YORK-9F8D73CD96 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The specified server cannot perform the requested operation.  
 
Error - 10.06.2010 16:15:10 | Computer Name = YORK-9F8D73CD96 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The specified server cannot perform the requested operation.  
 
Error - 10.06.2010 16:15:10 | Computer Name = YORK-9F8D73CD96 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The specified server cannot perform the requested operation.  
 
Error - 11.06.2010 16:54:36 | Computer Name = YORK-9F8D73CD96 | Source = MsiInstaller | ID = 11705
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1705.A
 previous installation for this product is in progress.  You must undo the changes
 made by that installation to continue.  Do you want to undo those changes?
 
Error - 17.06.2010 16:53:03 | Computer Name = YORK-9F8D73CD96 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This operation returned because the timeout period expired.  
 
Error - 17.06.2010 16:53:03 | Computer Name = YORK-9F8D73CD96 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The specified server cannot perform the requested operation.  
 
Error - 17.06.2010 16:53:04 | Computer Name = YORK-9F8D73CD96 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The specified server cannot perform the requested operation.  
 
Error - 17.06.2010 16:53:04 | Computer Name = YORK-9F8D73CD96 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The specified server cannot perform the requested operation.  
 
Error - 27.06.2010 12:35:27 | Computer Name = YORK-9F8D73CD96 | Source = McLogEvent | ID = 5051
Description = 
 
[ System Events ]
Error - 18.07.2010 11:45:19 | Computer Name = YORK-9F8D73CD96 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
 service and therefore cannot download and install updates according to the set 
schedule. Windows will continue to try to establish a connection.
 
Error - 18.07.2010 15:21:08 | Computer Name = YORK-9F8D73CD96 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
 again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 18.07.2010 15:21:08 | Computer Name = YORK-9F8D73CD96 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
 time. 
 
Error - 18.07.2010 15:21:10 | Computer Name = YORK-9F8D73CD96 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
 again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 18.07.2010 15:21:10 | Computer Name = YORK-9F8D73CD96 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
 time. 
 
Error - 18.07.2010 15:21:13 | Computer Name = YORK-9F8D73CD96 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
 again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 18.07.2010 15:21:13 | Computer Name = YORK-9F8D73CD96 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
 time. 
 
Error - 20.07.2010 11:23:47 | Computer Name = YORK-9F8D73CD96 | Source = System Error | ID = 1003
Description = Error code 000000fc, parameter1 00760065, parameter2 3a487867, parameter3
 f79e5de4, parameter4 00000000.
 
Error - 22.07.2010 12:50:06 | Computer Name = YORK-9F8D73CD96 | Source = System Error | ID = 1003
Description = Error code 000000fc, parameter1 00760065, parameter2 1c5fd025, parameter3
 f79e5de4, parameter4 00000000.
 
Error - 24.07.2010 04:02:49 | Computer Name = YORK-9F8D73CD96 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 84.75.63.88 on 
the  Network Card with network address 00188BA89ECE.
 
 
< End of report >
         
--- --- ---

Alt 28.07.2010, 14:02   #12
markusg
/// Malware-holic
 
Auch bei meinem PC klemmts.... - Standard

Auch bei meinem PC klemmts....



es sieht nach nem exploit aus, wird übers internet eingeschläust und kann, falls die entsprechende sicherheitslücke nicht geschlossen ist, wirksam werden.
bis jetzt habe ich noch nicht viel beunruhigendes gesehen.
erst mal weiter mit dem otl fix, dann CCleaner und dann combofix

Alt 28.07.2010, 20:41   #13
airwavemagic
 
Auch bei meinem PC klemmts.... - Standard

Auch bei meinem PC klemmts....



Also dann, hier ist der Report vom OTL fix:

All processes killed
Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.> in the current context!
Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.exe /s> in the current context!
Error: Unable to interpret <%APPDATA%\*.> in the current context!
Error: Unable to interpret <%APPDATA%\*.exe /s> in the current context!
Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context!
Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <userinit.exe> in the current context!
Error: Unable to interpret <eventlog.dll> in the current context!
Error: Unable to interpret <scecli.dll> in the current context!
Error: Unable to interpret <netlogon.dll> in the current context!
Error: Unable to interpret <cngaudit.dll> in the current context!
Error: Unable to interpret <ws2ifsl.sys> in the current context!
Error: Unable to interpret <sceclt.dll> in the current context!
Error: Unable to interpret <ntelogon.dll> in the current context!
Error: Unable to interpret <logevent.dll> in the current context!
Error: Unable to interpret <iaStor.sys> in the current context!
Error: Unable to interpret <nvstor.sys> in the current context!
Error: Unable to interpret <atapi.sys> in the current context!
Error: Unable to interpret <IdeChnDr.sys> in the current context!
Error: Unable to interpret <viasraid.sys> in the current context!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CmPCIaudio not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== FILES ==========
File\Folder O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found not found.
File\Folder O4 - HKLM..\Run: [] File not found not found.
File\Folder O4 - HKLM..\Run: [KernelFaultCheck] File not found not found.
File\Folder O33 - MountPoints2\{73553f62-6b08-11df-9c05-00188ba89ece}\Shell\Shell00\Command - "" = E:\Start.exe -- File not found not found.
File\Folder O34 - HKLM BootExecute: (autocheck autochk *) - File not found not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

Alt 28.07.2010, 20:57   #14
markusg
/// Malware-holic
 
Auch bei meinem PC klemmts.... - Standard

Auch bei meinem PC klemmts....



das war nicht der otl fix, der steht in post9

Alt 28.07.2010, 23:27   #15
airwavemagic
 
Auch bei meinem PC klemmts.... - Standard

Auch bei meinem PC klemmts....



Hm, ich meinte den "Extra"-Report und dachte das sei der Fixing-Report. Jedenfalls ist es der zweite der von OTL produzierten Berichte.

Und hier ist noch der Bericht nach ComboBox:

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-07-27.05 - York 28.07.2010  23:11:49.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.616 [GMT 2:00]
Running from: c:\documents and settings\York\My Documents\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\hpe43.dll
c:\documents and settings\York\g2mdlhlpx.exe

.
(((((((((((((((((((((((((   Files Created from 2010-06-28 to 2010-07-28  )))))))))))))))))))))))))))))))
.

2010-07-28 18:38 . 2010-07-28 18:38	2568656	----a-w-	c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-07-28 18:37 . 2010-07-28 19:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\NOS
2010-07-28 17:55 . 2010-07-28 17:55	--------	d-----w-	C:\_OTL
2010-07-25 15:20 . 2010-07-25 15:20	--------	d-----w-	c:\documents and settings\York\Application Data\Malwarebytes
2010-07-25 15:19 . 2010-07-25 15:19	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-24 14:34 . 2010-07-24 14:34	--------	d-----w-	c:\program files\CCleaner
2010-07-24 09:36 . 2010-07-24 09:36	--------	d-----w-	c:\documents and settings\York\Application Data\Uniblue
2010-07-18 16:26 . 2010-07-18 16:44	--------	d-----w-	c:\windows\system32\NtmsData
2010-07-14 21:23 . 2005-03-22 15:20	339968	----a-w-	c:\windows\stsystra.exe
2010-07-14 21:21 . 2005-11-16 13:35	172032	----a-w-	c:\windows\system32\stacapi.dll
2010-07-14 20:56 . 2010-07-14 20:56	--------	d-----w-	c:\program files\Lavalys
2010-07-14 20:55 . 2010-04-12 12:33	825344	----a-w-	c:\documents and settings\York\Application Data\Gutscheinmieze\uninstall.exe
2010-07-14 20:55 . 2010-07-20 20:42	--------	d-----w-	c:\documents and settings\York\Application Data\Gutscheinmieze
2010-07-14 16:54 . 2010-07-14 16:54	--------	d-----w-	c:\program files\IDT
2010-07-14 16:36 . 2010-07-14 21:21	--------	d-----w-	c:\program files\SigmaTel
2010-07-14 16:35 . 1998-10-29 14:45	306688	----a-w-	c:\windows\IsUninst.exe
2010-07-09 15:49 . 2010-07-09 15:49	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-07-05 14:40 . 2010-07-05 14:40	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-07-05 14:40 . 2010-07-05 14:43	--------	d-----w-	c:\documents and settings\York\Local Settings\Application Data\Temp
2010-07-05 14:39 . 2010-07-13 19:46	--------	d-----w-	c:\program files\Google
2010-07-05 14:39 . 2010-07-13 19:01	--------	d-----w-	c:\documents and settings\York\Local Settings\Application Data\Google
2010-07-05 10:09 . 2010-07-05 10:09	--------	d-----w-	c:\program files\MaxPunkte 6

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 14:43 . 2010-04-13 18:49	--------	d-----w-	c:\documents and settings\York\Application Data\Delicious IE Extension
2010-07-14 21:21 . 2010-02-12 17:49	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-07-14 19:11 . 2010-07-14 16:54	1164	----a-w-	c:\windows\system32\drivers\sthdae.log
2010-07-13 19:26 . 2010-02-15 11:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\McAfee
2010-07-13 19:04 . 2010-06-28 12:47	--------	d-----w-	c:\program files\Citrix
2010-06-14 14:31 . 2010-02-12 17:07	744448	----a-w-	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-03 18:56 . 2010-06-03 18:56	--------	d-----w-	c:\documents and settings\York\Application Data\Genie-soft
2010-05-29 09:57 . 2010-05-29 09:57	503808	----a-w-	c:\documents and settings\York\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2fb71b64-n\msvcp71.dll
2010-05-29 09:57 . 2010-05-29 09:57	12800	----a-w-	c:\documents and settings\York\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6150a534-n\decora-d3d.dll
2010-05-29 09:57 . 2010-05-29 09:57	61440	----a-w-	c:\documents and settings\York\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6150a534-n\decora-sse.dll
2010-05-29 09:57 . 2010-05-29 09:57	499712	----a-w-	c:\documents and settings\York\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2fb71b64-n\jmc.dll
2010-05-29 09:57 . 2010-05-29 09:57	348160	----a-w-	c:\documents and settings\York\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2fb71b64-n\msvcr71.dll
2010-05-29 09:55 . 2010-05-29 09:55	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-05-02 05:22 . 2008-04-14 12:00	1851264	----a-w-	c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"GBMLite8AgentLaCie"="c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 189056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-07 2498560]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"vptray"="c:\program files\NavNT\vptray.exe" [2001-09-26 73728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GBMLite8AgentLaCie"="c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe" [2008-09-18 189056]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\York\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2010-2-27 25214]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-28 113664]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	\0

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [27.02.2010 19:28 31872]
S0 cerc6;cerc6; [x]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [08.03.2010 21:41 90112]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [08.03.2010 21:42 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [08.03.2010 21:42 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [08.03.2010 21:42 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [08.03.2010 21:42 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [08.03.2010 21:42 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [08.03.2010 21:42 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [08.03.2010 21:42 109736]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - NAVAP
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\documents and settings\York\Application Data\Mozilla\Firefox\Profiles\9j6o0a3c.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmieze.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************
scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2010-07-28  23:21:38
ComboFix-quarantined-files.txt  2010-07-28 21:21

Pre-Run: 30'241'484'800 bytes free
Post-Run: 30'206'939'136 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6ACD5BCC10318849071C97A7527AE51C
         
--- --- ---

Antwort

Themen zu Auch bei meinem PC klemmts....
.com, adobe, antivirus, bho, browser, excel, explorer, firefox, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, jusched.exe, log, microsoft, mozilla, object, pdf, server, software, speedupmypc, suche, symantec, system, windows, windows xp, wlan, {dfefcdee-cf1a-4fc8-88ad-48514e463b27}



Ähnliche Themen: Auch bei meinem PC klemmts....


  1. Yahoo-Account versendet auch in meinem Namen aber mit .com Endung Mails
    Plagegeister aller Art und deren Bekämpfung - 08.07.2014 (9)
  2. Kontakte aus meinem Yahoo Adressbuch erhalten Spam-Emails von meinem Account
    Plagegeister aller Art und deren Bekämpfung - 23.06.2014 (11)
  3. Auf meinem Server wird meine webseite befallen, evtl. liegt das an meinem Computer / Befall?
    Plagegeister aller Art und deren Bekämpfung - 02.05.2014 (27)
  4. SoftwareUpdater.ui.exe leider auch auf meinem Notebook
    Log-Analyse und Auswertung - 05.11.2013 (11)
  5. Auch ich habe seit ein paar Wochen beim Start von meinem Windows XP den Hinweis: -TBUploader.dll- nicht gefunden.
    Plagegeister aller Art und deren Bekämpfung - 07.08.2013 (5)
  6. "bprotector for windows" auch auf meinem PC, komme aber nicht weiter
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (2)
  7. GVU Trojaner auch in meinem Rechner !
    Log-Analyse und Auswertung - 02.03.2013 (9)
  8. Hermes_V01 :: Auch auf meinem Rechner?
    Log-Analyse und Auswertung - 09.09.2012 (8)
  9. "Metropolitan Police" auch auf meinem PC mit XP
    Plagegeister aller Art und deren Bekämpfung - 20.06.2011 (11)
  10. TR/Kazy.mekml.1 - jetzt auch auf meinem Rechner! :(
    Log-Analyse und Auswertung - 20.05.2011 (2)
  11. kazy.mekml.1 auch bei mir , ich bin auch dabei
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (13)
  12. Kann jemand anders über ein Backdoor Programm von meinem PC aus chatten? (auch mit meiner IP)
    Plagegeister aller Art und deren Bekämpfung - 13.01.2011 (11)
  13. TR/Shutdowner.fft bei mir auch Hilfe kopiert sich auch auf jede SDkarte mit ?
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (6)
  14. W32.Myzor.FK@yf auch auf meinem Rechner!!
    Log-Analyse und Auswertung - 22.10.2007 (1)
  15. auch ratlos hier ist auch mein logfile bitte helfen
    Mülltonne - 30.03.2006 (1)
  16. trojaner/wurm/spyware, was auch immer, es is aufm meinem pc
    Plagegeister aller Art und deren Bekämpfung - 14.11.2005 (3)
  17. tach auch könnt ihr auch hier ein auge drauf werfen
    Log-Analyse und Auswertung - 25.02.2005 (8)

Zum Thema Auch bei meinem PC klemmts.... - ...und auch ich hoffe, dass mir jemand hilft, den folgenden Log zu verstehen -- diverese Suchen haben mich Null weitergebracht. Und ich hoffe, dass ein testweise klicken auf "fix selected - Auch bei meinem PC klemmts.......
Archiv
Du betrachtest: Auch bei meinem PC klemmts.... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.