Trojaner-Board - Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe (https://www.trojaner-board.de/107359-trojaner-psw-generic-rdx-c-windows-system32-services-exe.html)

Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe

Hallo Liebe Foren-Gemeinde,

mein Großvater hat mir gestern seinen Rechner vorbeigebracht mit einem Problem, er sagte mir er könne nicht mehr Google verwenden und er würde langsam werden.
Es handelt sich um einen Windows XP Rechner mit Installiertem Service Pack 3. Das System ist ein 32 Bit System.

Nachdem ich nun den AVG Virenscanner im normalen Modus laufen lassen habe, hat dieser den Trojaner PSW.Generic.RDX gefunden. Und zwar einmal im RAM und einmal in der services.exe im System32 Ordner. Den im RAM konnte der AVG wohl entfernen, aber den im System32 Ordner wohl nicht.
Also habe ich das ganze noch einmal im Abgesicherten Modus wiederholt, dort hat er aber gar nicht erst etwas gefunden.
Als ich nun den Rechner wieder normal bootete, und AVG erneut Scannen lies (Zur Sicherheit) tauchte der Trojaner immernoch auf und nun noch zusätzlich in der iexplorer.exe

Gibt es eine Möglichkeit das System noch zu säubern oder komme ich um eine Neu-Installation nicht herum?

Habe euch auch die passenden Log Files mit geliefert.

Falls noch etwas gewünscht wird, sagt es ruhig :) Ich Danke schon einmal im Vorraus

OTL.txt

Code:

OTL logfile created on: 31.12.2011 18:33:16 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\xxxxxxx\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1015,17 Mb Total Physical Memory | 436,32 Mb Available Physical Memory | 42,98% Memory free

3,87 Gb Paging File | 3,43 Gb Available in Paging File | 88,62% Paging File free

Paging file location(s): C:\pagefile.sys 3048 4000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 137,04 Gb Total Space | 97,40 Gb Free Space | 71,08% Space Free | Partition Type: NTFS

 

Computer Name: LUFIFESKTOP | User Name: xxxxxxx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.12.31 18:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\OTL.exe

PRC - [2011.12.31 10:45:23 | 000,855,904 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

PRC - [2011.12.31 10:45:18 | 000,827,232 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe

PRC - [2011.11.14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\PC Tools Security\BDT\BDTUpdateService.exe

PRC - [2011.04.18 16:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe

PRC - [2011.04.18 16:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2011.03.28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgcsrvx.exe

PRC - [2011.03.16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgemcx.exe

PRC - [2011.03.16 15:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe

PRC - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe

PRC - [2011.02.08 04:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe

PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.12.31 10:45:23 | 000,855,904 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

MOD - [2011.12.31 10:45:18 | 000,827,232 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe

MOD - [2011.12.31 10:45:17 | 000,692,224 | ---- | M] () -- C:\Programme\AVG Secure Search\iGearedHelper.dll

MOD - [2011.11.14 16:06:56 | 000,108,496 | ---- | M] () -- C:\Programme\PC Tools Security\BDT\BSPatch.dll

MOD - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] --  -- (Norton Internet Security)

SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)

SRV - [2011.12.31 10:45:23 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)

SRV - [2011.11.22 19:41:50 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Security\pctsSvc.exe -- (sdCoreService)

SRV - [2011.11.22 18:20:06 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Security\pctsAuxs.exe -- (sdAuxService)

SRV - [2011.11.14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programme\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)

SRV - [2011.11.10 14:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2011.04.18 16:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2008.07.16 13:00:00 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)

SRV - [2008.05.05 23:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Programme\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2005.02.09 10:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Running] --  -- (xpsec)

DRV - File not found [Kernel | On_Demand | Running] --  -- (xcpip)

DRV - [2011.11.22 19:43:02 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)

DRV - [2011.11.22 19:42:40 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)

DRV - [2011.11.22 19:38:04 | 000,253,096 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)

DRV - [2011.11.14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)

DRV - [2011.10.07 17:52:12 | 000,660,992 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)

DRV - [2011.10.07 17:52:06 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)

DRV - [2011.09.28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)

DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011.04.14 20:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011.04.04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011.03.16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011.03.01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011.02.22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011.02.10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011.02.10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011.01.07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2009.03.23 13:06:52 | 000,130,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2009.02.20 08:45:28 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009.02.20 08:43:38 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009.02.20 08:42:26 | 005,030,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008.07.16 12:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)

DRV - [2008.04.13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)

DRV - [2007.01.04 08:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)

DRV - [2005.12.21 08:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)

DRV - [2005.12.21 08:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)

DRV - [2005.12.21 08:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)

DRV - [2003.07.24 11:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=0&o=xph&d=0510&m=el1600

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=0&o=xph&d=0510&m=el1600

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "about:blank|hxxp://www.google.de/"

FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bb02f40dc-6f5b-4343-b428-1843e8e01c8a%7D&mid=9dead1a333d9602cc6c0e745f9141804-ff410752225ab06f23d3680d7640feb22c7c4f1b&ds=AVG&v=9.0.0.18.1&lang=de&pr=fr&d=2011-12-31%2010%3A44%3A48&sap=ku&q="

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2011.09.01 12:26:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\9.0.0.18\ [2011.12.31 10:45:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Programme\PC Tools Security\BDT\Firefox\ [2011.12.31 14:03:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.10 09:32:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

 

[2010.05.21 08:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\Mozilla\Extensions

[2010.05.21 08:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com

[2011.09.10 09:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.12.31 10:45:42 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\AVG SECURE SEARCH\9.0.0.18

[2010.05.09 11:13:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011.12.31 14:03:39 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAMME\PC TOOLS SECURITY\BDT\FIREFOX

[2010.05.11 08:09:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011.09.03 07:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.12.31 10:45:16 | 000,003,766 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml

[2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Programme\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.05.09 13:06:40 | 000,000,087 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell - "" = AutoRun

O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell - "" = AutoRun

O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell - "" = AutoRun

O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

NetSvcs: 6to4 -  File not found

NetSvcs: AppMgmt -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - Services: "WTGService"

MsConfig - Services: "WMPNetworkSvc"

MsConfig - Services: "TomTomHOMEService"

MsConfig - Services: "RichVideo"

MsConfig - Services: "Pml Driver HPZ12"

MsConfig - Services: "PCLEPCI"

MsConfig - Services: "osppsvc"

MsConfig - Services: "ose"

MsConfig - Services: "Norton Internet Security"

MsConfig - Services: "JavaQuickStarterService"

MsConfig - Services: "GameConsoleService"

MsConfig - Services: "ETService"

MsConfig - Services: "!SASCORE"

MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^F1U201.401.lnk - C:\Programme\Belkin\F1U201.401\usbshare.exe - ()

MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)

MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Photosmart Premier – Schnellstart.lnk - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Development Company, L.P.)

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= -  File not found

MsConfig - StartUpReg: eRecoveryService - hkey= - key= -  File not found

MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found

MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found

MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()

MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)

MsConfig - StartUpReg: MSPY2002 - hkey= - key= -  File not found

MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found

MsConfig - StartUpReg: PHIME2002A - hkey= - key= -  File not found

MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= -  File not found

MsConfig - StartUpReg: Reminder - hkey= - key= - C:\Programme\Microsoft Money\System\REMINDER.EXE (Microsoft Corporation)

MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

MsConfig - StartUpReg: USB2Check - hkey= - key= -  File not found

MsConfig - StartUpReg: WarReg_PopUp - hkey= - key= - C:\Programme\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 2

MsConfig - State: "startup" - 2

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.12.31 18:26:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxxxx\Desktop\OTL.exe

[2011.12.31 14:26:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxxx\Lokale Einstellungen\Anwendungsdaten\Threat Expert

[2011.12.31 14:03:37 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys

[2011.12.31 14:03:36 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll

[2011.12.31 14:03:35 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll

[2011.12.31 14:03:35 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll

[2011.12.31 13:59:30 | 000,660,992 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys

[2011.12.31 13:59:30 | 000,341,656 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys

[2011.12.31 13:59:23 | 000,253,096 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys

[2011.12.31 13:58:53 | 000,331,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys

[2011.12.31 13:58:53 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys

[2011.12.31 13:58:35 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys

[2011.12.31 13:58:35 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys

[2011.12.31 13:58:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PC Tools Security

[2011.12.31 13:58:19 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys

[2011.12.31 13:58:00 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools

[2011.12.31 13:20:14 | 000,000,000 | ---D | C] -- C:\Programme\PC Tools Security

[2011.12.31 13:17:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools

[2011.12.31 10:54:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hitman Pro

[2011.12.31 10:53:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxxxxx\Eigene Dateien\Downloads

[2011.12.31 10:50:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\AVG Secure Search

[2011.12.31 10:45:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search

[2011.12.31 10:45:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search

[2011.12.31 10:45:16 | 000,000,000 | ---D | C] -- C:\Programme\AVG Secure Search

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.12.31 18:26:51 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\defogger_reenable

[2011.12.31 18:26:40 | 000,460,416 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2011.12.31 18:26:40 | 000,442,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011.12.31 18:26:40 | 000,085,618 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2011.12.31 18:26:40 | 000,072,102 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011.12.31 18:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\OTL.exe

[2011.12.31 18:21:26 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\Defogger.exe

[2011.12.31 18:21:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.12.31 18:21:14 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.31 18:21:14 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\53f5srff.exe

[2011.12.31 17:13:16 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BF366C04-092C-4F25-A053-9F7AEAA24F19}.job

[2011.12.31 14:27:09 | 000,001,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Tools Spyware Doctor mit Antivirus.lnk

[2011.12.31 13:59:58 | 000,600,874 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB

[2011.12.31 13:17:58 | 000,512,992 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\sdsetup_revwire207[1].exe

[2011.12.31 10:54:44 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2011.12.31 10:44:33 | 091,376,667 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011.12.31 10:25:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.12.25 18:26:26 | 000,000,041 | ---- | M] () -- C:\WINDOWS\MAHJONGG.INI

[2011.12.18 21:16:04 | 000,000,349 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PCLECHAL.INI

[2011.12.16 17:10:10 | 009,412,608 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\Meine Finanzen.mny

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.12.31 18:26:51 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\defogger_reenable

[2011.12.31 18:26:32 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\53f5srff.exe

[2011.12.31 18:26:21 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\Defogger.exe

[2011.12.31 18:21:14 | 1064,554,496 | -HS- | C] () -- C:\hiberfil.sys

[2011.12.31 14:27:08 | 000,001,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Tools Spyware Doctor mit Antivirus.lnk

[2011.12.31 14:03:36 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll

[2011.12.31 14:03:36 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip

[2011.12.31 14:03:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml

[2011.12.31 14:03:36 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml

[2011.12.31 14:03:36 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip

[2011.12.31 13:59:32 | 000,600,874 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB

[2011.12.31 13:17:59 | 000,512,992 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Desktop\sdsetup_revwire207[1].exe

[2011.12.31 10:54:44 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010.05.13 21:45:43 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll

[2010.05.13 15:56:07 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MAHJONGG.INI

[2010.05.13 15:52:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\stduser.ini

[2010.05.13 15:36:13 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.05.13 15:17:13 | 000,128,150 | ---- | C] () -- C:\WINDOWS\hpoins11.dat

[2010.05.10 17:15:59 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2010.05.10 17:15:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2010.05.10 17:15:57 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin

[2010.05.09 14:04:04 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini

[2010.05.09 13:23:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2010.05.09 13:10:32 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxxxxx\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2010.05.09 13:06:39 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll

[2010.05.09 13:06:39 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll

[2010.05.09 13:06:39 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll

[2010.05.09 13:06:39 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll

[2010.05.09 13:06:39 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll

[2010.05.09 10:46:59 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\INT15.dll

[2009.02.26 11:35:25 | 000,460,416 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2009.02.26 11:35:25 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2009.02.26 11:35:25 | 000,085,618 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2009.02.26 11:35:25 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2009.02.26 11:35:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2009.02.26 11:35:19 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2009.02.26 11:35:19 | 000,442,454 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2009.02.26 11:35:19 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2009.02.26 11:35:19 | 000,072,102 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2009.02.26 11:35:19 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2009.02.26 11:35:19 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2009.02.26 11:35:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2009.02.26 11:35:17 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2009.02.26 11:35:17 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2009.02.26 11:35:14 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2009.02.26 11:35:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2009.02.26 04:15:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009.02.26 03:07:07 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2009.02.26 03:04:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2009.02.26 02:53:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe

[2009.02.26 02:53:10 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009.02.26 02:52:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009.02.26 02:48:29 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009.02.26 02:47:17 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2009.02.26 02:43:47 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009.02.26 02:43:01 | 000,367,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007.04.20 01:28:30 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat

[2006.01.04 10:12:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2001.07.07 02:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

 
 ========== LOP Check ==========

 

[2011.12.31 10:45:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search

[2010.11.22 18:00:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar

[2010.11.22 17:38:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10

[2010.11.22 17:30:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9

[2010.11.22 17:38:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[2011.12.31 10:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hitman Pro

[2011.05.25 15:41:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

[2010.05.09 13:17:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle

[2010.05.09 13:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio

[2011.12.31 18:24:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp

[2010.05.21 08:58:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom

[2009.02.26 03:40:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WildTangent

[2011.12.31 10:50:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\AVG Secure Search

[2010.11.22 17:43:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\AVG10

[2010.05.09 12:21:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\OpenOffice.org

[2010.05.09 13:48:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\proDAD

[2010.05.21 08:58:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxxxxx\Anwendungsdaten\TomTom

[2011.12.31 17:13:16 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BF366C04-092C-4F25-A053-9F7AEAA24F19}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*.
 

 >

[2011.07.15 12:10:53 | 000,000,000 | -H-D | M] -- C:\$AVG

[2010.05.09 11:59:02 | 000,000,000 | ---D | M] -- C:\a46e3e7a20cc69a3039b15ac07

[2010.05.09 10:56:54 | 000,000,000 | -H-D | M] -- C:\ACER

[2010.05.09 10:56:48 | 000,000,000 | -H-D | M] -- C:\ACERSW

[2010.05.13 15:27:03 | 000,000,000 | ---D | M] -- C:\bin

[2009.02.26 03:09:39 | 000,000,000 | ---D | M] -- C:\Book

[2011.12.31 13:59:05 | 000,000,000 | -H-D | M] -- C:\Config.Msi

[2011.09.27 14:09:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen

[2008.09.11 08:23:36 | 000,000,000 | ---D | M] -- C:\DOTNETFX

[2011.09.10 09:30:48 | 000,000,000 | ---D | M] -- C:\Downloads

[2011.08.31 22:33:59 | 000,000,000 | ---D | M] -- C:\i386

[2009.02.26 02:58:04 | 000,000,000 | ---D | M] -- C:\Intel

[2010.06.14 17:37:06 | 000,000,000 | ---D | M] -- C:\Microsoft Money Sicherung

[2011.01.23 15:38:28 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2010.05.09 10:46:33 | 000,000,000 | ---D | M] -- C:\Program Files

[2011.12.31 13:20:14 | 000,000,000 | R--D | M] -- C:\Programme

[2010.05.09 11:12:16 | 000,000,000 | -HSD | M] -- C:\RECYCLER

[2011.12.31 13:59:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2008.09.11 08:23:33 | 000,000,000 | ---D | M] -- C:\VALUEADD

[2011.12.31 18:22:02 | 000,000,000 | ---D | M] -- C:\WINDOWS

 
 < %PROGRAMFILES%\*.exe
 

 >

 

Invalid Environment Variable: LOCALAPPDATA

 
 < %systemroot%\*. /mp /s
 

 >

 
 < %systemroot%\system32\*.manifest /3
 

 >

[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

 
 < MD5 for: AFD.SYS  >

[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\SoftwareDistribution\Download\43f8920a763d09a9c6404053368aa5ee\SP3GDR\afd.sys

[2008.04.14 13:00:00 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys

[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\system32\dllcache\afd.sys

[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\system32\drivers\afd.sys

[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys

[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys

[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys

[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys

[2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys

[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys

[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys

[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\SoftwareDistribution\Download\43f8920a763d09a9c6404053368aa5ee\SP3QFE\afd.sys

 
 < MD5 for: EXPLORER.EXE  >

[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe

[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe

 
 < MD5 for: IPSEC.SYS  >

[2008.04.14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys

[2008.04.14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys

 
 < MD5 for: REGEDIT.EXE  >

[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\i386\REGEDIT.EXE

[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe

[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe

[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe

[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs

 >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.06.06 12:35:26 | 001,859,072 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

 >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

 >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-09 11:47:58

 
 <  >

 
 <  >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 207 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:DFC5A2B2

@Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:430C6D84
 

< End of report >

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Es scheint auf jeden Fall schon etwas gebracht zu haben. Ich kann endlich wieder die Browser nutzen und nun auch die Logfiles direkt von dem Rechner hochladen.
Jedoch musste ich zwei Programme deinstallieren:
PC Tools und Browser Defender keine Ahnung was das beides war.

Ältere Logs von Malware Bytes hänge ich dir an.

Log Von Malware Bytes:

Code:

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.02.04
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Ludi :: LUFIFESKTOP [Administrator]
 

02.01.2012 20:34:23

mbam-log-2012-01-02 (20-34-23).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 270371

Laufzeit: 46 Minute(n), 47 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Temp\winlogon.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Temp\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Log von ESET Online Scanner

Code:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=7dbaae8f9584844ea28d730b8d1f8a11

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-02 10:40:30

# local_time=2012-01-02 11:40:30 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1031

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1032 16777189 100 95 9734 68705977 0 0

# compatibility_mode=8192 67108863 100 0 4238 4238 0 0

# scanned=104955

# found=0

# cleaned=0

# scan_time=5799

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hier der OTL-Log

Musste den Rechner 2 mal neubooten, weil er sich beim booten immer aufhing :(

Code:

OTL logfile created on: 03.01.2012 20:53:26 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Ludi\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1015,17 Mb Total Physical Memory | 476,75 Mb Available Physical Memory | 46,96% Memory free

3,87 Gb Paging File | 3,44 Gb Available in Paging File | 88,87% Paging File free

Paging file location(s): C:\pagefile.sys 3048 4000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 137,04 Gb Total Space | 95,77 Gb Free Space | 69,88% Space Free | Partition Type: NTFS

 

Computer Name: LUFIFESKTOP | User Name: Ludi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.12.31 18:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ludi\Desktop\OTL.exe

PRC - [2011.12.31 10:45:23 | 000,855,904 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

PRC - [2011.12.31 10:45:18 | 000,827,232 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe

PRC - [2011.09.10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe

PRC - [2011.09.09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgnsx.exe

PRC - [2011.08.18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe

PRC - [2011.08.18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2011.05.23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe

PRC - [2011.03.16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgemcx.exe

PRC - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe

PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.12.31 10:45:23 | 000,855,904 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

MOD - [2011.12.31 10:45:18 | 000,827,232 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe

MOD - [2011.12.31 10:45:17 | 000,692,224 | ---- | M] () -- C:\Programme\AVG Secure Search\iGearedHelper.dll

MOD - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] --  -- (Norton Internet Security)

SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)

SRV - [2011.12.31 10:45:23 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)

SRV - [2011.11.10 14:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011.08.18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2008.07.16 13:00:00 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)

SRV - [2008.05.05 23:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Programme\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2005.02.09 10:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Running] --  -- (xpsec)

DRV - File not found [Kernel | On_Demand | Running] --  -- (xcpip)

DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011.05.27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011.04.04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011.03.16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011.03.01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011.02.22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011.02.10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011.02.10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011.01.07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2009.03.23 13:06:52 | 000,130,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2009.02.20 08:45:28 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009.02.20 08:43:38 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009.02.20 08:42:26 | 005,030,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008.07.16 12:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)

DRV - [2008.04.13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)

DRV - [2007.01.04 08:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)

DRV - [2005.12.21 08:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)

DRV - [2005.12.21 08:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)

DRV - [2005.12.21 08:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)

DRV - [2003.07.24 11:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=0&o=xph&d=0510&m=el1600

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=0&o=xph&d=0510&m=el1600

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "about:blank|hxxp://www.google.de/"

FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bb02f40dc-6f5b-4343-b428-1843e8e01c8a%7D&mid=9dead1a333d9602cc6c0e745f9141804-ff410752225ab06f23d3680d7640feb22c7c4f1b&ds=AVG&v=9.0.0.18.1&lang=de&pr=fr&d=2011-12-31%2010%3A44%3A48&sap=ku&q="

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2012.01.03 09:13:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\9.0.0.18\ [2011.12.31 10:45:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.10 09:32:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

 

[2010.05.21 08:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Mozilla\Extensions

[2010.05.21 08:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com

[2011.09.10 09:32:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.12.31 10:45:42 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\AVG SECURE SEARCH\9.0.0.18

[2012.01.03 09:13:34 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAMME\AVG\AVG10\FIREFOX4

[2010.05.09 11:13:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010.05.11 08:09:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011.09.03 07:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.12.31 10:45:16 | 000,003,766 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml

[2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Programme\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7B70EA1-72BC-47CB-8B27-45B6C5ED70E8}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.05.09 13:06:40 | 000,000,087 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell - "" = AutoRun

O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell - "" = AutoRun

O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell - "" = AutoRun

O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: AppMgmt -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - Services: "WTGService"

MsConfig - Services: "WMPNetworkSvc"

MsConfig - Services: "TomTomHOMEService"

MsConfig - Services: "RichVideo"

MsConfig - Services: "Pml Driver HPZ12"

MsConfig - Services: "PCLEPCI"

MsConfig - Services: "osppsvc"

MsConfig - Services: "ose"

MsConfig - Services: "Norton Internet Security"

MsConfig - Services: "JavaQuickStarterService"

MsConfig - Services: "GameConsoleService"

MsConfig - Services: "ETService"

MsConfig - Services: "!SASCORE"

MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^F1U201.401.lnk - C:\Programme\Belkin\F1U201.401\usbshare.exe - ()

MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)

MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Photosmart Premier – Schnellstart.lnk - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Development Company, L.P.)

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= -  File not found

MsConfig - StartUpReg: eRecoveryService - hkey= - key= -  File not found

MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found

MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found

MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()

MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)

MsConfig - StartUpReg: MSPY2002 - hkey= - key= -  File not found

MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found

MsConfig - StartUpReg: PHIME2002A - hkey= - key= -  File not found

MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= -  File not found

MsConfig - StartUpReg: Reminder - hkey= - key= - C:\Programme\Microsoft Money\System\REMINDER.EXE (Microsoft Corporation)

MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

MsConfig - StartUpReg: USB2Check - hkey= - key= -  File not found

MsConfig - StartUpReg: WarReg_PopUp - hkey= - key= - C:\Programme\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 2

MsConfig - State: "startup" - 2

 

SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

SafeBootMin: AppMgmt -  File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

SafeBootNet: AppMgmt -  File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: hitmanpro35 - Reg Error: Value error.

SafeBootNet: hitmanpro35.sys - Reg Error: Value error.

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.02 21:53:15 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2011.12.31 18:26:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ludi\Desktop\OTL.exe

[2011.12.31 14:26:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\Threat Expert

[2011.12.31 13:20:14 | 000,000,000 | ---D | C] -- C:\Programme\PC Tools Security

[2011.12.31 13:17:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools

[2011.12.31 10:54:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hitman Pro

[2011.12.31 10:53:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ludi\Eigene Dateien\Downloads

[2011.12.31 10:50:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\AVG Secure Search

[2011.12.31 10:45:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search

[2011.12.31 10:45:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search

[2011.12.31 10:45:16 | 000,000,000 | ---D | C] -- C:\Programme\AVG Secure Search

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.03 20:55:44 | 142,155,899 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2012.01.03 20:54:56 | 000,460,416 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.01.03 20:54:56 | 000,442,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.01.03 20:54:56 | 000,085,618 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.01.03 20:54:56 | 000,072,102 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.01.03 20:53:08 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BF366C04-092C-4F25-A053-9F7AEAA24F19}.job

[2012.01.03 20:48:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.01.03 20:48:23 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.03 09:13:35 | 000,000,688 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2011.lnk

[2012.01.02 16:35:58 | 000,000,758 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.02 16:33:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.01.02 16:33:47 | 000,367,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.01.01 00:10:35 | 000,608,848 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB

[2012.01.01 00:10:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011.12.31 18:26:51 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\defogger_reenable

[2011.12.31 18:21:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ludi\Desktop\OTL.exe

[2011.12.31 18:21:26 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\Defogger.exe

[2011.12.31 18:21:14 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\53f5srff.exe

[2011.12.31 14:27:09 | 000,001,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Tools Spyware Doctor mit Antivirus.lnk

[2011.12.31 13:17:58 | 000,512,992 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\sdsetup_revwire207[1].exe

[2011.12.31 10:54:44 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2011.12.25 18:26:26 | 000,000,041 | ---- | M] () -- C:\WINDOWS\MAHJONGG.INI

[2011.12.18 21:16:04 | 000,000,349 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PCLECHAL.INI

[2011.12.16 17:10:10 | 009,412,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\Meine Finanzen.mny

[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.01.02 16:35:58 | 000,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2011.12.31 18:26:51 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\defogger_reenable

[2011.12.31 18:26:32 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\53f5srff.exe

[2011.12.31 18:26:21 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\Defogger.exe

[2011.12.31 18:21:14 | 1064,554,496 | -HS- | C] () -- C:\hiberfil.sys

[2011.12.31 14:27:08 | 000,001,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Tools Spyware Doctor mit Antivirus.lnk

[2011.12.31 13:59:32 | 000,608,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB

[2011.12.31 13:17:59 | 000,512,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Desktop\sdsetup_revwire207[1].exe

[2011.12.31 10:54:44 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010.05.13 21:45:43 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll

[2010.05.13 15:56:07 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MAHJONGG.INI

[2010.05.13 15:52:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\stduser.ini

[2010.05.13 15:36:13 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.05.13 15:17:13 | 000,128,150 | ---- | C] () -- C:\WINDOWS\hpoins11.dat

[2010.05.10 17:15:59 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2010.05.10 17:15:59 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2010.05.10 17:15:57 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin

[2010.05.09 14:04:04 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini

[2010.05.09 13:23:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2010.05.09 13:10:32 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2010.05.09 13:06:39 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll

[2010.05.09 13:06:39 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll

[2010.05.09 13:06:39 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll

[2010.05.09 13:06:39 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll

[2010.05.09 13:06:39 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll

[2010.05.09 10:46:59 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\INT15.dll

[2009.02.26 11:35:25 | 000,460,416 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2009.02.26 11:35:25 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2009.02.26 11:35:25 | 000,085,618 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2009.02.26 11:35:25 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2009.02.26 11:35:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2009.02.26 11:35:19 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2009.02.26 11:35:19 | 000,442,454 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2009.02.26 11:35:19 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2009.02.26 11:35:19 | 000,072,102 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2009.02.26 11:35:19 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2009.02.26 11:35:19 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2009.02.26 11:35:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2009.02.26 11:35:17 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2009.02.26 11:35:17 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2009.02.26 11:35:14 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2009.02.26 11:35:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2009.02.26 04:15:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009.02.26 03:07:07 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2009.02.26 03:04:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2009.02.26 02:53:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe

[2009.02.26 02:53:10 | 000,007,492 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009.02.26 02:52:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009.02.26 02:48:29 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009.02.26 02:47:17 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2009.02.26 02:43:47 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009.02.26 02:43:01 | 000,367,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007.04.20 01:28:30 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat

[2006.01.04 10:12:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2001.07.07 02:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

 
 ========== LOP Check ==========

 

[2011.12.31 10:45:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search

[2010.11.22 18:00:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar

[2010.11.22 17:38:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10

[2010.11.22 17:30:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9

[2010.11.22 17:38:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[2011.12.31 10:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hitman Pro

[2011.05.25 15:41:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData

[2010.05.09 13:17:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle

[2010.05.09 13:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio

[2012.01.02 21:55:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp

[2010.05.21 08:58:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom

[2009.02.26 03:40:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WildTangent

[2011.12.31 10:50:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\AVG Secure Search

[2010.11.22 17:43:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\AVG10

[2010.05.09 12:21:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\OpenOffice.org

[2010.05.09 13:48:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\proDAD

[2010.05.21 08:58:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\TomTom

[2012.01.03 20:53:08 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BF366C04-092C-4F25-A053-9F7AEAA24F19}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.05.09 14:14:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Adobe

[2011.12.31 10:50:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\AVG Secure Search

[2010.11.22 17:43:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\AVG10

[2010.05.13 21:45:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\CyberLink

[2010.05.13 19:41:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Help

[2010.06.15 16:21:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\HP

[2011.08.31 18:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\HpUpdate

[2009.02.26 02:53:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Identities

[2009.02.26 03:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\InstallShield

[2010.05.09 11:11:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Macromedia

[2011.09.09 13:10:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Malwarebytes

[2011.09.09 09:48:26 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Microsoft

[2011.09.10 09:37:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Mozilla

[2010.05.09 12:21:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\OpenOffice.org

[2010.05.09 13:48:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\proDAD

[2009.02.26 03:18:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Sun

[2011.09.09 13:09:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\SUPERAntiSpyware.com

[2010.05.21 08:58:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\TomTom

[2011.09.12 13:38:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\U3

 
 < %APPDATA%\*.exe /s >

[2011.07.21 11:22:17 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\Microsoft\Installer\{069730C2-755A-485B-A205-27A1AAFA836A}\ARPPRODUCTICON.exe

[2006.05.24 12:36:38 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Ludi\Anwendungsdaten\U3\temp\cleanup.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys

[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys

[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

 
 < MD5 for: ATAPI.SYS  >

[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys

[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll

[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll

[2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll

[2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe

[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe

[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2009.02.26 03:42:43 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2009.02.26 03:42:43 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2009.02.26 03:42:43 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:430C6D84

@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:DFC5A2B2
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

SRV - File not found [Disabled | Stopped] --  -- (Norton Internet Security)

DRV - File not found [Kernel | On_Demand | Running] --  -- (xpsec)

DRV - File not found [Kernel | On_Demand | Running] --  -- (xcpip)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=0&o=xph&d=0510&m=el1600

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=0&o=xph&d=0510&m=el1600

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.05.09 13:06:40 | 000,000,087 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell - "" = AutoRun

O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell - "" = AutoRun

O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell - "" = AutoRun

O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\Shell\AutoRun\command - "" = E:\AutoRun.exe

@Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:430C6D84

@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:DFC5A2B2

:Files

C:\WINDOWS\jestertb.dll

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

OTL hat einen Reboot gemacht, leider hat sich danach Windows komplett aufgehängt so das ich den PC beim Booten neubooten musste, folgender Log kamdann:

Code:

All processes killed

========== OTL ==========

Service Norton Internet Security stopped successfully!

Service Norton Internet Security deleted successfully!

Error: Unable to stop service xpsec!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xpsec deleted successfully.

Error: Unable to stop service xcpip!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xcpip deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.

C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\AUTOEXEC.BAT moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fd8ce11-5c4d-11df-b26e-00251155e8cd}\ not found.

File E:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca758172-b35a-11df-b2ad-00146cec8b46}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca758172-b35a-11df-b2ad-00146cec8b46}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca758172-b35a-11df-b2ad-00146cec8b46}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca758172-b35a-11df-b2ad-00146cec8b46}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca758175-b35a-11df-b2ad-00146cec8b46}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca758175-b35a-11df-b2ad-00146cec8b46}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca758175-b35a-11df-b2ad-00146cec8b46}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca758175-b35a-11df-b2ad-00146cec8b46}\ not found.

File E:\AutoRun.exe not found.

ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:430C6D84 deleted successfully.

ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:DFC5A2B2 deleted successfully.

========== FILES ==========

C:\WINDOWS\jestertb.dll moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 8024639 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 1256858 bytes

 

User: Ludi

->Temp folder emptied: 1096587558 bytes

->Temporary Internet Files folder emptied: 16510736 bytes

->Java cache emptied: 904233 bytes

->FireFox cache emptied: 40785959 bytes

->Flash cache emptied: 470 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33237 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 21792647 bytes

%systemroot%\System32\dllcache .tmp files removed: 999424 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 13892792 bytes

RecycleBin emptied: 109227633 bytes

 

Total Files Cleaned = 1.249,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 01042012_224917
 

Files\Folders moved on Reboot...

C:\WINDOWS\temp\1ea9eb89 moved successfully.

C:\WINDOWS\temp\7a3e4688 moved successfully.

C:\WINDOWS\temp\aee07271 moved successfully.

C:\WINDOWS\temp\e441a9f3 moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Scan ohne zu löschen ausgeführt, Log ist hier:

Code:

14:38:06.0562 3744        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

14:38:08.0343 3744        ============================================================

14:38:08.0343 3744        Current date / time: 2012/01/05 14:38:08.0343

14:38:08.0343 3744        SystemInfo:

14:38:08.0343 3744        

14:38:08.0343 3744        OS Version: 5.1.2600 ServicePack: 3.0

14:38:08.0343 3744        Product type: Workstation

14:38:08.0343 3744        ComputerName: LUFIFESKTOP

14:38:08.0343 3744        UserName: Ludi

14:38:08.0343 3744        Windows directory: C:\WINDOWS

14:38:08.0343 3744        System windows directory: C:\WINDOWS

14:38:08.0343 3744        Processor architecture: Intel x86

14:38:08.0343 3744        Number of processors: 2

14:38:08.0343 3744        Page size: 0x1000

14:38:08.0343 3744        Boot type: Normal boot

14:38:08.0343 3744        ============================================================

14:38:10.0203 3744        Initialize success

14:38:28.0625 2332        ============================================================

14:38:28.0625 2332        Scan started

14:38:28.0625 2332        Mode: Manual; SigCheck; TDLFS; 

14:38:28.0625 2332        ============================================================

14:38:28.0921 2332        Abiosdsk - ok

14:38:28.0984 2332        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

14:38:29.0296 2332        abp480n5 - ok

14:38:29.0421 2332        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

14:38:29.0656 2332        ACPI - ok

14:38:29.0687 2332        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

14:38:29.0890 2332        ACPIEC - ok

14:38:30.0046 2332        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

14:38:30.0265 2332        adpu160m - ok

14:38:30.0312 2332        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

14:38:30.0531 2332        aec - ok

14:38:30.0890 2332        AegisP          (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

14:38:30.0906 2332        AegisP ( UnsignedFile.Multi.Generic ) - warning

14:38:30.0906 2332        AegisP - detected UnsignedFile.Multi.Generic (1)

14:38:31.0078 2332        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

14:38:31.0203 2332        AFD - ok

14:38:31.0250 2332        agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

14:38:31.0453 2332        agp440 - ok

14:38:31.0578 2332        agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

14:38:31.0796 2332        agpCPQ - ok

14:38:31.0812 2332        Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

14:38:31.0906 2332        Aha154x - ok

14:38:31.0937 2332        aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

14:38:32.0156 2332        aic78u2 - ok

14:38:32.0281 2332        aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

14:38:32.0515 2332        aic78xx - ok

14:38:32.0546 2332        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

14:38:32.0765 2332        AliIde - ok

14:38:32.0781 2332        alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

14:38:33.0000 2332        alim1541 - ok

14:38:33.0187 2332        Ambfilt         (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys

14:38:33.0312 2332        Ambfilt - ok

14:38:33.0453 2332        amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

14:38:33.0687 2332        amdagp - ok

14:38:33.0718 2332        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

14:38:33.0812 2332        amsint - ok

14:38:33.0968 2332        asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

14:38:34.0187 2332        asc - ok

14:38:34.0218 2332        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

14:38:34.0328 2332        asc3350p - ok

14:38:34.0468 2332        asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

14:38:34.0703 2332        asc3550 - ok

14:38:34.0750 2332        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

14:38:34.0953 2332        AsyncMac - ok

14:38:35.0000 2332        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

14:38:35.0281 2332        atapi - ok

14:38:35.0390 2332        Atdisk - ok

14:38:35.0453 2332        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

14:38:35.0781 2332        Atmarpc - ok

14:38:35.0953 2332        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

14:38:36.0156 2332        audstub - ok

14:38:36.0234 2332        AVGIDSDriver    (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

14:38:36.0312 2332        AVGIDSDriver - ok

14:38:36.0375 2332        AVGIDSEH        (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

14:38:36.0390 2332        AVGIDSEH - ok

14:38:36.0531 2332        AVGIDSFilter    (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

14:38:36.0546 2332        AVGIDSFilter - ok

14:38:36.0609 2332        AVGIDSShim      (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

14:38:36.0656 2332        AVGIDSShim - ok

14:38:36.0718 2332        Avgldx86        (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

14:38:36.0750 2332        Avgldx86 - ok

14:38:36.0875 2332        Avgmfx86        (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

14:38:36.0906 2332        Avgmfx86 - ok

14:38:36.0921 2332        Avgrkx86        (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

14:38:36.0953 2332        Avgrkx86 - ok

14:38:37.0000 2332        Avgtdix         (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

14:38:37.0031 2332        Avgtdix - ok

14:38:37.0109 2332        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

14:38:37.0312 2332        Beep - ok

14:38:37.0468 2332        cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

14:38:37.0687 2332        cbidf - ok

14:38:37.0703 2332        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

14:38:37.0921 2332        cbidf2k - ok

14:38:37.0953 2332        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

14:38:38.0171 2332        CCDECODE - ok

14:38:38.0312 2332        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

14:38:38.0421 2332        cd20xrnt - ok

14:38:38.0468 2332        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

14:38:38.0671 2332        Cdaudio - ok

14:38:38.0828 2332        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

14:38:39.0062 2332        Cdfs - ok

14:38:39.0109 2332        Cdrom           (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

14:38:39.0140 2332        Cdrom - ok

14:38:39.0265 2332        Changer - ok

14:38:39.0328 2332        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys

14:38:39.0546 2332        CmdIde - ok

14:38:39.0593 2332        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

14:38:39.0812 2332        Cpqarray - ok

14:38:39.0984 2332        dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

14:38:40.0203 2332        dac2w2k - ok

14:38:40.0218 2332        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

14:38:40.0437 2332        dac960nt - ok

14:38:40.0609 2332        DCamUSBEMPIA    (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys

14:38:40.0671 2332        DCamUSBEMPIA - ok

14:38:40.0734 2332        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

14:38:40.0953 2332        Disk - ok

14:38:41.0140 2332        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

14:38:41.0406 2332        dmboot - ok

14:38:41.0546 2332        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

14:38:41.0781 2332        dmio - ok

14:38:41.0812 2332        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

14:38:42.0031 2332        dmload - ok

14:38:42.0203 2332        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

14:38:42.0421 2332        DMusic - ok

14:38:42.0468 2332        DNINDIS5        (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS

14:38:42.0484 2332        DNINDIS5 ( UnsignedFile.Multi.Generic ) - warning

14:38:42.0484 2332        DNINDIS5 - detected UnsignedFile.Multi.Generic (1)

14:38:42.0656 2332        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

14:38:42.0875 2332        dpti2o - ok

14:38:42.0921 2332        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

14:38:43.0125 2332        drmkaud - ok

14:38:43.0312 2332        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

14:38:43.0546 2332        Fastfat - ok

14:38:43.0609 2332        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

14:38:43.0875 2332        Fdc - ok

14:38:44.0031 2332        FiltUSBEMPIA    (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys

14:38:44.0078 2332        FiltUSBEMPIA - ok

14:38:44.0125 2332        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

14:38:44.0359 2332        Fips - ok

14:38:44.0515 2332        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

14:38:44.0734 2332        Flpydisk - ok

14:38:44.0796 2332        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

14:38:45.0046 2332        FltMgr - ok

14:38:45.0218 2332        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

14:38:45.0437 2332        Fs_Rec - ok

14:38:45.0453 2332        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

14:38:45.0687 2332        Ftdisk - ok

14:38:45.0859 2332        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

14:38:46.0078 2332        Gpc - ok

14:38:46.0125 2332        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

14:38:46.0375 2332        HDAudBus - ok

14:38:46.0546 2332        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

14:38:46.0765 2332        hidusb - ok

14:38:46.0796 2332        hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

14:38:47.0015 2332        hpn - ok

14:38:47.0171 2332        HPZid412        (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

14:38:47.0234 2332        HPZid412 - ok

14:38:47.0265 2332        HPZipr12        (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

14:38:47.0312 2332        HPZipr12 - ok

14:38:47.0468 2332        HPZius12        (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

14:38:47.0531 2332        HPZius12 - ok

14:38:47.0593 2332        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

14:38:47.0656 2332        HTTP - ok

14:38:47.0781 2332        hwdatacard - ok

14:38:47.0843 2332        i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

14:38:48.0062 2332        i2omgmt - ok

14:38:48.0078 2332        i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

14:38:48.0312 2332        i2omp - ok

14:38:48.0453 2332        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

14:38:48.0687 2332        i8042prt - ok

14:38:48.0921 2332        ialm            (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

14:38:49.0218 2332        ialm - ok

14:38:49.0406 2332        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

14:38:49.0625 2332        Imapi - ok

14:38:49.0687 2332        ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

14:38:49.0921 2332        ini910u - ok

14:38:50.0093 2332        int15           (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\WINDOWS\system32\drivers\int15.sys

14:38:50.0125 2332        int15 - ok

14:38:50.0140 2332        int15.sys - ok

14:38:50.0328 2332        IntcAzAudAddService (f9bb9063a6557098dbaf7396e026c922) C:\WINDOWS\system32\drivers\RtkHDAud.sys

14:38:50.0593 2332        IntcAzAudAddService - ok

14:38:50.0750 2332        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys

14:38:51.0000 2332        IntelIde - ok

14:38:51.0250 2332        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

14:38:51.0468 2332        intelppm - ok

14:38:51.0500 2332        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

14:38:51.0718 2332        Ip6Fw - ok

14:38:51.0859 2332        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

14:38:52.0078 2332        IpFilterDriver - ok

14:38:52.0109 2332        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

14:38:52.0343 2332        IpInIp - ok

14:38:52.0515 2332        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

14:38:52.0734 2332        IpNat - ok

14:38:52.0750 2332        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

14:38:52.0968 2332        IPSec - ok

14:38:53.0000 2332        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

14:38:53.0109 2332        IRENUM - ok

14:38:53.0281 2332        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

14:38:53.0484 2332        isapnp - ok

14:38:53.0515 2332        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

14:38:53.0734 2332        Kbdclass - ok

14:38:53.0781 2332        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

14:38:54.0000 2332        kbdhid - ok

14:38:54.0187 2332        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

14:38:54.0453 2332        kmixer - ok

14:38:54.0500 2332        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

14:38:54.0546 2332        KSecDD - ok

14:38:54.0671 2332        lbrtfdc - ok

14:38:54.0781 2332        MarvinBus       (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys

14:38:54.0812 2332        MarvinBus ( UnsignedFile.Multi.Generic ) - warning

14:38:54.0812 2332        MarvinBus - detected UnsignedFile.Multi.Generic (1)

14:38:55.0093 2332        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

14:38:55.0359 2332        mnmdd - ok

14:38:55.0687 2332        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

14:38:55.0953 2332        Modem - ok

14:38:56.0468 2332        Monfilt         (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys

14:38:56.0625 2332        Monfilt - ok

14:38:56.0968 2332        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

14:38:57.0203 2332        Mouclass - ok

14:38:57.0312 2332        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

14:38:57.0531 2332        mouhid - ok

14:38:57.0593 2332        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

14:38:57.0812 2332        MountMgr - ok

14:38:57.0906 2332        MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

14:38:58.0125 2332        MPE - ok

14:38:58.0171 2332        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

14:38:58.0406 2332        mraid35x - ok

14:38:58.0468 2332        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

14:38:58.0687 2332        MRxDAV - ok

14:38:58.0734 2332        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

14:38:58.0796 2332        MRxSmb - ok

14:38:58.0921 2332        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

14:38:59.0156 2332        Msfs - ok

14:38:59.0187 2332        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

14:38:59.0406 2332        MSKSSRV - ok

14:38:59.0500 2332        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

14:38:59.0718 2332        MSPCLOCK - ok

14:38:59.0734 2332        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

14:38:59.0968 2332        MSPQM - ok

14:39:00.0140 2332        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

14:39:00.0343 2332        mssmbios - ok

14:39:00.0390 2332        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

14:39:00.0609 2332        MSTEE - ok

14:39:00.0781 2332        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

14:39:00.0828 2332        Mup - ok

14:39:00.0875 2332        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

14:39:01.0093 2332        NABTSFEC - ok

14:39:01.0171 2332        NAVENG - ok

14:39:01.0171 2332        NAVEX15 - ok

14:39:01.0343 2332        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

14:39:01.0843 2332        NDIS - ok

14:39:02.0000 2332        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

14:39:02.0218 2332        NdisIP - ok

14:39:02.0250 2332        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

14:39:02.0296 2332        NdisTapi - ok

14:39:02.0468 2332        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

14:39:02.0703 2332        Ndisuio - ok

14:39:02.0765 2332        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

14:39:02.0968 2332        NdisWan - ok

14:39:03.0265 2332        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

14:39:03.0343 2332        NDProxy - ok

14:39:03.0515 2332        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

14:39:03.0734 2332        NetBIOS - ok

14:39:03.0781 2332        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

14:39:03.0984 2332        NetBT - ok

14:39:04.0031 2332        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

14:39:04.0281 2332        Npfs - ok

14:39:04.0468 2332        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

14:39:04.0687 2332        Ntfs - ok

14:39:04.0750 2332        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

14:39:04.0953 2332        Null - ok

14:39:05.0093 2332        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

14:39:05.0328 2332        NwlnkFlt - ok

14:39:05.0343 2332        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

14:39:05.0562 2332        NwlnkFwd - ok

14:39:05.0609 2332        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

14:39:05.0859 2332        Parport - ok

14:39:06.0031 2332        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

14:39:06.0250 2332        PartMgr - ok

14:39:06.0296 2332        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

14:39:06.0531 2332        ParVdm - ok

14:39:06.0781 2332        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

14:39:07.0015 2332        PCI - ok

14:39:07.0015 2332        PCIDump - ok

14:39:07.0031 2332        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

14:39:07.0250 2332        PCIIde - ok

14:39:07.0312 2332        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

14:39:07.0531 2332        Pcmcia - ok

14:39:07.0656 2332        PDCOMP - ok

14:39:07.0671 2332        PDFRAME - ok

14:39:07.0687 2332        PDRELI - ok

14:39:07.0703 2332        PDRFRAME - ok

14:39:07.0765 2332        perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

14:39:07.0984 2332        perc2 - ok

14:39:08.0015 2332        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

14:39:08.0234 2332        perc2hib - ok

14:39:08.0453 2332        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

14:39:08.0671 2332        PptpMiniport - ok

14:39:08.0687 2332        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

14:39:08.0921 2332        PSched - ok

14:39:08.0921 2332        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

14:39:09.0156 2332        Ptilink - ok

14:39:09.0312 2332        PxHelp20        (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys

14:39:09.0343 2332        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

14:39:09.0343 2332        PxHelp20 - detected UnsignedFile.Multi.Generic (1)

14:39:09.0406 2332        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

14:39:09.0609 2332        ql1080 - ok

14:39:09.0890 2332        Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

14:39:10.0265 2332        Ql10wnt - ok

14:39:10.0453 2332        ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

14:39:10.0750 2332        ql12160 - ok

14:39:10.0765 2332        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

14:39:11.0062 2332        ql1240 - ok

14:39:11.0343 2332        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

14:39:11.0984 2332        ql1280 - ok

14:39:12.0062 2332        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

14:39:12.0390 2332        RasAcd - ok

14:39:12.0578 2332        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

14:39:12.0937 2332        Rasl2tp - ok

14:39:12.0968 2332        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

14:39:13.0328 2332        RasPppoe - ok

14:39:13.0500 2332        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

14:39:14.0281 2332        Raspti - ok

14:39:14.0546 2332        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

14:39:14.0796 2332        Rdbss - ok

14:39:14.0968 2332        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

14:39:15.0187 2332        RDPCDD - ok

14:39:15.0234 2332        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

14:39:15.0453 2332        rdpdr - ok

14:39:15.0640 2332        RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

14:39:15.0734 2332        RDPWD - ok

14:39:15.0906 2332        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

14:39:16.0125 2332        redbook - ok

14:39:16.0218 2332        RTLE8023xp      (20f8e21af426bf61881981452b3c3370) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

14:39:16.0312 2332        RTLE8023xp - ok

14:39:16.0468 2332        SASDIFSV        (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS

14:39:16.0500 2332        SASDIFSV - ok

14:39:16.0531 2332        SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS

14:39:16.0562 2332        SASKUTIL - ok

14:39:16.0718 2332        ScanUSBEMPIA    (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys

14:39:16.0765 2332        ScanUSBEMPIA - ok

14:39:16.0828 2332        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

14:39:16.0953 2332        Secdrv - ok

14:39:17.0078 2332        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

14:39:17.0296 2332        serenum - ok

14:39:17.0328 2332        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

14:39:17.0562 2332        Serial - ok

14:39:17.0656 2332        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

14:39:17.0906 2332        Sfloppy - ok

14:39:18.0046 2332        Simbad - ok

14:39:18.0140 2332        sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

14:39:18.0375 2332        sisagp - ok

14:39:18.0718 2332        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

14:39:18.0968 2332        SLIP - ok

14:39:19.0156 2332        SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

14:39:19.0984 2332        SONYPVU1 - ok

14:39:20.0093 2332        Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

14:39:20.0218 2332        Sparrow - ok

14:39:20.0265 2332        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

14:39:20.0468 2332        splitter - ok

14:39:20.0593 2332        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

14:39:20.0750 2332        sr - ok

14:39:20.0875 2332        SRTSP - ok

14:39:20.0890 2332        SRTSPX - ok

14:39:20.0968 2332        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

14:39:21.0046 2332        Srv - ok

14:39:21.0218 2332        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

14:39:21.0437 2332        streamip - ok

14:39:21.0484 2332        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

14:39:21.0703 2332        swenum - ok

14:39:21.0843 2332        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

14:39:22.0078 2332        swmidi - ok

14:39:22.0140 2332        symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

14:39:22.0343 2332        symc810 - ok

14:39:22.0593 2332        symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

14:39:22.0812 2332        symc8xx - ok

14:39:22.0859 2332        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

14:39:23.0078 2332        sym_hi - ok

14:39:23.0218 2332        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

14:39:23.0421 2332        sym_u3 - ok

14:39:23.0468 2332        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

14:39:23.0703 2332        sysaudio - ok

14:39:23.0890 2332        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

14:39:23.0968 2332        Tcpip - ok

14:39:24.0000 2332        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

14:39:24.0203 2332        TDPIPE - ok

14:39:24.0328 2332        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

14:39:24.0546 2332        TDTCP - ok

14:39:24.0578 2332        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

14:39:24.0781 2332        TermDD - ok

14:39:24.0859 2332        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys

14:39:25.0062 2332        TosIde - ok

14:39:25.0218 2332        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

14:39:25.0453 2332        Udfs - ok

14:39:25.0500 2332        ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

14:39:25.0609 2332        ultra - ok

14:39:25.0750 2332        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

14:39:25.0968 2332        Update - ok

14:39:26.0031 2332        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

14:39:26.0265 2332        usbaudio - ok

14:39:26.0437 2332        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

14:39:26.0656 2332        usbccgp - ok

14:39:26.0703 2332        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

14:39:26.0937 2332        usbehci - ok

14:39:27.0046 2332        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

14:39:27.0265 2332        usbhub - ok

14:39:27.0359 2332        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

14:39:27.0593 2332        usbprint - ok

14:39:27.0640 2332        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

14:39:27.0859 2332        usbscan - ok

14:39:27.0953 2332        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

14:39:28.0171 2332        USBSTOR - ok

14:39:28.0359 2332        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

14:39:28.0593 2332        usbuhci - ok

14:39:28.0609 2332        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

14:39:28.0828 2332        VgaSave - ok

14:39:28.0859 2332        viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

14:39:29.0078 2332        viaagp - ok

14:39:29.0234 2332        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

14:39:29.0453 2332        ViaIde - ok

14:39:29.0484 2332        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

14:39:29.0703 2332        VolSnap - ok

14:39:29.0937 2332        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

14:39:30.0156 2332        Wanarp - ok

14:39:30.0156 2332        WDICA - ok

14:39:30.0203 2332        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

14:39:30.0421 2332        wdmaud - ok

14:39:30.0625 2332        WPN111 - ok

14:39:30.0703 2332        WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

14:39:30.0890 2332        WS2IFSL - ok

14:39:31.0125 2332        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

14:39:31.0343 2332        WSTCODEC - ok

14:39:31.0390 2332        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

14:39:31.0453 2332        WudfPf - ok

14:39:31.0609 2332        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

14:39:31.0671 2332        WudfRd - ok

14:39:31.0703 2332        xcpip - ok

14:39:31.0718 2332        xpsec - ok

14:39:31.0781 2332        MBR (0x1B8)     (199d66d15be31321331253788f490d3d) \Device\Harddisk0\DR0

14:39:31.0781 2332        \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected

14:39:31.0781 2332        \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)

14:39:31.0921 2332        Boot (0x1200)   (0d6367f75c725cbc0527cd41a14a9f16) \Device\Harddisk0\DR0\Partition0

14:39:31.0921 2332        \Device\Harddisk0\DR0\Partition0 - ok

14:39:31.0921 2332        ============================================================

14:39:31.0921 2332        Scan finished

14:39:31.0921 2332        ============================================================

14:39:32.0046 2124        Detected object count: 5

14:39:32.0046 2124        Actual detected object count: 5

14:39:48.0203 2124        AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

14:39:48.0203 2124        AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:39:48.0203 2124        DNINDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user

14:39:48.0203 2124        DNINDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:39:48.0203 2124        MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user

14:39:48.0203 2124        MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:39:48.0218 2124        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

14:39:48.0218 2124        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:39:48.0218 2124        \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - skipped by user

14:39:48.0218 2124        \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Skip

Zitat:

14:39:48.0218 2124 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - skipped by user
14:39:48.0218 2124 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Skip

Sinowal bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

Neugestartet und neuen Log erstellt.

Code:

19:29:31.0375 3960        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

19:29:33.0390 3960        ============================================================

19:29:33.0390 3960        Current date / time: 2012/01/05 19:29:33.0390

19:29:33.0390 3960        SystemInfo:

19:29:33.0390 3960        

19:29:33.0390 3960        OS Version: 5.1.2600 ServicePack: 3.0

19:29:33.0390 3960        Product type: Workstation

19:29:33.0609 3960        ComputerName: LUFIFESKTOP

19:29:33.0609 3960        UserName: Ludi

19:29:33.0609 3960        Windows directory: C:\WINDOWS

19:29:33.0609 3960        System windows directory: C:\WINDOWS

19:29:33.0609 3960        Processor architecture: Intel x86

19:29:33.0609 3960        Number of processors: 2

19:29:33.0609 3960        Page size: 0x1000

19:29:33.0609 3960        Boot type: Normal boot

19:29:33.0609 3960        ============================================================

19:29:35.0953 3960        Initialize success

19:29:52.0921 1824        ============================================================

19:29:52.0921 1824        Scan started

19:29:52.0921 1824        Mode: Manual; SigCheck; TDLFS; 

19:29:52.0921 1824        ============================================================

19:29:54.0312 1824        Abiosdsk - ok

19:29:54.0843 1824        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

19:30:01.0171 1824        abp480n5 - ok

19:30:01.0468 1824        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

19:30:01.0953 1824        ACPI - ok

19:30:02.0406 1824        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

19:30:02.0812 1824        ACPIEC - ok

19:30:03.0171 1824        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

19:30:03.0625 1824        adpu160m - ok

19:30:03.0906 1824        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

19:30:04.0218 1824        aec - ok

19:30:04.0421 1824        AegisP          (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

19:30:04.0453 1824        AegisP ( UnsignedFile.Multi.Generic ) - warning

19:30:04.0453 1824        AegisP - detected UnsignedFile.Multi.Generic (1)

19:30:04.0578 1824        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

19:30:04.0656 1824        AFD - ok

19:30:04.0718 1824        agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

19:30:04.0937 1824        agp440 - ok

19:30:05.0046 1824        agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

19:30:05.0265 1824        agpCPQ - ok

19:30:05.0312 1824        Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

19:30:05.0421 1824        Aha154x - ok

19:30:05.0453 1824        aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

19:30:05.0718 1824        aic78u2 - ok

19:30:05.0968 1824        aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

19:30:06.0187 1824        aic78xx - ok

19:30:06.0250 1824        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

19:30:06.0453 1824        AliIde - ok

19:30:06.0562 1824        alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

19:30:06.0812 1824        alim1541 - ok

19:30:06.0890 1824        Ambfilt         (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys

19:30:07.0062 1824        Ambfilt - ok

19:30:07.0203 1824        amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

19:30:07.0515 1824        amdagp - ok

19:30:07.0656 1824        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

19:30:07.0781 1824        amsint - ok

19:30:07.0812 1824        asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

19:30:08.0078 1824        asc - ok

19:30:08.0218 1824        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

19:30:08.0343 1824        asc3350p - ok

19:30:08.0359 1824        asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

19:30:09.0031 1824        asc3550 - ok

19:30:09.0468 1824        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

19:30:09.0875 1824        AsyncMac - ok

19:30:10.0093 1824        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

19:30:10.0390 1824        atapi - ok

19:30:10.0687 1824        Atdisk - ok

19:30:11.0046 1824        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

19:30:11.0453 1824        Atmarpc - ok

19:30:11.0640 1824        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

19:30:11.0968 1824        audstub - ok

19:30:12.0203 1824        AVGIDSDriver    (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

19:30:12.0531 1824        AVGIDSDriver - ok

19:30:12.0734 1824        AVGIDSEH        (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

19:30:12.0781 1824        AVGIDSEH - ok

19:30:12.0796 1824        AVGIDSFilter    (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

19:30:12.0843 1824        AVGIDSFilter - ok

19:30:13.0078 1824        AVGIDSShim      (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

19:30:13.0125 1824        AVGIDSShim - ok

19:30:13.0312 1824        Avgldx86        (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

19:30:13.0359 1824        Avgldx86 - ok

19:30:13.0515 1824        Avgmfx86        (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

19:30:13.0562 1824        Avgmfx86 - ok

19:30:13.0578 1824        Avgrkx86        (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

19:30:13.0640 1824        Avgrkx86 - ok

19:30:13.0703 1824        Avgtdix         (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

19:30:13.0750 1824        Avgtdix - ok

19:30:13.0859 1824        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

19:30:14.0203 1824        Beep - ok

19:30:14.0437 1824        cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

19:30:14.0812 1824        cbidf - ok

19:30:14.0984 1824        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

19:30:15.0281 1824        cbidf2k - ok

19:30:15.0453 1824        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

19:30:15.0671 1824        CCDECODE - ok

19:30:15.0703 1824        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

19:30:15.0859 1824        cd20xrnt - ok

19:30:16.0015 1824        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

19:30:16.0281 1824        Cdaudio - ok

19:30:16.0343 1824        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

19:30:16.0593 1824        Cdfs - ok

19:30:16.0765 1824        Cdrom           (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

19:30:16.0875 1824        Cdrom - ok

19:30:17.0000 1824        Changer - ok

19:30:17.0062 1824        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys

19:30:17.0328 1824        CmdIde - ok

19:30:17.0484 1824        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

19:30:17.0718 1824        Cpqarray - ok

19:30:17.0750 1824        dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

19:30:17.0984 1824        dac2w2k - ok

19:30:18.0140 1824        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

19:30:18.0406 1824        dac960nt - ok

19:30:18.0453 1824        DCamUSBEMPIA    (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys

19:30:18.0546 1824        DCamUSBEMPIA - ok

19:30:18.0734 1824        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

19:30:19.0000 1824        Disk - ok

19:30:19.0062 1824        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

19:30:19.0375 1824        dmboot - ok

19:30:19.0484 1824        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

19:30:19.0750 1824        dmio - ok

19:30:19.0765 1824        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

19:30:20.0062 1824        dmload - ok

19:30:20.0093 1824        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

19:30:20.0328 1824        DMusic - ok

19:30:20.0500 1824        DNINDIS5        (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS

19:30:20.0515 1824        DNINDIS5 ( UnsignedFile.Multi.Generic ) - warning

19:30:20.0515 1824        DNINDIS5 - detected UnsignedFile.Multi.Generic (1)

19:30:20.0609 1824        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

19:30:20.0859 1824        dpti2o - ok

19:30:20.0984 1824        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

19:30:21.0203 1824        drmkaud - ok

19:30:21.0296 1824        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

19:30:21.0515 1824        Fastfat - ok

19:30:21.0687 1824        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

19:30:21.0937 1824        Fdc - ok

19:30:21.0968 1824        FiltUSBEMPIA    (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys

19:30:22.0031 1824        FiltUSBEMPIA - ok

19:30:22.0203 1824        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

19:30:22.0421 1824        Fips - ok

19:30:22.0484 1824        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

19:30:22.0734 1824        Flpydisk - ok

19:30:22.0890 1824        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

19:30:23.0125 1824        FltMgr - ok

19:30:23.0171 1824        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

19:30:23.0406 1824        Fs_Rec - ok

19:30:23.0640 1824        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

19:30:23.0906 1824        Ftdisk - ok

19:30:24.0078 1824        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

19:30:24.0328 1824        Gpc - ok

19:30:24.0375 1824        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

19:30:24.0609 1824        HDAudBus - ok

19:30:24.0750 1824        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

19:30:24.0968 1824        hidusb - ok

19:30:25.0015 1824        hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

19:30:25.0234 1824        hpn - ok

19:30:25.0390 1824        HPZid412        (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

19:30:25.0484 1824        HPZid412 - ok

19:30:25.0781 1824        HPZipr12        (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

19:30:25.0906 1824        HPZipr12 - ok

19:30:26.0062 1824        HPZius12        (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

19:30:26.0140 1824        HPZius12 - ok

19:30:26.0296 1824        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

19:30:26.0421 1824        HTTP - ok

19:30:26.0531 1824        hwdatacard - ok

19:30:26.0609 1824        i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

19:30:26.0843 1824        i2omgmt - ok

19:30:26.0875 1824        i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

19:30:27.0093 1824        i2omp - ok

19:30:27.0250 1824        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

19:30:27.0468 1824        i8042prt - ok

19:30:27.0687 1824        ialm            (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

19:30:28.0078 1824        ialm - ok

19:30:28.0265 1824        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

19:30:28.0500 1824        Imapi - ok

19:30:28.0562 1824        ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

19:30:28.0796 1824        ini910u - ok

19:30:28.0968 1824        int15           (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\WINDOWS\system32\drivers\int15.sys

19:30:29.0000 1824        int15 - ok

19:30:29.0000 1824        int15.sys - ok

19:30:29.0218 1824        IntcAzAudAddService (f9bb9063a6557098dbaf7396e026c922) C:\WINDOWS\system32\drivers\RtkHDAud.sys

19:30:29.0484 1824        IntcAzAudAddService - ok

19:30:29.0640 1824        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys

19:30:29.0875 1824        IntelIde - ok

19:30:29.0906 1824        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

19:30:30.0140 1824        intelppm - ok

19:30:30.0281 1824        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

19:30:30.0500 1824        Ip6Fw - ok

19:30:30.0531 1824        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

19:30:30.0750 1824        IpFilterDriver - ok

19:30:30.0890 1824        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

19:30:31.0109 1824        IpInIp - ok

19:30:31.0156 1824        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

19:30:31.0390 1824        IpNat - ok

19:30:31.0578 1824        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

19:30:31.0796 1824        IPSec - ok

19:30:31.0812 1824        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

19:30:31.0937 1824        IRENUM - ok

19:30:32.0109 1824        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

19:30:32.0312 1824        isapnp - ok

19:30:32.0328 1824        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

19:30:32.0562 1824        Kbdclass - ok

19:30:32.0734 1824        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

19:30:32.0953 1824        kbdhid - ok

19:30:33.0015 1824        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

19:30:33.0218 1824        kmixer - ok

19:30:33.0406 1824        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

19:30:33.0484 1824        KSecDD - ok

19:30:33.0656 1824        lbrtfdc - ok

19:30:33.0781 1824        MarvinBus       (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys

19:30:33.0812 1824        MarvinBus ( UnsignedFile.Multi.Generic ) - warning

19:30:33.0812 1824        MarvinBus - detected UnsignedFile.Multi.Generic (1)

19:30:34.0000 1824        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

19:30:34.0218 1824        mnmdd - ok

19:30:34.0234 1824        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

19:30:34.0468 1824        Modem - ok

19:30:34.0656 1824        Monfilt         (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys

19:30:34.0781 1824        Monfilt - ok

19:30:34.0937 1824        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

19:30:35.0171 1824        Mouclass - ok

19:30:35.0218 1824        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

19:30:35.0437 1824        mouhid - ok

19:30:35.0593 1824        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

19:30:35.0828 1824        MountMgr - ok

19:30:35.0859 1824        MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

19:30:36.0062 1824        MPE - ok

19:30:36.0218 1824        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

19:30:36.0437 1824        mraid35x - ok

19:30:36.0468 1824        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

19:30:36.0671 1824        MRxDAV - ok

19:30:36.0812 1824        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

19:30:36.0906 1824        MRxSmb - ok

19:30:36.0984 1824        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

19:30:37.0203 1824        Msfs - ok

19:30:37.0359 1824        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

19:30:37.0578 1824        MSKSSRV - ok

19:30:37.0593 1824        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

19:30:37.0828 1824        MSPCLOCK - ok

19:30:37.0843 1824        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

19:30:38.0062 1824        MSPQM - ok

19:30:38.0234 1824        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

19:30:38.0437 1824        mssmbios - ok

19:30:38.0593 1824        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

19:30:38.0828 1824        MSTEE - ok

19:30:39.0000 1824        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

19:30:39.0046 1824        Mup - ok

19:30:39.0093 1824        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

19:30:39.0328 1824        NABTSFEC - ok

19:30:39.0406 1824        NAVENG - ok

19:30:39.0406 1824        NAVEX15 - ok

19:30:39.0593 1824        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

19:30:39.0843 1824        NDIS - ok

19:30:39.0875 1824        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

19:30:40.0093 1824        NdisIP - ok

19:30:40.0250 1824        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

19:30:40.0359 1824        NdisTapi - ok

19:30:40.0406 1824        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

19:30:40.0640 1824        Ndisuio - ok

19:30:40.0812 1824        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

19:30:41.0031 1824        NdisWan - ok

19:30:41.0093 1824        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

19:30:41.0156 1824        NDProxy - ok

19:30:41.0343 1824        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

19:30:41.0562 1824        NetBIOS - ok

19:30:41.0609 1824        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

19:30:41.0828 1824        NetBT - ok

19:30:42.0046 1824        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

19:30:42.0265 1824        Npfs - ok

19:30:42.0328 1824        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

19:30:42.0562 1824        Ntfs - ok

19:30:42.0609 1824        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

19:30:42.0828 1824        Null - ok

19:30:43.0000 1824        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

19:30:43.0203 1824        NwlnkFlt - ok

19:30:43.0218 1824        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

19:30:43.0437 1824        NwlnkFwd - ok

19:30:43.0500 1824        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

19:30:43.0718 1824        Parport - ok

19:30:43.0890 1824        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

19:30:44.0109 1824        PartMgr - ok

19:30:44.0156 1824        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

19:30:44.0375 1824        ParVdm - ok

19:30:44.0546 1824        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

19:30:44.0781 1824        PCI - ok

19:30:44.0781 1824        PCIDump - ok

19:30:44.0796 1824        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

19:30:45.0015 1824        PCIIde - ok

19:30:45.0062 1824        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

19:30:45.0281 1824        Pcmcia - ok

19:30:45.0390 1824        PDCOMP - ok

19:30:45.0406 1824        PDFRAME - ok

19:30:45.0421 1824        PDRELI - ok

19:30:45.0437 1824        PDRFRAME - ok

19:30:45.0484 1824        perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

19:30:45.0703 1824        perc2 - ok

19:30:45.0734 1824        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

19:30:45.0953 1824        perc2hib - ok

19:30:46.0171 1824        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

19:30:46.0375 1824        PptpMiniport - ok

19:30:46.0390 1824        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

19:30:46.0625 1824        PSched - ok

19:30:46.0656 1824        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

19:30:46.0875 1824        Ptilink - ok

19:30:47.0000 1824        PxHelp20        (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys

19:30:47.0031 1824        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

19:30:47.0031 1824        PxHelp20 - detected UnsignedFile.Multi.Generic (1)

19:30:47.0093 1824        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

19:30:47.0312 1824        ql1080 - ok

19:30:47.0484 1824        Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

19:30:47.0703 1824        Ql10wnt - ok

19:30:47.0750 1824        ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

19:30:47.0953 1824        ql12160 - ok

19:30:48.0109 1824        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

19:30:48.0328 1824        ql1240 - ok

19:30:48.0359 1824        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

19:30:48.0562 1824        ql1280 - ok

19:30:48.0609 1824        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

19:30:48.0812 1824        RasAcd - ok

19:30:49.0000 1824        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

19:30:49.0234 1824        Rasl2tp - ok

19:30:49.0250 1824        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

19:30:49.0468 1824        RasPppoe - ok

19:30:49.0468 1824        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

19:30:49.0687 1824        Raspti - ok

19:30:49.0718 1824        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

19:30:49.0953 1824        Rdbss - ok

19:30:50.0125 1824        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

19:30:50.0328 1824        RDPCDD - ok

19:30:50.0390 1824        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

19:30:50.0640 1824        rdpdr - ok

19:30:50.0812 1824        RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

19:30:50.0906 1824        RDPWD - ok

19:30:51.0078 1824        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

19:30:51.0296 1824        redbook - ok

19:30:51.0406 1824        RTLE8023xp      (20f8e21af426bf61881981452b3c3370) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

19:30:51.0500 1824        RTLE8023xp - ok

19:30:51.0640 1824        SASDIFSV        (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS

19:30:51.0671 1824        SASDIFSV - ok

19:30:51.0687 1824        SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS

19:30:51.0718 1824        SASKUTIL - ok

19:30:51.0875 1824        ScanUSBEMPIA    (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys

19:30:51.0921 1824        ScanUSBEMPIA - ok

19:30:52.0000 1824        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

19:30:52.0109 1824        Secdrv - ok

19:30:52.0234 1824        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

19:30:52.0453 1824        serenum - ok

19:30:52.0484 1824        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

19:30:52.0703 1824        Serial - ok

19:30:52.0781 1824        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

19:30:53.0000 1824        Sfloppy - ok

19:30:53.0125 1824        Simbad - ok

19:30:53.0203 1824        sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

19:30:53.0421 1824        sisagp - ok

19:30:53.0453 1824        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

19:30:53.0687 1824        SLIP - ok

19:30:53.0843 1824        SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

19:30:54.0046 1824        SONYPVU1 - ok

19:30:54.0109 1824        Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

19:30:54.0234 1824        Sparrow - ok

19:30:54.0343 1824        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

19:30:54.0546 1824        splitter - ok

19:30:54.0609 1824        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

19:30:54.0734 1824        sr - ok

19:30:54.0859 1824        SRTSP - ok

19:30:54.0875 1824        SRTSPX - ok

19:30:54.0953 1824        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

19:30:55.0046 1824        Srv - ok

19:30:55.0218 1824        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

19:30:55.0500 1824        streamip - ok

19:30:55.0546 1824        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

19:30:55.0781 1824        swenum - ok

19:30:55.0906 1824        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

19:30:56.0125 1824        swmidi - ok

19:30:56.0156 1824        symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

19:30:56.0375 1824        symc810 - ok

19:30:56.0421 1824        symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

19:30:56.0640 1824        symc8xx - ok

19:30:56.0828 1824        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

19:30:57.0031 1824        sym_hi - ok

19:30:57.0078 1824        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

19:30:57.0296 1824        sym_u3 - ok

19:30:57.0453 1824        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

19:30:57.0671 1824        sysaudio - ok

19:30:57.0750 1824        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

19:30:57.0859 1824        Tcpip - ok

19:30:58.0031 1824        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

19:30:58.0250 1824        TDPIPE - ok

19:30:58.0296 1824        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

19:30:58.0531 1824        TDTCP - ok

19:30:58.0734 1824        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

19:30:58.0953 1824        TermDD - ok

19:30:59.0046 1824        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys

19:30:59.0250 1824        TosIde - ok

19:30:59.0421 1824        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

19:30:59.0640 1824        Udfs - ok

19:30:59.0671 1824        ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

19:30:59.0781 1824        ultra - ok

19:30:59.0953 1824        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

19:31:00.0187 1824        Update - ok

19:31:00.0250 1824        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

19:31:00.0468 1824        usbaudio - ok

19:31:00.0609 1824        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

19:31:00.0828 1824        usbccgp - ok

19:31:00.0890 1824        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

19:31:01.0109 1824        usbehci - ok

19:31:01.0234 1824        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

19:31:01.0453 1824        usbhub - ok

19:31:01.0500 1824        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

19:31:01.0718 1824        usbprint - ok

19:31:01.0875 1824        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

19:31:02.0078 1824        usbscan - ok

19:31:02.0125 1824        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:31:02.0359 1824        USBSTOR - ok

19:31:02.0515 1824        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

19:31:02.0718 1824        usbuhci - ok

19:31:02.0765 1824        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

19:31:02.0968 1824        VgaSave - ok

19:31:03.0140 1824        viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

19:31:03.0343 1824        viaagp - ok

19:31:03.0359 1824        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

19:31:03.0593 1824        ViaIde - ok

19:31:03.0750 1824        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

19:31:03.0968 1824        VolSnap - ok

19:31:04.0015 1824        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

19:31:04.0234 1824        Wanarp - ok

19:31:04.0343 1824        WDICA - ok

19:31:04.0421 1824        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

19:31:04.0640 1824        wdmaud - ok

19:31:04.0718 1824        WPN111 - ok

19:31:04.0765 1824        WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

19:31:04.0968 1824        WS2IFSL - ok

19:31:05.0140 1824        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

19:31:05.0359 1824        WSTCODEC - ok

19:31:05.0421 1824        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

19:31:05.0484 1824        WudfPf - ok

19:31:05.0640 1824        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

19:31:05.0687 1824        WudfRd - ok

19:31:05.0718 1824        xcpip - ok

19:31:05.0734 1824        xpsec - ok

19:31:05.0796 1824        MBR (0x1B8)     (ea228d2d5aad83b7544d12986bdf25a2) \Device\Harddisk0\DR0

19:31:07.0890 1824        \Device\Harddisk0\DR0 - ok

19:31:07.0921 1824        Boot (0x1200)   (0d6367f75c725cbc0527cd41a14a9f16) \Device\Harddisk0\DR0\Partition0

19:31:07.0921 1824        \Device\Harddisk0\DR0\Partition0 - ok

19:31:07.0921 1824        ============================================================

19:31:07.0921 1824        Scan finished

19:31:07.0921 1824        ============================================================

19:31:08.0046 1960        Detected object count: 4

19:31:08.0046 1960        Actual detected object count: 4

19:31:13.0203 1960        AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

19:31:13.0203 1960        AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:31:13.0203 1960        DNINDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user

19:31:13.0218 1960        DNINDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:31:13.0218 1960        MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user

19:31:13.0218 1960        MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:31:13.0218 1960        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

19:31:13.0218 1960        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hier nun das Ergebnis von ComboFix:

Code:

ComboFix 12-01-05.02 - Ludi 06.01.2012   0:01.1.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1015.424 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\Ludi\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe

c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe

c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-05 bis 2012-01-05  ))))))))))))))))))))))))))))))

.

.

2012-01-04 21:49 . 2012-01-04 21:49        --------        d-----w-        C:\_OTL

2012-01-02 20:53 . 2012-01-02 20:53        --------        d-----w-        c:\programme\ESET

2011-12-31 13:26 . 2011-12-31 13:26        --------        d-----w-        c:\dokumente und einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\Threat Expert

2011-12-31 12:20 . 2012-01-02 20:56        --------        d-----w-        c:\programme\PC Tools Security

2011-12-31 12:17 . 2012-01-02 20:54        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools

2011-12-31 09:54 . 2011-12-31 09:54        23624        ----a-w-        c:\windows\system32\drivers\hitmanpro35.sys

2011-12-31 09:54 . 2011-12-31 09:54        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Hitman Pro

2011-12-31 09:50 . 2011-12-31 09:50        --------        d-----w-        c:\dokumente und einstellungen\Ludi\Anwendungsdaten\AVG Secure Search

2011-12-31 09:45 . 2011-12-31 09:45        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVG Secure Search

2011-12-31 09:45 . 2011-12-31 09:45        --------        d-----w-        c:\programme\Gemeinsame Dateien\AVG Secure Search

2011-12-31 09:45 . 2011-12-31 09:45        --------        d-----w-        c:\programme\AVG Secure Search

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 14:24 . 2011-09-09 12:08        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-11-23 14:40 . 2009-02-26 10:35        1859712        ----a-w-        c:\windows\system32\win32k.sys

2011-11-04 19:13 . 2009-02-26 10:35        916992        ----a-w-        c:\windows\system32\wininet.dll

2011-11-04 19:13 . 2009-02-26 10:35        43520        ----a-w-        c:\windows\system32\licmgr10.dll

2011-11-04 19:13 . 2009-02-26 10:35        1469440        ------w-        c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 2009-02-26 10:35        385024        ----a-w-        c:\windows\system32\html.iec

2011-11-01 16:07 . 2009-02-26 10:35        1288704        ----a-w-        c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2009-02-26 10:35        33280        ----a-w-        c:\windows\system32\csrsrv.dll

2011-10-26 10:49 . 2008-04-14 07:30        2029568        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2011-10-26 10:49 . 2008-04-14 07:29        2151424        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-10-18 11:13 . 2009-02-26 10:35        186880        ----a-w-        c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2009-02-26 01:48        692736        ----a-w-        c:\windows\system32\inetcomm.dll

2011-09-03 06:18 . 2011-09-10 08:32        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-20 18085888]

"UpdatePSTShortCut"="c:\programme\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]

"UpdateP2GoShortCut"="c:\programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

"AVG_TRAY"="c:\programme\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]

"vProt"="c:\programme\AVG Secure Search\vprot.exe" [2011-12-31 827232]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54        551296        ----a-w-        c:\programme\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^F1U201.401.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\F1U201.401.lnk

backup=c:\windows\pss\F1U201.401.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Photosmart Premier – Schnellstart.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Photosmart Premier – Schnellstart.lnk

backup=c:\windows\pss\HP Photosmart Premier – Schnellstart.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 22:07        932288        ----a-r-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44        35760        ----a-w-        c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2009-02-20 07:45        57344        ----a-w-        c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

2008-12-24 10:29        103720        ------w-        c:\programme\CyberLink\Power2Go\CLMLSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 12:00        15360        ----a-w-        c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-01-12 09:26        166424        ----a-w-        c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-01-12 09:25        141848        ----a-w-        c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2008-04-14 12:00        208952        ----a-w-        c:\windows\ime\imjp8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2007-01-08 20:17        52256        ----a-w-        c:\programme\CyberLink\PowerDVD\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 06:52        1695232        ----a-w-        c:\programme\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

2008-04-14 12:00        59392        ----a-w-        c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-01-12 09:26        137752        ----a-w-        c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2008-04-14 12:00        455168        ----a-w-        c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2008-04-14 12:00        455168        ----a-w-        c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

1999-03-14 22:00        37376        ----a-w-        c:\programme\Microsoft Money\System\REMINDER.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2007-03-14 19:01        71216        ------w-        c:\programme\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 09:43        248040        ----a-w-        c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-08-12 21:37        4603264        ----a-w-        c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2011-04-22 12:21        247728        ----a-w-        c:\programme\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]

2006-11-06 11:31        81920        ----a-w-        c:\windows\system32\PCLECoInst.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]

2008-11-04 05:19        57344        ----a-w-        c:\programme\eMachines\WR_PopUp\WarReg_PopUp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WTGService"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"TomTomHOMEService"=2 (0x2)

"RichVideo"=2 (0x2)

"Pml Driver HPZ12"=2 (0x2)

"PCLEPCI"=2 (0x2)

"osppsvc"=3 (0x3)

"ose"=3 (0x3)

"Norton Internet Security"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"GameConsoleService"=3 (0x3)

"ETService"=2 (0x2)

"!SASCORE"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Programme\\Pinnacle\\Studio 11\\programs\\RM.exe"=

"c:\\Programme\\Pinnacle\\Studio 11\\programs\\Studio.exe"=

"c:\\Programme\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=

"c:\\Programme\\Pinnacle\\Studio 11\\programs\\umi.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Programme\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Programme\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Programme\\AVG\\AVG10\\avgdiagex.exe"=

"c:\\Programme\\AVG\\AVG10\\avgnsx.exe"=

"c:\\Programme\\AVG\\AVG10\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.09.2010 16:27 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07.09.2010 03:48 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07.09.2010 03:48 248656]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07.09.2010 03:49 297168]

R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 17:27 12880]

R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [12.07.2011 22:55 67664]

R2 AVGIDSAgent;AVGIDSAgent;c:\programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.08.2011 01:33 7390560]

R2 avgwd;AVG WatchDog;c:\programme\AVG\AVG10\avgwdsvc.exe [08.02.2011 04:33 269520]

R2 vToolbarUpdater;vToolbarUpdater;c:\programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [31.12.2011 10:45 855904]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.08.2010 21:42 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.08.2010 21:42 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.08.2010 21:42 27216]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.02.2009 03:01 1684736]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programme\AVG\AVG10\Toolbar\ToolbarBroker.exe [25.05.2011 15:53 167264]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [10.05.2010 17:15 17149]

S3 osppsvc;Office Software Protection Platform;c:\programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 20:37 4640000]

S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]

S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S4 !SASCORE;SAS Core Service;c:\programme\SUPERAntiSpyware\SASCore.exe [12.08.2011 00:38 116608]

S4 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [09.05.2010 10:46 24576]

S4 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [22.04.2011 13:21 92592]

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-05 c:\windows\Tasks\User_Feed_Synchronization-{BF366C04-092C-4F25-A053-9F7AEAA24F19}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll

FF - ProfilePath - c:\dokumente und einstellungen\Ludi\Anwendungsdaten\Mozilla\Firefox\Profiles\az320fnm.default\

FF - prefs.js: browser.startup.homepage - about:blank|hxxp://www.google.de/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb02f40dc-6f5b-4343-b428-1843e8e01c8a%7D&mid=9dead1a333d9602cc6c0e745f9141804-ff410752225ab06f23d3680d7640feb22c7c4f1b&ds=AVG&v=9.0.0.18.1&lang=de&pr=fr&d=2011-12-31%2010%3A44%3A48&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-01-06 00:12

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-874574627-502627533-162025716-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-874574627-502627533-162025716-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (S-1-5-21-874574627-502627533-162025716-1005)

@Allowed: (Read) (S-1-5-21-874574627-502627533-162025716-1005)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(840)

c:\programme\SUPERAntiSpyware\SASWINLO.DLL

.

Zeit der Fertigstellung: 2012-01-06  00:16:07

ComboFix-quarantined-files.txt  2012-01-05 23:16

.

Vor Suchlauf: 15 Verzeichnis(se), 103.857.537.024 Bytes frei

Nach Suchlauf: 21 Verzeichnis(se), 103.957.307.392 Bytes frei

.

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 8F8505799F1922BEE3CF119F517DC0E7

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"=-

"65533:TCP"=-

"52344:TCP"=-

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Huhu,

Habe ich nun ausgeführt, ich wurde nur nicht zum Neustart aufgefordert, der Log ist hier:

Code:

ComboFix 12-01-05.04 - Ludi 06.01.2012  14:23:53.2.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1015.388 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\Ludi\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Ludi\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-06 bis 2012-01-06  ))))))))))))))))))))))))))))))

.

.

2012-01-04 21:49 . 2012-01-04 21:49        --------        d-----w-        C:\_OTL

2012-01-02 20:53 . 2012-01-02 20:53        --------        d-----w-        c:\programme\ESET

2011-12-31 13:26 . 2011-12-31 13:26        --------        d-----w-        c:\dokumente und einstellungen\Ludi\Lokale Einstellungen\Anwendungsdaten\Threat Expert

2011-12-31 12:20 . 2012-01-02 20:56        --------        d-----w-        c:\programme\PC Tools Security

2011-12-31 12:17 . 2012-01-02 20:54        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools

2011-12-31 09:54 . 2011-12-31 09:54        23624        ----a-w-        c:\windows\system32\drivers\hitmanpro35.sys

2011-12-31 09:54 . 2011-12-31 09:54        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Hitman Pro

2011-12-31 09:50 . 2011-12-31 09:50        --------        d-----w-        c:\dokumente und einstellungen\Ludi\Anwendungsdaten\AVG Secure Search

2011-12-31 09:45 . 2011-12-31 09:45        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVG Secure Search

2011-12-31 09:45 . 2011-12-31 09:45        --------        d-----w-        c:\programme\Gemeinsame Dateien\AVG Secure Search

2011-12-31 09:45 . 2011-12-31 09:45        --------        d-----w-        c:\programme\AVG Secure Search

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 14:24 . 2011-09-09 12:08        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-11-23 14:40 . 2009-02-26 10:35        1859712        ----a-w-        c:\windows\system32\win32k.sys

2011-11-04 19:13 . 2009-02-26 10:35        916992        ----a-w-        c:\windows\system32\wininet.dll

2011-11-04 19:13 . 2009-02-26 10:35        43520        ----a-w-        c:\windows\system32\licmgr10.dll

2011-11-04 19:13 . 2009-02-26 10:35        1469440        ------w-        c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 2009-02-26 10:35        385024        ----a-w-        c:\windows\system32\html.iec

2011-11-01 16:07 . 2009-02-26 10:35        1288704        ----a-w-        c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2009-02-26 10:35        33280        ----a-w-        c:\windows\system32\csrsrv.dll

2011-10-26 10:49 . 2008-04-14 07:30        2029568        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2011-10-26 10:49 . 2008-04-14 07:29        2151424        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-10-18 11:13 . 2009-02-26 10:35        186880        ----a-w-        c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2009-02-26 01:48        692736        ----a-w-        c:\windows\system32\inetcomm.dll

2011-09-03 06:18 . 2011-09-10 08:32        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((   SnapShot@2012-01-05_23.12.09   )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-02-26 10:35 . 2012-01-06 13:22        72102              c:\windows\system32\perfc009.dat

- 2009-02-26 10:35 . 2012-01-05 22:58        72102              c:\windows\system32\perfc009.dat

- 2009-02-26 10:35 . 2012-01-05 22:58        85618              c:\windows\system32\perfc007.dat

+ 2009-02-26 10:35 . 2012-01-06 13:22        85618              c:\windows\system32\perfc007.dat

+ 2009-02-26 10:35 . 2012-01-06 13:22        442454              c:\windows\system32\perfh009.dat

- 2009-02-26 10:35 . 2012-01-05 22:58        442454              c:\windows\system32\perfh009.dat

+ 2009-02-26 10:35 . 2012-01-06 13:22        460416              c:\windows\system32\perfh007.dat

- 2009-02-26 10:35 . 2012-01-05 22:58        460416              c:\windows\system32\perfh007.dat

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-20 18085888]

"UpdatePSTShortCut"="c:\programme\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]

"UpdateP2GoShortCut"="c:\programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

"AVG_TRAY"="c:\programme\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]

"vProt"="c:\programme\AVG Secure Search\vprot.exe" [2011-12-31 827232]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54        551296        ----a-w-        c:\programme\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^F1U201.401.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\F1U201.401.lnk

backup=c:\windows\pss\F1U201.401.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Photosmart Premier – Schnellstart.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Photosmart Premier – Schnellstart.lnk

backup=c:\windows\pss\HP Photosmart Premier – Schnellstart.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 22:07        932288        ----a-r-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-31 08:44        35760        ----a-w-        c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2009-02-20 07:45        57344        ----a-w-        c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

2008-12-24 10:29        103720        ------w-        c:\programme\CyberLink\Power2Go\CLMLSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 12:00        15360        ----a-w-        c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-01-12 09:26        166424        ----a-w-        c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-01-12 09:25        141848        ----a-w-        c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2008-04-14 12:00        208952        ----a-w-        c:\windows\ime\imjp8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2007-01-08 20:17        52256        ----a-w-        c:\programme\CyberLink\PowerDVD\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 06:52        1695232        ----a-w-        c:\programme\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

2008-04-14 12:00        59392        ----a-w-        c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-01-12 09:26        137752        ----a-w-        c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2008-04-14 12:00        455168        ----a-w-        c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2008-04-14 12:00        455168        ----a-w-        c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

1999-03-14 22:00        37376        ----a-w-        c:\programme\Microsoft Money\System\REMINDER.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2007-03-14 19:01        71216        ------w-        c:\programme\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 09:43        248040        ----a-w-        c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-08-12 21:37        4603264        ----a-w-        c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2011-04-22 12:21        247728        ----a-w-        c:\programme\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]

2006-11-06 11:31        81920        ----a-w-        c:\windows\system32\PCLECoInst.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]

2008-11-04 05:19        57344        ----a-w-        c:\programme\eMachines\WR_PopUp\WarReg_PopUp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WTGService"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"TomTomHOMEService"=2 (0x2)

"RichVideo"=2 (0x2)

"Pml Driver HPZ12"=2 (0x2)

"PCLEPCI"=2 (0x2)

"osppsvc"=3 (0x3)

"ose"=3 (0x3)

"Norton Internet Security"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"GameConsoleService"=3 (0x3)

"ETService"=2 (0x2)

"!SASCORE"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Programme\\Pinnacle\\Studio 11\\programs\\RM.exe"=

"c:\\Programme\\Pinnacle\\Studio 11\\programs\\Studio.exe"=

"c:\\Programme\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=

"c:\\Programme\\Pinnacle\\Studio 11\\programs\\umi.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Programme\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Programme\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Programme\\AVG\\AVG10\\avgdiagex.exe"=

"c:\\Programme\\AVG\\AVG10\\avgnsx.exe"=

"c:\\Programme\\AVG\\AVG10\\avgemcx.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.09.2010 16:27 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07.09.2010 03:48 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07.09.2010 03:48 248656]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07.09.2010 03:49 297168]

R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 17:27 12880]

R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [12.07.2011 22:55 67664]

R2 avgwd;AVG WatchDog;c:\programme\AVG\AVG10\avgwdsvc.exe [08.02.2011 04:33 269520]

R2 vToolbarUpdater;vToolbarUpdater;c:\programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [31.12.2011 10:45 855904]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.08.2010 21:42 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.08.2010 21:42 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.08.2010 21:42 27216]

S2 AVGIDSAgent;AVGIDSAgent;c:\programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.08.2011 01:33 7390560]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.02.2009 03:01 1684736]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programme\AVG\AVG10\Toolbar\ToolbarBroker.exe [25.05.2011 15:53 167264]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [10.05.2010 17:15 17149]

S3 osppsvc;Office Software Protection Platform;c:\programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 20:37 4640000]

S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]

S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S4 !SASCORE;SAS Core Service;c:\programme\SUPERAntiSpyware\SASCore.exe [12.08.2011 00:38 116608]

S4 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [09.05.2010 10:46 24576]

S4 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [22.04.2011 13:21 92592]

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-06 c:\windows\Tasks\User_Feed_Synchronization-{BF366C04-092C-4F25-A053-9F7AEAA24F19}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll

FF - ProfilePath - c:\dokumente und einstellungen\Ludi\Anwendungsdaten\Mozilla\Firefox\Profiles\az320fnm.default\

FF - prefs.js: browser.startup.homepage - about:blank|hxxp://www.google.de/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb02f40dc-6f5b-4343-b428-1843e8e01c8a%7D&mid=9dead1a333d9602cc6c0e745f9141804-ff410752225ab06f23d3680d7640feb22c7c4f1b&ds=AVG&v=9.0.0.18.1&lang=de&pr=fr&d=2011-12-31%2010%3A44%3A48&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-01-06 14:32

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-874574627-502627533-162025716-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-874574627-502627533-162025716-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (S-1-5-21-874574627-502627533-162025716-1005)

@Allowed: (Read) (S-1-5-21-874574627-502627533-162025716-1005)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(848)

c:\programme\SUPERAntiSpyware\SASWINLO.DLL

.

- - - - - - - > 'explorer.exe'(684)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Zeit der Fertigstellung: 2012-01-06  14:35:40

ComboFix-quarantined-files.txt  2012-01-06 13:35

ComboFix2.txt  2012-01-05 23:16

.

Vor Suchlauf: 20 Verzeichnis(se), 103.980.253.184 Bytes frei

Nach Suchlauf: 21 Verzeichnis(se), 103.958.396.928 Bytes frei

.

- - End Of File - - 40611F9464F44EDFB0602FF80515461B