Trojaner-Board - Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung"

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Suche Hilfe für Logauswertung "weißer Bildschirm mit Verbindungs-Meldung" (https://www.trojaner-board.de/113518-suche-hilfe-logauswertung-weisser-bildschirm-verbindungs-meldung.html)

hallo,

habe beide Scans durchgeführt wie beschrieben.

Hier der LOG vom Malwarebytes:

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.04.13.02
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

T**** :: THOMAS-8157C8E2 [Administrator]
 

Schutz: Aktiviert
 

13.04.2012 13:10:15

mbam-log-2012-04-13 (13-10-15).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 280583

Laufzeit: 51 Minute(n), 56 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 3

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 17

C:\AdvoWeb\AdvoWare\hilfmir.exe (PUP.Radmin) -> Keine Aktion durchgeführt.

C:\AdvoWeb\AdvowareBackup10060701\hilfmir.exe (PUP.Radmin) -> Keine Aktion durchgeführt.

C:\AdvoWeb\AdvowareBackup10060702\hilfmir.exe (PUP.Radmin) -> Keine Aktion durchgeführt.

C:\AdvoWeb\AdvowareBackup11012201\hilfmir.exe (PUP.Radmin) -> Keine Aktion durchgeführt.

C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Temp\ecssxxpfoeubn.exe (UPX.Mod.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Temp\kfbthyjlirzpflxi.exe (UPX.Mod.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Temp\mjhpcwujngclswtnpqh.exe (UPX.Mod.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Temp\ooswupwcmconmqy.exe (UPX.Mod.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Temp\coymnonigzwtyac.exe (UPX.Mod.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Temp\wusctpegqmtylt.exe (UPX.Mod.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Temp\vswurnumovfwiqo.exe (UPX.Mod.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Temp\vvmkjuqjrkirnsbsuvzselbwl.exe (UPX.Mod.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\_OTL\MovedFiles\04122012_175850\C_Dokumente und Einstellungen\T****\Anwendungsdaten\bstr55uhjzd.exe (UPX.Mod.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

D:\FOTOS\2008 Casiana Terme\CIMG2017.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.

D:\FOTOS\2008 Urlaub Schenna\3. Meran 2000_Stoanerne Mandln\CIMG2285.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.

D:\FOTOS\2008 Urlaub Schenna\6. Schnalztal_Martelltal\CIMG2383.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.

D:\FOTOS\Silberhochzeit Mac&Olf\CIMG1990.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

und hier der LOG des ESET Scanners:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=1794901c3d30ec449e0c9344d7e31fc6

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-13 01:41:48

# local_time=2012-04-13 03:41:48 (+0100, Westeuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1797 16775145 100 93 686313 70856719 322450 0

# compatibility_mode=8192 67108863 100 0 97 97 0 0

# compatibility_mode=9217 16777214 75 66 33168680 36277000 0 0

# scanned=79426

# found=1

# cleaned=0

# scan_time=4610

C:\_OTL.zip        Win32/LockScreen.AKG trojan (unable to clean)        00000000000000000000000000000000        I

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

also fehlende Programme sehe ich nicht. Scheint alles zu laufen und da zu sein. Das einzige was nicht da ist sind die Desktop Symbole und Verknüpfungen (also ein normales Hintergrundbild, aber nackt, ohne jegliche Symbole). Könnte das an einem fehlerhaften Registry-Eintrag liegen?

DANKE NOCHMAL SOWEIT!!!!
t

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

hi,

anbei die OTL-Log-Datei.

danke und Gruß!

Code:

OTL logfile created on: 15.04.2012 18:57:33 - Run 1

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Dokumente und Einstellungen\T****\Eigene Dateien\Downloads

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 68,87% Memory free

3,35 Gb Paging File | 2,77 Gb Available in Paging File | 82,71% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 24,41 Gb Total Space | 1,28 Gb Free Space | 5,25% Space Free | Partition Type: NTFS

Drive D: | 208,41 Gb Total Space | 185,68 Gb Free Space | 89,09% Space Free | Partition Type: NTFS

 

Computer Name: THOMAS-8157C8E2 | User Name: T**** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.04.15 18:53:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\T****\Eigene Dateien\Downloads\OTL.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

PRC - [2011.09.02 15:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2011.08.15 15:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2011.07.02 17:21:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2011.05.13 12:54:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2011.02.18 18:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe

PRC - [2011.02.18 18:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe

PRC - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe

PRC - [2011.02.15 17:25:42 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe

PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.09.05 16:12:54 | 001,089,536 | ---- | M] (Gupta Technologies, LLC) -- C:\AdvoWeb\AdvoWare\Server\dbntsrv.exe

PRC - [2006.07.30 23:59:36 | 001,101,824 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\WG111v2.exe

PRC - [2006.02.10 13:17:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

PRC - [2005.10.05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Programme\Dell\Media Experience\DMXLauncher.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.02.05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll

MOD - [2012.02.05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll

MOD - [2011.09.05 19:04:58 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU

MOD - [2011.06.28 13:19:50 | 000,430,568 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\VipreBridge.dll

MOD - [2011.06.28 13:19:49 | 000,589,184 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll

MOD - [2011.06.16 17:32:06 | 000,308,560 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\Vipre.dll

MOD - [2011.06.07 11:44:50 | 000,508,776 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\thorax.aaw

MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll

MOD - [2010.06.17 15:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2008.07.19 18:02:52 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\custmon32.dll

MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2006.07.30 23:59:36 | 001,101,824 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\WG111v2.exe

MOD - [2005.11.13 15:22:38 | 000,217,088 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\NWTools.dll

MOD - [2005.10.05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Programme\Dell\Media Experience\DMXLauncher.exe

MOD - [2005.07.20 05:53:04 | 000,966,765 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\acAuth.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.09.02 15:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2011.07.02 17:21:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.05.13 12:54:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.02.18 18:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)

SRV - [2007.09.05 16:12:54 | 001,089,536 | ---- | M] (Gupta Technologies, LLC) [Auto | Running] -- C:\AdvoWeb\Advoware\Server\dbntsrv.exe -- (Gupta SQLBase Advoware)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctoss2k.sys -- (ossrv)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\emupia2k.sys -- (emupia)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctac32k.sys -- (ctac32k)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.07.02 17:21:53 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.07.02 17:21:53 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.02.15 17:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2011.02.04 16:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)

DRV - [2010.12.03 11:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)

DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2010.05.13 11:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2006.03.27 18:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)

DRV - [2006.02.10 13:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2006.02.09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005.07.13 18:18:00 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ksta.de/

IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZon2.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550

IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search"

FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13"

FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.3.3.2

FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.03.11 17:19:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.18 13:47:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.11.05 15:50:34 | 000,000,000 | ---D | M]

 

[2011.01.21 19:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Extensions

[2012.04.13 14:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\extensions

[2011.01.25 20:22:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.03.26 17:52:42 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}

[2011.03.23 21:42:12 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\searchplugins\conduit.xml

[2012.04.13 13:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.10.09 18:11:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

[2012.03.11 17:19:29 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAMME\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER

[2011.10.09 18:11:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011.10.09 18:11:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\18.0.1025.152\gcswf32.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\18.0.1025.152\pdf.dll

CHR - plugin: npFFApi (Enabled) = C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012.04.12 23:58:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZon2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZon2.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZon2.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe ()

O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [lmfvMDBr3jNvGGM] C:\Dokumente und Einstellungen\T****\Anwendungsdaten\bstr55uhjzd.exe File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003..\Run: [lmfvMDBr3jNvGGM] C:\Dokumente und Einstellungen\T****\Anwendungsdaten\bstr55uhjzd.exe File not found

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NETGEAR WG111v2 Smart Wizard.lnk = C:\Programme\NETGEAR\WG111v2\WG111v2.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D4B9594-62F6-49F5-A458-3BE94868D7C4}: DhcpNameServer = 10.0.0.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003 Winlogon: Shell - (C:\Dokumente und Einstellungen\T****\Anwendungsdaten\bstr55uhjzd.exe) -  File not found

O20 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003 Winlogon: UserInit - (C:\Dokumente und Einstellungen\T****\Anwendungsdaten\bstr55uhjzd.exe) -  File not found

O20 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003 Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.01.20 14:22:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (lsdelete)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: vsmon - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)

ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3

ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework

ActiveX: {fgp1l2e2-UHzu-fOkg-z7KY-SpaF5G4Z1Yo3} - 

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.15 18:44:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7

[2012.04.13 14:23:21 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.04.13 13:08:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Malwarebytes

[2012.04.13 13:07:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.04.13 13:07:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.04.13 13:07:49 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.04.13 13:07:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.04.12 23:58:50 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.04.12 07:48:35 | 000,000,000 | -HSD | C] -- C:\found.001

[2012.04.10 18:48:35 | 000,000,000 | -HSD | C] -- C:\found.000

[2012.04.07 17:00:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\T****\Desktop\Fotos Handy

[2011.04.24 12:07:35 | 027,041,136 | ---- | C] (Xceed Software Inc.     1-450-442-2626     info@xceedsoft.com     www.xceedsoft.com) -- C:\Programme\R119714.EXE

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.15 18:44:18 | 000,000,787 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk

[2012.04.15 18:37:00 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.04.15 18:36:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.04.15 18:36:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.04.14 17:19:00 | 000,001,110 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.04.14 15:22:09 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk

[2012.04.13 16:11:17 | 000,459,194 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.04.13 16:11:17 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.04.13 16:11:17 | 000,084,708 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.04.13 16:11:17 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.04.13 16:06:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.04.13 13:08:05 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat

[2012.04.13 13:08:05 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

[2012.04.13 13:07:56 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.12 18:27:23 | 000,310,120 | ---- | M] () -- C:\_OTL.zip

[2012.04.12 18:03:38 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.04.01 18:43:14 | 000,000,109 | ---- | M] () -- C:\WINDOWS\cdlli52.INI

[2012.03.25 17:12:45 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\T****\Desktop\Microsoft Office Word 2007.lnk

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.04.15 18:44:18 | 000,000,787 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk

[2012.04.13 13:07:56 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.12 18:27:23 | 000,310,120 | ---- | C] () -- C:\_OTL.zip

[2012.02.17 16:52:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.04.26 12:06:53 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat

[2011.04.26 12:06:53 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

[2011.04.24 12:35:51 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe

[2011.04.24 12:35:24 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2011.02.25 13:43:08 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.01.22 16:07:45 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll

[2011.01.21 22:24:33 | 000,000,109 | ---- | C] () -- C:\WINDOWS\cdlli52.INI

[2011.01.21 20:48:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL

[2011.01.21 19:55:44 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2011.01.21 19:45:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2011.01.21 19:28:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011.01.21 18:51:54 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2011.01.21 18:36:48 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2011.01.21 18:36:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD7320.DAT

[2011.01.21 18:21:49 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2011.01.20 14:39:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011.01.20 14:32:49 | 000,000,149 | ---- | C] () -- C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2011.01.20 14:26:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011.01.20 14:19:16 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011.01.20 14:13:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011.01.20 14:12:27 | 000,167,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

 
 ========== LOP Check ==========

 

[2011.01.21 21:21:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH

[2011.10.16 12:31:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cached Installations

[2011.09.18 13:58:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon

[2011.01.21 19:42:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

[2011.01.21 21:22:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Buhl Data Service

[2011.08.10 19:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Buhl Data Service GmbH

[2011.01.21 18:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\CheckPoint

[2011.08.12 16:47:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\deltra Software GmbH

[2011.09.18 13:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Nikon

[2012.04.15 18:47:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\TeamViewer

[2012.04.12 18:03:38 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.01.23 09:15:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Adobe

[2011.03.04 13:33:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Avira

[2011.03.11 14:05:10 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Brother

[2011.01.21 21:22:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Buhl Data Service

[2011.08.10 19:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Buhl Data Service GmbH

[2011.01.21 18:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\CheckPoint

[2011.01.21 21:38:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Creative

[2011.08.12 16:47:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\deltra Software GmbH

[2011.02.14 19:42:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Google

[2011.01.25 20:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Help

[2011.01.20 14:39:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Identities

[2011.01.21 19:28:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Macromedia

[2012.04.13 13:08:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Malwarebytes

[2012.04.06 19:09:31 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Microsoft

[2011.01.21 19:29:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla

[2011.09.18 13:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Nikon

[2011.10.09 18:10:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Sun

[2012.04.15 18:47:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\TeamViewer

[2012.02.05 18:40:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\vlc

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2004.08.10 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2011.01.30 20:10:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2011.01.30 20:10:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.10 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2011.01.30 20:10:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2011.01.30 20:10:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004.08.10 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2004.08.10 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: IASTOR.SYS  >

[2006.05.11 18:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

[2006.05.11 18:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\system32\drivers\iaStor.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.10 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll

[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467_0$\netlogon.dll

 
 < MD5 for: NVATABUS.SYS  >

[2006.03.17 02:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.10 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2004.08.10 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.10 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2011.07.18 20:44:23 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2004.08.10 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004.08.10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2004.08.10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2011.01.20 15:11:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2011.01.20 15:11:30 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2011.01.20 15:11:30 | 000,454,656 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 <           >
 

< End of report >

Zitat:

PRC - [2011.02.18 18:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2011.02.18 18:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011.02.15 17:25:42 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe

ZoneAlarm ist kontraproduktiver Müll, bitte umgehend deinstallieren und die Windows-Firewall einschalten!
Mach danach wie o.g. ein neues OTL-Log

Hallo Arne,

ZoneAlarm ist entfernt, hier ist der neue OTL-Log:

Code:

OTL logfile created on: 16.04.2012 21:50:13 - Run 2

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Dokumente und Einstellungen\T****\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,17% Memory free

3,85 Gb Paging File | 3,36 Gb Available in Paging File | 87,26% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 24,41 Gb Total Space | 0,55 Gb Free Space | 2,26% Space Free | Partition Type: NTFS

Drive D: | 208,41 Gb Total Space | 185,68 Gb Free Space | 89,09% Space Free | Partition Type: NTFS

 

Computer Name: THOMAS-8157C8E2 | User Name: T**** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.04.15 18:53:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\T****\Desktop\OTL.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

PRC - [2011.09.02 15:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2011.08.15 15:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2011.07.02 17:21:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2011.05.13 12:54:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.09.05 16:12:54 | 001,089,536 | ---- | M] (Gupta Technologies, LLC) -- C:\AdvoWeb\AdvoWare\Server\dbntsrv.exe

PRC - [2006.07.30 23:59:36 | 001,101,824 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\WG111v2.exe

PRC - [2006.02.10 13:17:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

PRC - [2005.10.05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Programme\Dell\Media Experience\DMXLauncher.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.02.05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll

MOD - [2012.02.05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll

MOD - [2011.09.05 19:04:58 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU

MOD - [2011.06.28 13:19:50 | 000,430,568 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\VipreBridge.dll

MOD - [2011.06.28 13:19:49 | 000,589,184 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll

MOD - [2011.06.16 17:32:06 | 000,308,560 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\Vipre.dll

MOD - [2011.06.07 11:44:50 | 000,508,776 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft\Ad-Aware\Defs\thorax.aaw

MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll

MOD - [2010.06.17 15:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2008.07.19 18:02:52 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\custmon32.dll

MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2006.07.30 23:59:36 | 001,101,824 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\WG111v2.exe

MOD - [2005.11.13 15:22:38 | 000,217,088 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\NWTools.dll

MOD - [2005.10.05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Programme\Dell\Media Experience\DMXLauncher.exe

MOD - [2005.07.20 05:53:04 | 000,966,765 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\acAuth.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.09.02 15:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2011.07.02 17:21:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.05.13 12:54:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2007.09.05 16:12:54 | 001,089,536 | ---- | M] (Gupta Technologies, LLC) [Auto | Running] -- C:\AdvoWeb\Advoware\Server\dbntsrv.exe -- (Gupta SQLBase Advoware)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctoss2k.sys -- (ossrv)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\emupia2k.sys -- (emupia)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctac32k.sys -- (ctac32k)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.07.02 17:21:53 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.07.02 17:21:53 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.02.04 16:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)

DRV - [2010.12.03 11:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)

DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2006.03.27 18:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)

DRV - [2006.02.10 13:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2006.02.09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005.07.13 18:18:00 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ksta.de/

IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550

IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search"

FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.18 13:47:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.11.05 15:50:34 | 000,000,000 | ---D | M]

 

[2011.01.21 19:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Extensions

[2012.04.16 21:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\extensions

[2011.01.25 20:22:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.03.23 21:42:12 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\searchplugins\conduit.xml

[2012.04.13 13:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.10.09 18:11:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

[2011.10.09 18:11:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011.10.09 18:11:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\18.0.1025.152\gcswf32.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\18.0.1025.152\pdf.dll

CHR - plugin: npFFApi (Enabled) = C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012.04.12 23:58:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NETGEAR WG111v2 Smart Wizard.lnk = C:\Programme\NETGEAR\WG111v2\WG111v2.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D4B9594-62F6-49F5-A458-3BE94868D7C4}: DhcpNameServer = 10.0.0.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.01.20 14:22:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (lsdelete)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.16 21:29:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2012.04.16 20:21:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs

[2012.04.16 20:19:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data

[2012.04.15 18:52:53 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\T****\Desktop\OTL.exe

[2012.04.15 18:44:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7

[2012.04.13 14:23:21 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.04.13 13:08:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Malwarebytes

[2012.04.13 13:07:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.04.13 13:07:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.04.13 13:07:49 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.04.13 13:07:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.04.12 23:58:50 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.04.12 07:48:35 | 000,000,000 | -HSD | C] -- C:\found.001

[2012.04.10 18:48:35 | 000,000,000 | -HSD | C] -- C:\found.000

[2012.04.07 17:00:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\T****\Desktop\Fotos Handy

[2011.04.24 12:07:35 | 027,041,136 | ---- | C] (Xceed Software Inc.     1-450-442-2626     info@xceedsoft.com     www.xceedsoft.com) -- C:\Programme\R119714.EXE

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.16 21:35:10 | 000,000,109 | ---- | M] () -- C:\WINDOWS\cdlli52.INI

[2012.04.16 21:30:07 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2012.04.16 21:29:36 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.04.16 21:29:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.04.16 21:19:00 | 000,001,110 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.04.16 18:05:17 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat

[2012.04.16 18:05:17 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

[2012.04.15 18:53:06 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\T****\Desktop\OTL.exe

[2012.04.15 18:44:18 | 000,000,787 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk

[2012.04.15 18:36:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.04.14 15:22:09 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk

[2012.04.13 16:11:17 | 000,459,194 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.04.13 16:11:17 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.04.13 16:11:17 | 000,084,708 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.04.13 16:11:17 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.04.13 16:06:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.04.13 13:07:56 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.12 18:27:23 | 000,310,120 | ---- | M] () -- C:\_OTL.zip

[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.03.25 17:12:45 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\T****\Desktop\Microsoft Office Word 2007.lnk

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.04.15 18:44:18 | 000,000,787 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk

[2012.04.13 13:07:56 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.12 18:27:23 | 000,310,120 | ---- | C] () -- C:\_OTL.zip

[2012.02.17 16:52:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.04.26 12:06:53 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat

[2011.04.26 12:06:53 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

[2011.04.24 12:35:51 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe

[2011.04.24 12:35:24 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2011.02.25 13:43:08 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.01.22 16:07:45 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll

[2011.01.21 22:24:33 | 000,000,109 | ---- | C] () -- C:\WINDOWS\cdlli52.INI

[2011.01.21 20:48:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL

[2011.01.21 19:55:44 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2011.01.21 19:45:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2011.01.21 19:28:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011.01.21 18:51:54 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2011.01.21 18:36:48 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2011.01.21 18:36:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD7320.DAT

[2011.01.21 18:21:49 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2011.01.20 14:39:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011.01.20 14:32:49 | 000,000,149 | ---- | C] () -- C:\Dokumente und Einstellungen\T****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2011.01.20 14:26:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011.01.20 14:19:16 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011.01.20 14:13:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011.01.20 14:12:27 | 000,167,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

 
 ========== LOP Check ==========

 

[2011.01.21 21:21:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH

[2011.10.16 12:31:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cached Installations

[2011.09.18 13:58:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon

[2011.01.21 19:42:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

[2011.01.21 21:22:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Buhl Data Service

[2011.08.10 19:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Buhl Data Service GmbH

[2011.01.21 18:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\CheckPoint

[2011.08.12 16:47:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\deltra Software GmbH

[2011.09.18 13:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Nikon

[2012.04.15 18:47:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\TeamViewer

[2012.04.16 21:30:07 | 000,000,484 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.01.23 09:15:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Adobe

[2011.03.04 13:33:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Avira

[2011.03.11 14:05:10 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Brother

[2011.01.21 21:22:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Buhl Data Service

[2011.08.10 19:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Buhl Data Service GmbH

[2011.01.21 18:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\CheckPoint

[2011.01.21 21:38:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Creative

[2011.08.12 16:47:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\deltra Software GmbH

[2011.02.14 19:42:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Google

[2011.01.25 20:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Help

[2011.01.20 14:39:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Identities

[2011.01.21 19:28:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Macromedia

[2012.04.13 13:08:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Malwarebytes

[2012.04.06 19:09:31 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Microsoft

[2011.01.21 19:29:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla

[2011.09.18 13:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Nikon

[2011.10.09 18:10:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Sun

[2012.04.15 18:47:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\TeamViewer

[2012.02.05 18:40:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\vlc

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2004.08.10 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2011.01.30 20:10:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2011.01.30 20:10:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.10 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2011.01.30 20:10:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2011.01.30 20:10:59 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004.08.10 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2004.08.10 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: IASTOR.SYS  >

[2006.05.11 18:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

[2006.05.11 18:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\system32\drivers\iaStor.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.10 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll

[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467_0$\netlogon.dll

 
 < MD5 for: NVATABUS.SYS  >

[2006.03.17 02:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.10 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2004.08.10 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.10 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2011.07.18 20:44:23 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2004.08.10 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004.08.10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2004.08.10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2011.01.20 15:11:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2011.01.20 15:11:30 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2011.01.20 15:11:30 | 000,454,656 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 <           >
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

IE - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search"

FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2613550&SearchSource=13"

FF - user.js - File not found

[2011.03.23 21:42:12 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\searchplugins\conduit.xml

O3 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-1757981266-1078081533-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.01.20 14:22:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

[2012.04.16 20:21:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs

[2012.04.12 07:48:35 | 000,000,000 | -HSD | C] -- C:\found.001

[2012.04.10 18:48:35 | 000,000,000 | -HSD | C] -- C:\found.000

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo,

habe den OTL-Fix ausgeführt. Hier der Bericht:

Code:

All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-1757981266-1078081533-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Prefs.js: "ZoneAlarm-Sicherheit Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: "ZoneAlarm-Sicherheit Customized Web Search" removed from browser.search.selectedEngine

Prefs.js: "hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13" removed from browser.startup.homepage

C:\Dokumente und Einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\searchplugins\conduit.xml moved successfully.

Registry value HKEY_USERS\S-1-5-21-1757981266-1078081533-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_USERS\S-1-5-21-1757981266-1078081533-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\AUTOEXEC.BAT moved successfully.

C:\WINDOWS\Internet Logs folder moved successfully.

C:\found.001 folder moved successfully.

C:\found.000 folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 2210553 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 2128216 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: T****

->Temp folder emptied: 1051199148 bytes

->Temporary Internet Files folder emptied: 217483700 bytes

->Java cache emptied: 759971 bytes

->FireFox cache emptied: 75398410 bytes

->Google Chrome cache emptied: 203642161 bytes

->Flash cache emptied: 22952 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1258715 bytes

%systemroot%\System32 .tmp files removed: 2951 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 17621966 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1.499,00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

User: T****

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.39.2 log created on 04182012_185702
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

brauchst du wieder das im OTL-Ordner gespeicherte "böse" Zeug auf euren Upload Kanal?

Nein das brauch ich nicht

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hallo,

habe den Scan durchgeführt. Hier das LOG-File:

Gruß!

Code:

17:44:37.0937 2904        TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20

17:44:38.0203 2904        ============================================================

17:44:38.0203 2904        Current date / time: 2012/04/19 17:44:38.0203

17:44:38.0203 2904        SystemInfo:

17:44:38.0203 2904        

17:44:38.0203 2904        OS Version: 5.1.2600 ServicePack: 3.0

17:44:38.0203 2904        Product type: Workstation

17:44:38.0203 2904        ComputerName: THOMAS-8157C8E2

17:44:38.0203 2904        UserName: T****

17:44:38.0203 2904        Windows directory: C:\WINDOWS

17:44:38.0203 2904        System windows directory: C:\WINDOWS

17:44:38.0203 2904        Processor architecture: Intel x86

17:44:38.0203 2904        Number of processors: 2

17:44:38.0203 2904        Page size: 0x1000

17:44:38.0203 2904        Boot type: Normal boot

17:44:38.0203 2904        ============================================================

17:44:38.0875 2904        Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

17:44:38.0906 2904        \Device\Harddisk0\DR0:

17:44:38.0906 2904        MBR partitions:

17:44:38.0906 2904        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D3C74

17:44:38.0921 2904        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30D3CF2, BlocksNum 0x1A0D1287

17:44:38.0953 2904        C: <-> \Device\Harddisk0\DR0\Partition0

17:44:39.0000 2904        D: <-> \Device\Harddisk0\DR0\Partition1

17:44:39.0000 2904        Initialize success

17:44:39.0000 2904        ============================================================

17:46:46.0437 3984        ============================================================

17:46:46.0437 3984        Scan started

17:46:46.0437 3984        Mode: Manual; SigCheck; TDLFS; 

17:46:46.0437 3984        ============================================================

17:46:46.0609 3984        Abiosdsk - ok

17:46:46.0609 3984        abp480n5 - ok

17:46:46.0671 3984        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:46:46.0953 3984        ACPI - ok

17:46:46.0984 3984        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:46:47.0093 3984        ACPIEC - ok

17:46:47.0109 3984        adpu160m - ok

17:46:47.0125 3984        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:46:47.0265 3984        aec - ok

17:46:47.0296 3984        AegisP          (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

17:46:47.0312 3984        AegisP ( UnsignedFile.Multi.Generic ) - warning

17:46:47.0312 3984        AegisP - detected UnsignedFile.Multi.Generic (1)

17:46:47.0343 3984        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:46:47.0390 3984        AFD - ok

17:46:47.0406 3984        Aha154x - ok

17:46:47.0406 3984        aic78u2 - ok

17:46:47.0421 3984        aic78xx - ok

17:46:47.0453 3984        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

17:46:47.0578 3984        Alerter - ok

17:46:47.0593 3984        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

17:46:47.0718 3984        ALG - ok

17:46:47.0781 3984        AliIde - ok

17:46:47.0796 3984        amsint - ok

17:46:47.0843 3984        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe

17:46:47.0859 3984        AntiVirSchedulerService - ok

17:46:47.0875 3984        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe

17:46:47.0890 3984        AntiVirService - ok

17:46:47.0921 3984        AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll

17:46:48.0046 3984        AppMgmt - ok

17:46:48.0062 3984        asc - ok

17:46:48.0062 3984        asc3350p - ok

17:46:48.0078 3984        asc3550 - ok

17:46:48.0156 3984        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

17:46:48.0156 3984        aspnet_state - ok

17:46:48.0203 3984        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:46:48.0328 3984        AsyncMac - ok

17:46:48.0343 3984        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:46:48.0468 3984        atapi - ok

17:46:48.0484 3984        Atdisk - ok

17:46:48.0515 3984        Ati HotKey Poller (40f02b8460ac817ea0cea2e0cab4c2ed) C:\WINDOWS\system32\Ati2evxx.exe

17:46:48.0562 3984        Ati HotKey Poller - ok

17:46:48.0656 3984        ATI Smart       (d41eb535e2b2d8872463e5f59f215d4e) C:\WINDOWS\system32\ati2sgag.exe

17:46:48.0687 3984        ATI Smart ( UnsignedFile.Multi.Generic ) - warning

17:46:48.0687 3984        ATI Smart - detected UnsignedFile.Multi.Generic (1)

17:46:48.0765 3984        ati2mtag        (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

17:46:48.0828 3984        ati2mtag - ok

17:46:48.0859 3984        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:46:48.0984 3984        Atmarpc - ok

17:46:49.0031 3984        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

17:46:49.0156 3984        AudioSrv - ok

17:46:49.0187 3984        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:46:49.0296 3984        audstub - ok

17:46:49.0343 3984        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys

17:46:49.0359 3984        avgio - ok

17:46:49.0375 3984        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

17:46:49.0406 3984        avgntflt - ok

17:46:49.0421 3984        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

17:46:49.0437 3984        avipbb - ok

17:46:49.0453 3984        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:46:49.0578 3984        Beep - ok

17:46:49.0640 3984        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

17:46:49.0765 3984        BITS - ok

17:46:49.0828 3984        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

17:46:49.0953 3984        Browser - ok

17:46:50.0015 3984        BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys

17:46:50.0046 3984        BrScnUsb - ok

17:46:50.0062 3984        BrSerIf         (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys

17:46:50.0093 3984        BrSerIf - ok

17:46:50.0109 3984        BrUsbSer        (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys

17:46:50.0140 3984        BrUsbSer - ok

17:46:50.0156 3984        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:46:50.0281 3984        cbidf2k - ok

17:46:50.0296 3984        cd20xrnt - ok

17:46:50.0312 3984        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:46:50.0421 3984        Cdaudio - ok

17:46:50.0453 3984        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:46:50.0578 3984        Cdfs - ok

17:46:50.0609 3984        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:46:50.0718 3984        Cdrom - ok

17:46:50.0750 3984        cercsr6         (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

17:46:50.0750 3984        cercsr6 ( UnsignedFile.Multi.Generic ) - warning

17:46:50.0765 3984        cercsr6 - detected UnsignedFile.Multi.Generic (1)

17:46:50.0765 3984        Changer - ok

17:46:50.0796 3984        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

17:46:50.0921 3984        CiSvc - ok

17:46:50.0953 3984        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

17:46:51.0078 3984        ClipSrv - ok

17:46:51.0140 3984        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:46:51.0156 3984        clr_optimization_v2.0.50727_32 - ok

17:46:51.0187 3984        CmdIde - ok

17:46:51.0203 3984        COMSysApp - ok

17:46:51.0234 3984        Cpqarray - ok

17:46:51.0281 3984        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

17:46:51.0406 3984        CryptSvc - ok

17:46:51.0421 3984        ctac32k - ok

17:46:51.0468 3984        ctdvda2k        (5a0eeb00b02fc78605aa9d3590b24978) C:\WINDOWS\system32\drivers\ctdvda2k.sys

17:46:51.0484 3984        ctdvda2k ( UnsignedFile.Multi.Generic ) - warning

17:46:51.0484 3984        ctdvda2k - detected UnsignedFile.Multi.Generic (1)

17:46:51.0500 3984        ctprxy2k - ok

17:46:51.0515 3984        ctsfm2k - ok

17:46:51.0515 3984        dac2w2k - ok

17:46:51.0531 3984        dac960nt - ok

17:46:51.0578 3984        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

17:46:51.0625 3984        DcomLaunch - ok

17:46:51.0656 3984        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

17:46:51.0781 3984        Dhcp - ok

17:46:51.0812 3984        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:46:51.0953 3984        Disk - ok

17:46:51.0968 3984        dmadmin - ok

17:46:52.0015 3984        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

17:46:52.0156 3984        dmboot - ok

17:46:52.0203 3984        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

17:46:52.0312 3984        dmio - ok

17:46:52.0343 3984        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:46:52.0453 3984        dmload - ok

17:46:52.0484 3984        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

17:46:52.0609 3984        dmserver - ok

17:46:52.0625 3984        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:46:52.0750 3984        DMusic - ok

17:46:52.0781 3984        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

17:46:52.0843 3984        Dnscache - ok

17:46:52.0875 3984        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

17:46:53.0000 3984        Dot3svc - ok

17:46:53.0031 3984        dpti2o - ok

17:46:53.0078 3984        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:46:53.0203 3984        drmkaud - ok

17:46:53.0218 3984        e1express       (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

17:46:53.0265 3984        e1express - ok

17:46:53.0312 3984        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

17:46:53.0437 3984        EapHost - ok

17:46:53.0468 3984        ehRecvr         (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe

17:46:53.0515 3984        ehRecvr - ok

17:46:53.0546 3984        ehSched         (e774bf24a6cb798dce67ad1c8e917152) C:\WINDOWS\eHome\ehSched.exe

17:46:53.0562 3984        ehSched - ok

17:46:53.0593 3984        emupia - ok

17:46:53.0640 3984        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

17:46:53.0765 3984        ERSvc - ok

17:46:53.0796 3984        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

17:46:53.0843 3984        Eventlog - ok

17:46:53.0875 3984        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

17:46:53.0906 3984        EventSystem - ok

17:46:53.0953 3984        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:46:54.0078 3984        Fastfat - ok

17:46:54.0140 3984        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

17:46:54.0171 3984        FastUserSwitchingCompatibility - ok

17:46:54.0187 3984        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

17:46:54.0312 3984        Fdc - ok

17:46:54.0343 3984        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

17:46:54.0468 3984        Fips - ok

17:46:54.0468 3984        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

17:46:54.0593 3984        Flpydisk - ok

17:46:54.0625 3984        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:46:54.0765 3984        FltMgr - ok

17:46:54.0828 3984        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

17:46:54.0843 3984        FontCache3.0.0.0 - ok

17:46:54.0875 3984        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:46:55.0000 3984        Fs_Rec - ok

17:46:55.0015 3984        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:46:55.0156 3984        Ftdisk - ok

17:46:55.0187 3984        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:46:55.0312 3984        Gpc - ok

17:46:55.0359 3984        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe

17:46:55.0359 3984        gupdate - ok

17:46:55.0375 3984        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe

17:46:55.0390 3984        gupdatem - ok

17:46:55.0421 3984        Gupta SQLBase Advoware - ok

17:46:55.0468 3984        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:46:55.0593 3984        HDAudBus - ok

17:46:55.0640 3984        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

17:46:55.0750 3984        helpsvc - ok

17:46:55.0812 3984        HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll

17:46:55.0921 3984        HidServ - ok

17:46:55.0937 3984        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:46:56.0062 3984        hidusb - ok

17:46:56.0093 3984        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

17:46:56.0218 3984        hkmsvc - ok

17:46:56.0234 3984        hpn - ok

17:46:56.0265 3984        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:46:56.0296 3984        HTTP - ok

17:46:56.0328 3984        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

17:46:56.0453 3984        HTTPFilter - ok

17:46:56.0468 3984        i2omgmt - ok

17:46:56.0484 3984        i2omp - ok

17:46:56.0515 3984        iastor          (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys

17:46:56.0546 3984        iastor - ok

17:46:56.0640 3984        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

17:46:56.0640 3984        IDriverT ( UnsignedFile.Multi.Generic ) - warning

17:46:56.0640 3984        IDriverT - detected UnsignedFile.Multi.Generic (1)

17:46:56.0765 3984        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:46:56.0812 3984        idsvc - ok

17:46:56.0906 3984        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:46:57.0015 3984        Imapi - ok

17:46:57.0046 3984        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

17:46:57.0171 3984        ImapiService - ok

17:46:57.0187 3984        ini910u - ok

17:46:57.0203 3984        IntelIde - ok

17:46:57.0250 3984        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:46:57.0359 3984        intelppm - ok

17:46:57.0390 3984        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:46:57.0500 3984        Ip6Fw - ok

17:46:57.0531 3984        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:46:57.0640 3984        IpFilterDriver - ok

17:46:57.0656 3984        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:46:57.0781 3984        IpInIp - ok

17:46:57.0828 3984        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:46:57.0937 3984        IpNat - ok

17:46:57.0968 3984        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:46:58.0093 3984        IPSec - ok

17:46:58.0109 3984        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:46:58.0234 3984        IRENUM - ok

17:46:58.0250 3984        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:46:58.0359 3984        isapnp - ok

17:46:58.0468 3984        JavaQuickStarterService (91061352084424820ac6268808cb8ee3) C:\Programme\Java\jre6\bin\jqs.exe

17:46:58.0484 3984        JavaQuickStarterService - ok

17:46:58.0546 3984        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:46:58.0656 3984        Kbdclass - ok

17:46:58.0703 3984        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:46:58.0843 3984        kbdhid - ok

17:46:58.0859 3984        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:46:58.0984 3984        kmixer - ok

17:46:59.0015 3984        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:46:59.0062 3984        KSecDD - ok

17:46:59.0093 3984        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

17:46:59.0140 3984        lanmanserver - ok

17:46:59.0156 3984        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

17:46:59.0187 3984        lanmanworkstation - ok

17:46:59.0281 3984        Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

17:46:59.0359 3984        Lavasoft Ad-Aware Service - ok

17:46:59.0390 3984        Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys

17:46:59.0390 3984        Lavasoft Kernexplorer - ok

17:46:59.0453 3984        Lbd             (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

17:46:59.0468 3984        Lbd - ok

17:46:59.0515 3984        lbrtfdc - ok

17:46:59.0546 3984        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

17:46:59.0671 3984        LmHosts - ok

17:46:59.0734 3984        MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

17:46:59.0750 3984        MBAMProtector - ok

17:46:59.0812 3984        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

17:46:59.0843 3984        MBAMService - ok

17:46:59.0906 3984        McrdSvc         (52404cc76e9d53843bdf97564bb16bed) C:\WINDOWS\ehome\mcrdsvc.exe

17:46:59.0937 3984        McrdSvc - ok

17:46:59.0953 3984        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

17:47:00.0078 3984        Messenger - ok

17:47:00.0109 3984        MHN             (ded60230e3019c508769ec3c15bcda44) C:\WINDOWS\System32\mhn.dll

17:47:00.0125 3984        MHN ( UnsignedFile.Multi.Generic ) - warning

17:47:00.0125 3984        MHN - detected UnsignedFile.Multi.Generic (1)

17:47:00.0125 3984        MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

17:47:00.0140 3984        MHNDRV ( UnsignedFile.Multi.Generic ) - warning

17:47:00.0140 3984        MHNDRV - detected UnsignedFile.Multi.Generic (1)

17:47:00.0171 3984        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:47:00.0296 3984        mnmdd - ok

17:47:00.0312 3984        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

17:47:00.0453 3984        mnmsrvc - ok

17:47:00.0500 3984        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

17:47:00.0609 3984        Modem - ok

17:47:00.0671 3984        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:47:00.0796 3984        Mouclass - ok

17:47:00.0828 3984        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:47:00.0953 3984        mouhid - ok

17:47:00.0968 3984        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:47:01.0078 3984        MountMgr - ok

17:47:01.0093 3984        mraid35x - ok

17:47:01.0125 3984        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:47:01.0265 3984        MRxDAV - ok

17:47:01.0296 3984        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:47:01.0343 3984        MRxSmb - ok

17:47:01.0375 3984        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

17:47:01.0500 3984        MSDTC - ok

17:47:01.0515 3984        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:47:01.0640 3984        Msfs - ok

17:47:01.0656 3984        MSIServer - ok

17:47:01.0687 3984        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:47:01.0812 3984        MSKSSRV - ok

17:47:01.0828 3984        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:47:01.0953 3984        MSPCLOCK - ok

17:47:01.0968 3984        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:47:02.0093 3984        MSPQM - ok

17:47:02.0125 3984        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:47:02.0250 3984        mssmbios - ok

17:47:02.0281 3984        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:47:02.0312 3984        Mup - ok

17:47:02.0359 3984        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

17:47:02.0500 3984        napagent - ok

17:47:02.0546 3984        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:47:02.0656 3984        NDIS - ok

17:47:02.0703 3984        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:47:02.0750 3984        NdisTapi - ok

17:47:02.0765 3984        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:47:02.0890 3984        Ndisuio - ok

17:47:02.0906 3984        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:47:03.0015 3984        NdisWan - ok

17:47:03.0062 3984        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:47:03.0109 3984        NDProxy - ok

17:47:03.0140 3984        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:47:03.0265 3984        NetBIOS - ok

17:47:03.0296 3984        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:47:03.0406 3984        NetBT - ok

17:47:03.0437 3984        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

17:47:03.0578 3984        NetDDE - ok

17:47:03.0578 3984        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

17:47:03.0703 3984        NetDDEdsdm - ok

17:47:03.0750 3984        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:47:03.0859 3984        Netlogon - ok

17:47:03.0921 3984        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

17:47:04.0046 3984        Netman - ok

17:47:04.0078 3984        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:47:04.0093 3984        NetTcpPortSharing - ok

17:47:04.0125 3984        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

17:47:04.0171 3984        Nla - ok

17:47:04.0218 3984        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:47:04.0328 3984        Npfs - ok

17:47:04.0359 3984        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:47:04.0500 3984        Ntfs - ok

17:47:04.0515 3984        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:47:04.0640 3984        NtLmSsp - ok

17:47:04.0687 3984        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

17:47:04.0828 3984        NtmsSvc - ok

17:47:04.0875 3984        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:47:04.0984 3984        Null - ok

17:47:05.0031 3984        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:47:05.0156 3984        NwlnkFlt - ok

17:47:05.0171 3984        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:47:05.0281 3984        NwlnkFwd - ok

17:47:05.0375 3984        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE

17:47:05.0421 3984        odserv - ok

17:47:05.0453 3984        ose             (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

17:47:05.0468 3984        ose - ok

17:47:05.0500 3984        ossrv - ok

17:47:05.0531 3984        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys

17:47:05.0656 3984        Parport - ok

17:47:05.0687 3984        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:47:05.0812 3984        PartMgr - ok

17:47:05.0828 3984        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

17:47:05.0953 3984        ParVdm - ok

17:47:05.0984 3984        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

17:47:06.0109 3984        PCI - ok

17:47:06.0109 3984        PCIDump - ok

17:47:06.0140 3984        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:47:06.0265 3984        PCIIde - ok

17:47:06.0296 3984        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:47:06.0421 3984        Pcmcia - ok

17:47:06.0421 3984        PDCOMP - ok

17:47:06.0437 3984        PDFRAME - ok

17:47:06.0453 3984        PDRELI - ok

17:47:06.0453 3984        PDRFRAME - ok

17:47:06.0468 3984        perc2 - ok

17:47:06.0468 3984        perc2hib - ok

17:47:06.0515 3984        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

17:47:06.0562 3984        PlugPlay - ok

17:47:06.0593 3984        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:47:06.0703 3984        PolicyAgent - ok

17:47:06.0750 3984        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:47:06.0875 3984        PptpMiniport - ok

17:47:06.0875 3984        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:47:07.0000 3984        ProtectedStorage - ok

17:47:07.0000 3984        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:47:07.0125 3984        PSched - ok

17:47:07.0140 3984        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:47:07.0265 3984        Ptilink - ok

17:47:07.0296 3984        PxHelp20        (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys

17:47:07.0328 3984        PxHelp20 - ok

17:47:07.0343 3984        ql1080 - ok

17:47:07.0343 3984        Ql10wnt - ok

17:47:07.0359 3984        ql12160 - ok

17:47:07.0359 3984        ql1240 - ok

17:47:07.0375 3984        ql1280 - ok

17:47:07.0390 3984        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:47:07.0515 3984        RasAcd - ok

17:47:07.0546 3984        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

17:47:07.0671 3984        RasAuto - ok

17:47:07.0718 3984        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:47:07.0843 3984        Rasl2tp - ok

17:47:07.0875 3984        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

17:47:08.0000 3984        RasMan - ok

17:47:08.0015 3984        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:47:08.0125 3984        RasPppoe - ok

17:47:08.0140 3984        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:47:08.0265 3984        Raspti - ok

17:47:08.0296 3984        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:47:08.0421 3984        Rdbss - ok

17:47:08.0437 3984        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:47:08.0546 3984        RDPCDD - ok

17:47:08.0562 3984        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:47:08.0703 3984        rdpdr - ok

17:47:08.0750 3984        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

17:47:08.0781 3984        RDPWD - ok

17:47:08.0828 3984        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

17:47:08.0953 3984        RDSessMgr - ok

17:47:08.0984 3984        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:47:09.0093 3984        redbook - ok

17:47:09.0140 3984        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

17:47:09.0265 3984        RemoteAccess - ok

17:47:09.0312 3984        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll

17:47:09.0421 3984        RemoteRegistry - ok

17:47:09.0453 3984        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

17:47:09.0578 3984        RpcLocator - ok

17:47:09.0625 3984        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

17:47:09.0671 3984        RpcSs - ok

17:47:09.0718 3984        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

17:47:09.0859 3984        RSVP - ok

17:47:09.0890 3984        RTLWUSB         (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys

17:47:09.0921 3984        RTLWUSB - ok

17:47:09.0953 3984        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:47:10.0062 3984        SamSs - ok

17:47:10.0078 3984        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

17:47:10.0203 3984        SCardSvr - ok

17:47:10.0265 3984        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

17:47:10.0375 3984        Schedule - ok

17:47:10.0437 3984        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:47:10.0546 3984        Secdrv - ok

17:47:10.0593 3984        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

17:47:10.0718 3984        seclogon - ok

17:47:10.0765 3984        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

17:47:10.0890 3984        SENS - ok

17:47:10.0937 3984        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys

17:47:11.0046 3984        Serial - ok

17:47:11.0078 3984        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:47:11.0187 3984        Sfloppy - ok

17:47:11.0234 3984        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

17:47:11.0359 3984        SharedAccess - ok

17:47:11.0390 3984        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

17:47:11.0421 3984        ShellHWDetection - ok

17:47:11.0437 3984        Simbad - ok

17:47:11.0453 3984        Sparrow - ok

17:47:11.0484 3984        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:47:11.0609 3984        splitter - ok

17:47:11.0656 3984        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

17:47:11.0703 3984        Spooler - ok

17:47:11.0734 3984        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

17:47:11.0843 3984        sr - ok

17:47:11.0890 3984        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

17:47:12.0015 3984        srservice - ok

17:47:12.0046 3984        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:47:12.0078 3984        Srv - ok

17:47:12.0109 3984        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

17:47:12.0234 3984        SSDPSRV - ok

17:47:12.0265 3984        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

17:47:12.0281 3984        ssmdrv - ok

17:47:12.0312 3984        STHDA           (0aa91bbe468b3f46072091f18003ecaa) C:\WINDOWS\system32\drivers\sthda.sys

17:47:12.0390 3984        STHDA - ok

17:47:12.0484 3984        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

17:47:12.0593 3984        stisvc - ok

17:47:12.0640 3984        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:47:12.0765 3984        swenum - ok

17:47:12.0781 3984        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:47:12.0906 3984        swmidi - ok

17:47:12.0906 3984        SwPrv - ok

17:47:12.0921 3984        symc810 - ok

17:47:12.0937 3984        symc8xx - ok

17:47:12.0937 3984        sym_hi - ok

17:47:12.0953 3984        sym_u3 - ok

17:47:12.0968 3984        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:47:13.0078 3984        sysaudio - ok

17:47:13.0109 3984        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

17:47:13.0250 3984        SysmonLog - ok

17:47:13.0281 3984        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

17:47:13.0406 3984        TapiSrv - ok

17:47:13.0437 3984        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:47:13.0484 3984        Tcpip - ok

17:47:13.0500 3984        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:47:13.0609 3984        TDPIPE - ok

17:47:13.0671 3984        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:47:13.0781 3984        TDTCP - ok

17:47:13.0812 3984        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:47:13.0921 3984        TermDD - ok

17:47:13.0968 3984        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

17:47:14.0093 3984        TermService - ok

17:47:14.0140 3984        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

17:47:14.0156 3984        Themes - ok

17:47:14.0171 3984        TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe

17:47:14.0296 3984        TlntSvr - ok

17:47:14.0328 3984        TosIde - ok

17:47:14.0359 3984        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

17:47:14.0484 3984        TrkWks - ok

17:47:14.0515 3984        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:47:14.0625 3984        Udfs - ok

17:47:14.0640 3984        ultra - ok

17:47:14.0671 3984        UMWdf           (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe

17:47:14.0796 3984        UMWdf - ok

17:47:14.0890 3984        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:47:15.0031 3984        Update - ok

17:47:15.0078 3984        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

17:47:15.0218 3984        upnphost - ok

17:47:15.0250 3984        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

17:47:15.0359 3984        UPS - ok

17:47:15.0390 3984        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:47:15.0515 3984        usbccgp - ok

17:47:15.0562 3984        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:47:15.0687 3984        usbehci - ok

17:47:15.0703 3984        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:47:15.0812 3984        usbhub - ok

17:47:15.0828 3984        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:47:15.0953 3984        usbprint - ok

17:47:15.0968 3984        usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:47:16.0078 3984        usbstor - ok

17:47:16.0109 3984        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:47:16.0234 3984        usbuhci - ok

17:47:16.0296 3984        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:47:16.0406 3984        VgaSave - ok

17:47:16.0421 3984        ViaIde - ok

17:47:16.0437 3984        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

17:47:16.0562 3984        VolSnap - ok

17:47:16.0609 3984        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

17:47:16.0765 3984        VSS - ok

17:47:16.0781 3984        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

17:47:16.0906 3984        W32Time - ok

17:47:16.0953 3984        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:47:17.0062 3984        Wanarp - ok

17:47:17.0078 3984        WDICA - ok

17:47:17.0093 3984        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:47:17.0218 3984        wdmaud - ok

17:47:17.0250 3984        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

17:47:17.0375 3984        WebClient - ok

17:47:17.0406 3984        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

17:47:17.0515 3984        winmgmt - ok

17:47:17.0593 3984        WmdmPmSN        (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll

17:47:17.0609 3984        WmdmPmSN - ok

17:47:17.0671 3984        Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll

17:47:17.0734 3984        Wmi - ok

17:47:17.0765 3984        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

17:47:17.0875 3984        WmiApSrv - ok

17:47:17.0906 3984        WpdUsb          (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys

17:47:17.0937 3984        WpdUsb - ok

17:47:17.0968 3984        WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

17:47:18.0078 3984        WS2IFSL - ok

17:47:18.0125 3984        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

17:47:18.0250 3984        wscsvc - ok

17:47:18.0281 3984        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

17:47:18.0406 3984        wuauserv - ok

17:47:18.0453 3984        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

17:47:18.0593 3984        WZCSVC - ok

17:47:18.0671 3984        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

17:47:18.0796 3984        xmlprov - ok

17:47:18.0828 3984        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

17:47:19.0015 3984        \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:47:19.0015 3984        \Device\Harddisk0\DR0 - detected TDSS File System (1)

17:47:19.0015 3984        Boot (0x1200)   (2aaf8028c97de81c932314d032565c66) \Device\Harddisk0\DR0\Partition0

17:47:19.0015 3984        \Device\Harddisk0\DR0\Partition0 - ok

17:47:19.0046 3984        Boot (0x1200)   (f32f02e405acd54e59b1ca0c79cbeaeb) \Device\Harddisk0\DR0\Partition1

17:47:19.0046 3984        \Device\Harddisk0\DR0\Partition1 - ok

17:47:19.0046 3984        ============================================================

17:47:19.0046 3984        Scan finished

17:47:19.0046 3984        ============================================================

17:47:19.0156 3416        Detected object count: 8

17:47:19.0156 3416        Actual detected object count: 8

17:48:47.0578 3416        AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

17:48:47.0578 3416        AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:48:47.0578 3416        ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user

17:48:47.0578 3416        ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:48:47.0593 3416        cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

17:48:47.0593 3416        cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:48:47.0593 3416        ctdvda2k ( UnsignedFile.Multi.Generic ) - skipped by user

17:48:47.0593 3416        ctdvda2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:48:47.0593 3416        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

17:48:47.0593 3416        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:48:47.0593 3416        MHN ( UnsignedFile.Multi.Generic ) - skipped by user

17:48:47.0593 3416        MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:48:47.0609 3416        MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

17:48:47.0609 3416        MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:48:47.0609 3416        \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

17:48:47.0609 3416        \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 

17:49:45.0515 2808        Deinitialize success

Zitat:

17:48:47.0609 3416 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Das TDSS File System bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

So, der TDSS-Eintrag ist gelöscht, hier der neue LOG:

Code:

16:37:07.0703 3912        TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20

16:37:14.0390 3912        ============================================================

16:37:14.0390 3912        Current date / time: 2012/04/20 16:37:14.0390

16:37:14.0390 3912        SystemInfo:

16:37:14.0390 3912        

16:37:14.0390 3912        OS Version: 5.1.2600 ServicePack: 3.0

16:37:14.0390 3912        Product type: Workstation

16:37:14.0390 3912        ComputerName: THOMAS-8157C8E2

16:37:14.0390 3912        UserName: T****

16:37:14.0390 3912        Windows directory: C:\WINDOWS

16:37:14.0390 3912        System windows directory: C:\WINDOWS

16:37:14.0390 3912        Processor architecture: Intel x86

16:37:14.0390 3912        Number of processors: 2

16:37:14.0390 3912        Page size: 0x1000

16:37:14.0390 3912        Boot type: Normal boot

16:37:14.0390 3912        ============================================================

16:37:14.0796 3912        Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

16:37:14.0843 3912        \Device\Harddisk0\DR0:

16:37:14.0843 3912        MBR partitions:

16:37:14.0843 3912        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D3C74

16:37:14.0859 3912        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30D3CF2, BlocksNum 0x1A0D1287

16:37:14.0875 3912        C: <-> \Device\Harddisk0\DR0\Partition0

16:37:14.0921 3912        D: <-> \Device\Harddisk0\DR0\Partition1

16:37:14.0921 3912        Initialize success

16:37:14.0921 3912        ============================================================

16:37:22.0031 2940        ============================================================

16:37:22.0031 2940        Scan started

16:37:22.0031 2940        Mode: Manual; SigCheck; TDLFS; 

16:37:22.0031 2940        ============================================================

16:37:22.0187 2940        Abiosdsk - ok

16:37:22.0218 2940        abp480n5 - ok

16:37:22.0265 2940        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:37:23.0078 2940        ACPI - ok

16:37:23.0156 2940        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

16:37:23.0296 2940        ACPIEC - ok

16:37:23.0312 2940        adpu160m - ok

16:37:23.0359 2940        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

16:37:23.0500 2940        aec - ok

16:37:23.0531 2940        AegisP          (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

16:37:23.0546 2940        AegisP ( UnsignedFile.Multi.Generic ) - warning

16:37:23.0546 2940        AegisP - detected UnsignedFile.Multi.Generic (1)

16:37:23.0578 2940        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

16:37:23.0640 2940        AFD - ok

16:37:23.0640 2940        Aha154x - ok

16:37:23.0656 2940        aic78u2 - ok

16:37:23.0656 2940        aic78xx - ok

16:37:23.0703 2940        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

16:37:23.0843 2940        Alerter - ok

16:37:23.0875 2940        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

16:37:24.0000 2940        ALG - ok

16:37:24.0015 2940        AliIde - ok

16:37:24.0031 2940        amsint - ok

16:37:24.0078 2940        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe

16:37:24.0093 2940        AntiVirSchedulerService - ok

16:37:24.0109 2940        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe

16:37:24.0140 2940        AntiVirService - ok

16:37:24.0203 2940        AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll

16:37:24.0359 2940        AppMgmt - ok

16:37:24.0375 2940        asc - ok

16:37:24.0390 2940        asc3350p - ok

16:37:24.0406 2940        asc3550 - ok

16:37:24.0484 2940        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

16:37:24.0500 2940        aspnet_state - ok

16:37:24.0531 2940        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:37:24.0656 2940        AsyncMac - ok

16:37:24.0671 2940        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

16:37:24.0828 2940        atapi - ok

16:37:24.0828 2940        Atdisk - ok

16:37:24.0875 2940        Ati HotKey Poller (40f02b8460ac817ea0cea2e0cab4c2ed) C:\WINDOWS\system32\Ati2evxx.exe

16:37:24.0921 2940        Ati HotKey Poller - ok

16:37:24.0968 2940        ATI Smart       (d41eb535e2b2d8872463e5f59f215d4e) C:\WINDOWS\system32\ati2sgag.exe

16:37:25.0000 2940        ATI Smart ( UnsignedFile.Multi.Generic ) - warning

16:37:25.0000 2940        ATI Smart - detected UnsignedFile.Multi.Generic (1)

16:37:25.0062 2940        ati2mtag        (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

16:37:25.0125 2940        ati2mtag - ok

16:37:25.0156 2940        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:37:25.0296 2940        Atmarpc - ok

16:37:25.0328 2940        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

16:37:25.0468 2940        AudioSrv - ok

16:37:25.0484 2940        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

16:37:25.0625 2940        audstub - ok

16:37:25.0671 2940        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys

16:37:25.0671 2940        avgio - ok

16:37:25.0703 2940        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

16:37:25.0734 2940        avgntflt - ok

16:37:25.0750 2940        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

16:37:25.0765 2940        avipbb - ok

16:37:25.0796 2940        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

16:37:25.0937 2940        Beep - ok

16:37:25.0984 2940        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

16:37:26.0140 2940        BITS - ok

16:37:26.0203 2940        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

16:37:26.0359 2940        Browser - ok

16:37:26.0390 2940        BrScnUsb        (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys

16:37:26.0421 2940        BrScnUsb - ok

16:37:26.0453 2940        BrSerIf         (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys

16:37:26.0484 2940        BrSerIf - ok

16:37:26.0500 2940        BrUsbSer        (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys

16:37:26.0531 2940        BrUsbSer - ok

16:37:26.0546 2940        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

16:37:26.0687 2940        cbidf2k - ok

16:37:26.0703 2940        cd20xrnt - ok

16:37:26.0718 2940        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

16:37:26.0859 2940        Cdaudio - ok

16:37:26.0890 2940        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

16:37:27.0031 2940        Cdfs - ok

16:37:27.0046 2940        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:37:27.0187 2940        Cdrom - ok

16:37:27.0218 2940        cercsr6         (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

16:37:27.0234 2940        cercsr6 ( UnsignedFile.Multi.Generic ) - warning

16:37:27.0234 2940        cercsr6 - detected UnsignedFile.Multi.Generic (1)

16:37:27.0234 2940        Changer - ok

16:37:27.0265 2940        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

16:37:27.0406 2940        CiSvc - ok

16:37:27.0421 2940        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

16:37:27.0578 2940        ClipSrv - ok

16:37:27.0625 2940        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:37:27.0640 2940        clr_optimization_v2.0.50727_32 - ok

16:37:27.0687 2940        CmdIde - ok

16:37:27.0687 2940        COMSysApp - ok

16:37:27.0718 2940        Cpqarray - ok

16:37:27.0750 2940        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

16:37:27.0890 2940        CryptSvc - ok

16:37:27.0906 2940        ctac32k - ok

16:37:27.0937 2940        ctdvda2k        (5a0eeb00b02fc78605aa9d3590b24978) C:\WINDOWS\system32\drivers\ctdvda2k.sys

16:37:27.0984 2940        ctdvda2k ( UnsignedFile.Multi.Generic ) - warning

16:37:27.0984 2940        ctdvda2k - detected UnsignedFile.Multi.Generic (1)

16:37:28.0000 2940        ctprxy2k - ok

16:37:28.0015 2940        ctsfm2k - ok

16:37:28.0015 2940        dac2w2k - ok

16:37:28.0031 2940        dac960nt - ok

16:37:28.0078 2940        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

16:37:28.0140 2940        DcomLaunch - ok

16:37:28.0171 2940        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

16:37:28.0312 2940        Dhcp - ok

16:37:28.0343 2940        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

16:37:28.0468 2940        Disk - ok

16:37:28.0484 2940        dmadmin - ok

16:37:28.0515 2940        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

16:37:28.0687 2940        dmboot - ok

16:37:28.0718 2940        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

16:37:28.0843 2940        dmio - ok

16:37:28.0859 2940        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

16:37:29.0000 2940        dmload - ok

16:37:29.0031 2940        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

16:37:29.0171 2940        dmserver - ok

16:37:29.0203 2940        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

16:37:29.0343 2940        DMusic - ok

16:37:29.0375 2940        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

16:37:29.0437 2940        Dnscache - ok

16:37:29.0484 2940        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

16:37:29.0625 2940        Dot3svc - ok

16:37:29.0640 2940        dpti2o - ok

16:37:29.0671 2940        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

16:37:29.0812 2940        drmkaud - ok

16:37:29.0859 2940        e1express       (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

16:37:29.0890 2940        e1express - ok

16:37:29.0921 2940        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

16:37:30.0062 2940        EapHost - ok

16:37:30.0109 2940        ehRecvr         (8301243bde5b6cd316d79c0191d50d9a) C:\WINDOWS\eHome\ehRecvr.exe

16:37:30.0140 2940        ehRecvr - ok

16:37:30.0171 2940        ehSched         (e774bf24a6cb798dce67ad1c8e917152) C:\WINDOWS\eHome\ehSched.exe

16:37:30.0203 2940        ehSched - ok

16:37:30.0218 2940        emupia - ok

16:37:30.0250 2940        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

16:37:30.0390 2940        ERSvc - ok

16:37:30.0421 2940        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

16:37:30.0468 2940        Eventlog - ok

16:37:30.0500 2940        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

16:37:30.0531 2940        EventSystem - ok

16:37:30.0593 2940        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

16:37:30.0734 2940        Fastfat - ok

16:37:30.0765 2940        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

16:37:30.0796 2940        FastUserSwitchingCompatibility - ok

16:37:30.0828 2940        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

16:37:30.0953 2940        Fdc - ok

16:37:31.0000 2940        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

16:37:31.0140 2940        Fips - ok

16:37:31.0156 2940        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

16:37:31.0281 2940        Flpydisk - ok

16:37:31.0343 2940        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

16:37:31.0468 2940        FltMgr - ok

16:37:31.0546 2940        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

16:37:31.0562 2940        FontCache3.0.0.0 - ok

16:37:31.0593 2940        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:37:31.0718 2940        Fs_Rec - ok

16:37:31.0734 2940        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:37:31.0890 2940        Ftdisk - ok

16:37:31.0921 2940        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:37:32.0078 2940        Gpc - ok

16:37:32.0109 2940        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe

16:37:32.0125 2940        gupdate - ok

16:37:32.0140 2940        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe

16:37:32.0156 2940        gupdatem - ok

16:37:32.0187 2940        Gupta SQLBase Advoware - ok

16:37:32.0218 2940        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

16:37:32.0359 2940        HDAudBus - ok

16:37:32.0390 2940        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

16:37:32.0531 2940        helpsvc - ok

16:37:32.0578 2940        HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll

16:37:32.0703 2940        HidServ - ok

16:37:32.0718 2940        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

16:37:32.0859 2940        hidusb - ok

16:37:32.0890 2940        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

16:37:33.0046 2940        hkmsvc - ok

16:37:33.0062 2940        hpn - ok

16:37:33.0109 2940        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

16:37:33.0140 2940        HTTP - ok

16:37:33.0187 2940        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

16:37:33.0328 2940        HTTPFilter - ok

16:37:33.0343 2940        i2omgmt - ok

16:37:33.0343 2940        i2omp - ok

16:37:33.0375 2940        iastor          (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys

16:37:33.0406 2940        iastor - ok

16:37:33.0484 2940        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

16:37:33.0500 2940        IDriverT ( UnsignedFile.Multi.Generic ) - warning

16:37:33.0500 2940        IDriverT - detected UnsignedFile.Multi.Generic (1)

16:37:33.0593 2940        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

16:37:33.0656 2940        idsvc - ok

16:37:33.0734 2940        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

16:37:33.0875 2940        Imapi - ok

16:37:33.0906 2940        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

16:37:34.0046 2940        ImapiService - ok

16:37:34.0062 2940        ini910u - ok

16:37:34.0078 2940        IntelIde - ok

16:37:34.0125 2940        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

16:37:34.0265 2940        intelppm - ok

16:37:34.0296 2940        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

16:37:34.0421 2940        Ip6Fw - ok

16:37:34.0453 2940        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:37:34.0593 2940        IpFilterDriver - ok

16:37:34.0609 2940        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:37:34.0734 2940        IpInIp - ok

16:37:34.0765 2940        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:37:34.0890 2940        IpNat - ok

16:37:34.0953 2940        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:37:35.0093 2940        IPSec - ok

16:37:35.0125 2940        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

16:37:35.0250 2940        IRENUM - ok

16:37:35.0265 2940        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:37:35.0421 2940        isapnp - ok

16:37:35.0531 2940        JavaQuickStarterService (91061352084424820ac6268808cb8ee3) C:\Programme\Java\jre6\bin\jqs.exe

16:37:35.0546 2940        JavaQuickStarterService - ok

16:37:35.0578 2940        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:37:35.0718 2940        Kbdclass - ok

16:37:35.0750 2940        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

16:37:35.0890 2940        kbdhid - ok

16:37:35.0906 2940        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

16:37:36.0046 2940        kmixer - ok

16:37:36.0062 2940        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

16:37:36.0140 2940        KSecDD - ok

16:37:36.0171 2940        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

16:37:36.0234 2940        lanmanserver - ok

16:37:36.0265 2940        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

16:37:36.0296 2940        lanmanworkstation - ok

16:37:36.0390 2940        Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

16:37:36.0515 2940        Lavasoft Ad-Aware Service - ok

16:37:36.0546 2940        Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys

16:37:36.0578 2940        Lavasoft Kernexplorer - ok

16:37:36.0625 2940        Lbd             (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

16:37:36.0640 2940        Lbd - ok

16:37:36.0656 2940        lbrtfdc - ok

16:37:36.0703 2940        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

16:37:36.0843 2940        LmHosts - ok

16:37:36.0875 2940        MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

16:37:36.0890 2940        MBAMProtector - ok

16:37:36.0953 2940        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

16:37:36.0984 2940        MBAMService - ok

16:37:37.0046 2940        McrdSvc         (52404cc76e9d53843bdf97564bb16bed) C:\WINDOWS\ehome\mcrdsvc.exe

16:37:37.0062 2940        McrdSvc - ok

16:37:37.0093 2940        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

16:37:37.0218 2940        Messenger - ok

16:37:37.0250 2940        MHN             (ded60230e3019c508769ec3c15bcda44) C:\WINDOWS\System32\mhn.dll

16:37:37.0265 2940        MHN ( UnsignedFile.Multi.Generic ) - warning

16:37:37.0265 2940        MHN - detected UnsignedFile.Multi.Generic (1)

16:37:37.0296 2940        MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

16:37:37.0312 2940        MHNDRV ( UnsignedFile.Multi.Generic ) - warning

16:37:37.0312 2940        MHNDRV - detected UnsignedFile.Multi.Generic (1)

16:37:37.0343 2940        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

16:37:37.0468 2940        mnmdd - ok

16:37:37.0515 2940        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

16:37:37.0671 2940        mnmsrvc - ok

16:37:37.0718 2940        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

16:37:37.0843 2940        Modem - ok

16:37:37.0859 2940        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:37:38.0000 2940        Mouclass - ok

16:37:38.0015 2940        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

16:37:38.0156 2940        mouhid - ok

16:37:38.0171 2940        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

16:37:38.0312 2940        MountMgr - ok

16:37:38.0343 2940        mraid35x - ok

16:37:38.0375 2940        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:37:38.0515 2940        MRxDAV - ok

16:37:38.0546 2940        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:37:38.0578 2940        MRxSmb - ok

16:37:38.0625 2940        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

16:37:38.0765 2940        MSDTC - ok

16:37:38.0796 2940        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

16:37:38.0937 2940        Msfs - ok

16:37:38.0937 2940        MSIServer - ok

16:37:38.0984 2940        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:37:39.0109 2940        MSKSSRV - ok

16:37:39.0125 2940        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:37:39.0281 2940        MSPCLOCK - ok

16:37:39.0312 2940        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

16:37:39.0453 2940        MSPQM - ok

16:37:39.0468 2940        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:37:39.0609 2940        mssmbios - ok

16:37:39.0656 2940        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

16:37:39.0687 2940        Mup - ok

16:37:39.0734 2940        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

16:37:39.0890 2940        napagent - ok

16:37:39.0953 2940        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

16:37:40.0109 2940        NDIS - ok

16:37:40.0140 2940        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:37:40.0171 2940        NdisTapi - ok

16:37:40.0187 2940        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:37:40.0328 2940        Ndisuio - ok

16:37:40.0343 2940        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:37:40.0484 2940        NdisWan - ok

16:37:40.0500 2940        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

16:37:40.0546 2940        NDProxy - ok

16:37:40.0593 2940        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

16:37:40.0718 2940        NetBIOS - ok

16:37:40.0750 2940        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

16:37:40.0890 2940        NetBT - ok

16:37:40.0921 2940        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

16:37:41.0062 2940        NetDDE - ok

16:37:41.0078 2940        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

16:37:41.0218 2940        NetDDEdsdm - ok

16:37:41.0234 2940        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

16:37:41.0375 2940        Netlogon - ok

16:37:41.0421 2940        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

16:37:41.0562 2940        Netman - ok

16:37:41.0625 2940        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:37:41.0640 2940        NetTcpPortSharing - ok

16:37:41.0671 2940        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

16:37:41.0718 2940        Nla - ok

16:37:41.0734 2940        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

16:37:41.0859 2940        Npfs - ok

16:37:41.0890 2940        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

16:37:42.0062 2940        Ntfs - ok

16:37:42.0078 2940        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

16:37:42.0218 2940        NtLmSsp - ok

16:37:42.0265 2940        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

16:37:42.0406 2940        NtmsSvc - ok

16:37:42.0437 2940        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

16:37:42.0578 2940        Null - ok

16:37:42.0593 2940        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:37:42.0734 2940        NwlnkFlt - ok

16:37:42.0750 2940        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:37:42.0875 2940        NwlnkFwd - ok

16:37:42.0953 2940        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE

16:37:43.0000 2940        odserv - ok

16:37:43.0046 2940        ose             (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

16:37:43.0062 2940        ose - ok

16:37:43.0093 2940        ossrv - ok

16:37:43.0140 2940        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys

16:37:43.0281 2940        Parport - ok

16:37:43.0312 2940        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

16:37:43.0437 2940        PartMgr - ok

16:37:43.0484 2940        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

16:37:43.0609 2940        ParVdm - ok

16:37:43.0640 2940        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

16:37:43.0765 2940        PCI - ok

16:37:43.0796 2940        PCIDump - ok

16:37:43.0812 2940        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

16:37:43.0953 2940        PCIIde - ok

16:37:44.0000 2940        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

16:37:44.0140 2940        Pcmcia - ok

16:37:44.0140 2940        PDCOMP - ok

16:37:44.0156 2940        PDFRAME - ok

16:37:44.0156 2940        PDRELI - ok

16:37:44.0171 2940        PDRFRAME - ok

16:37:44.0187 2940        perc2 - ok

16:37:44.0203 2940        perc2hib - ok

16:37:44.0250 2940        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

16:37:44.0296 2940        PlugPlay - ok

16:37:44.0328 2940        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

16:37:44.0453 2940        PolicyAgent - ok

16:37:44.0500 2940        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

16:37:44.0640 2940        PptpMiniport - ok

16:37:44.0640 2940        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

16:37:44.0765 2940        ProtectedStorage - ok

16:37:44.0781 2940        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

16:37:44.0906 2940        PSched - ok

16:37:44.0921 2940        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

16:37:45.0062 2940        Ptilink - ok

16:37:45.0078 2940        PxHelp20        (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys

16:37:45.0109 2940        PxHelp20 - ok

16:37:45.0140 2940        ql1080 - ok

16:37:45.0156 2940        Ql10wnt - ok

16:37:45.0156 2940        ql12160 - ok

16:37:45.0171 2940        ql1240 - ok

16:37:45.0187 2940        ql1280 - ok

16:37:45.0203 2940        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

16:37:45.0343 2940        RasAcd - ok

16:37:45.0375 2940        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

16:37:45.0515 2940        RasAuto - ok

16:37:45.0546 2940        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:37:45.0687 2940        Rasl2tp - ok

16:37:45.0718 2940        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

16:37:45.0859 2940        RasMan - ok

16:37:45.0875 2940        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:37:46.0015 2940        RasPppoe - ok

16:37:46.0015 2940        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

16:37:46.0156 2940        Raspti - ok

16:37:46.0187 2940        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

16:37:46.0328 2940        Rdbss - ok

16:37:46.0343 2940        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:37:46.0468 2940        RDPCDD - ok

16:37:46.0500 2940        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

16:37:46.0640 2940        rdpdr - ok

16:37:46.0687 2940        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

16:37:46.0734 2940        RDPWD - ok

16:37:46.0750 2940        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

16:37:46.0890 2940        RDSessMgr - ok

16:37:46.0921 2940        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

16:37:47.0046 2940        redbook - ok

16:37:47.0093 2940        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

16:37:47.0218 2940        RemoteAccess - ok

16:37:47.0281 2940        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll

16:37:47.0421 2940        RemoteRegistry - ok

16:37:47.0453 2940        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

16:37:47.0593 2940        RpcLocator - ok

16:37:47.0625 2940        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

16:37:47.0687 2940        RpcSs - ok

16:37:47.0718 2940        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

16:37:47.0859 2940        RSVP - ok

16:37:47.0906 2940        RTLWUSB         (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys

16:37:47.0953 2940        RTLWUSB - ok

16:37:47.0968 2940        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

16:37:48.0109 2940        SamSs - ok

16:37:48.0125 2940        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

16:37:48.0265 2940        SCardSvr - ok

16:37:48.0328 2940        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

16:37:48.0453 2940        Schedule - ok

16:37:48.0484 2940        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

16:37:48.0609 2940        Secdrv - ok

16:37:48.0656 2940        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

16:37:48.0796 2940        seclogon - ok

16:37:48.0828 2940        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

16:37:48.0968 2940        SENS - ok

16:37:49.0031 2940        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys

16:37:49.0171 2940        Serial - ok

16:37:49.0203 2940        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

16:37:49.0343 2940        Sfloppy - ok

16:37:49.0390 2940        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

16:37:49.0531 2940        SharedAccess - ok

16:37:49.0578 2940        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

16:37:49.0593 2940        ShellHWDetection - ok

16:37:49.0609 2940        Simbad - ok

16:37:49.0625 2940        Sparrow - ok

16:37:49.0671 2940        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

16:37:49.0812 2940        splitter - ok

16:37:49.0828 2940        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

16:37:49.0875 2940        Spooler - ok

16:37:49.0890 2940        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

16:37:50.0046 2940        sr - ok

16:37:50.0078 2940        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

16:37:50.0218 2940        srservice - ok

16:37:50.0281 2940        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

16:37:50.0328 2940        Srv - ok

16:37:50.0375 2940        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

16:37:50.0515 2940        SSDPSRV - ok

16:37:50.0546 2940        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

16:37:50.0546 2940        ssmdrv - ok

16:37:50.0609 2940        STHDA           (0aa91bbe468b3f46072091f18003ecaa) C:\WINDOWS\system32\drivers\sthda.sys

16:37:50.0687 2940        STHDA - ok

16:37:50.0750 2940        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

16:37:50.0890 2940        stisvc - ok

16:37:50.0937 2940        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

16:37:51.0093 2940        swenum - ok

16:37:51.0109 2940        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

16:37:51.0234 2940        swmidi - ok

16:37:51.0265 2940        SwPrv - ok

16:37:51.0281 2940        symc810 - ok

16:37:51.0296 2940        symc8xx - ok

16:37:51.0312 2940        sym_hi - ok

16:37:51.0328 2940        sym_u3 - ok

16:37:51.0343 2940        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

16:37:51.0468 2940        sysaudio - ok

16:37:51.0500 2940        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

16:37:51.0625 2940        SysmonLog - ok

16:37:51.0656 2940        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

16:37:51.0796 2940        TapiSrv - ok

16:37:51.0843 2940        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

16:37:51.0906 2940        Tcpip - ok

16:37:51.0921 2940        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

16:37:52.0062 2940        TDPIPE - ok

16:37:52.0062 2940        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

16:37:52.0218 2940        TDTCP - ok

16:37:52.0234 2940        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

16:37:52.0375 2940        TermDD - ok

16:37:52.0406 2940        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

16:37:52.0546 2940        TermService - ok

16:37:52.0578 2940        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

16:37:52.0593 2940        Themes - ok

16:37:52.0609 2940        TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe

16:37:52.0750 2940        TlntSvr - ok

16:37:52.0781 2940        TosIde - ok

16:37:52.0796 2940        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

16:37:52.0921 2940        TrkWks - ok

16:37:52.0968 2940        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

16:37:53.0109 2940        Udfs - ok

16:37:53.0109 2940        ultra - ok

16:37:53.0140 2940        UMWdf           (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe

16:37:53.0281 2940        UMWdf - ok

16:37:53.0343 2940        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

16:37:53.0531 2940        Update - ok

16:37:53.0578 2940        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

16:37:53.0750 2940        upnphost - ok

16:37:53.0765 2940        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

16:37:53.0890 2940        UPS - ok

16:37:53.0921 2940        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

16:37:54.0062 2940        usbccgp - ok

16:37:54.0140 2940        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

16:37:54.0265 2940        usbehci - ok

16:37:54.0296 2940        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

16:37:54.0453 2940        usbhub - ok

16:37:54.0484 2940        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

16:37:54.0625 2940        usbprint - ok

16:37:54.0640 2940        usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:37:54.0781 2940        usbstor - ok

16:37:54.0812 2940        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

16:37:54.0937 2940        usbuhci - ok

16:37:54.0953 2940        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

16:37:55.0093 2940        VgaSave - ok

16:37:55.0109 2940        ViaIde - ok

16:37:55.0125 2940        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

16:37:55.0265 2940        VolSnap - ok

16:37:55.0296 2940        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

16:37:55.0453 2940        VSS - ok

16:37:55.0484 2940        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

16:37:55.0640 2940        W32Time - ok

16:37:55.0671 2940        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

16:37:55.0796 2940        Wanarp - ok

16:37:55.0812 2940        WDICA - ok

16:37:55.0828 2940        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

16:37:55.0953 2940        wdmaud - ok

16:37:56.0000 2940        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

16:37:56.0140 2940        WebClient - ok

16:37:56.0187 2940        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

16:37:56.0328 2940        winmgmt - ok

16:37:56.0406 2940        WmdmPmSN        (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\MsPMSNSv.dll

16:37:56.0421 2940        WmdmPmSN - ok

16:37:56.0484 2940        Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll

16:37:56.0546 2940        Wmi - ok

16:37:56.0578 2940        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

16:37:56.0718 2940        WmiApSrv - ok

16:37:56.0765 2940        WpdUsb          (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys

16:37:56.0781 2940        WpdUsb - ok

16:37:56.0812 2940        WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

16:37:56.0953 2940        WS2IFSL - ok

16:37:56.0984 2940        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

16:37:57.0125 2940        wscsvc - ok

16:37:57.0171 2940        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

16:37:57.0312 2940        wuauserv - ok

16:37:57.0359 2940        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

16:37:57.0500 2940        WZCSVC - ok

16:37:57.0546 2940        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

16:37:57.0687 2940        xmlprov - ok

16:37:57.0718 2940        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

16:37:58.0015 2940        \Device\Harddisk0\DR0 - ok

16:37:58.0015 2940        Boot (0x1200)   (2aaf8028c97de81c932314d032565c66) \Device\Harddisk0\DR0\Partition0

16:37:58.0015 2940        \Device\Harddisk0\DR0\Partition0 - ok

16:37:58.0046 2940        Boot (0x1200)   (f32f02e405acd54e59b1ca0c79cbeaeb) \Device\Harddisk0\DR0\Partition1

16:37:58.0046 2940        \Device\Harddisk0\DR0\Partition1 - ok

16:37:58.0046 2940        ============================================================

16:37:58.0046 2940        Scan finished

16:37:58.0046 2940        ============================================================

16:37:58.0156 2928        Detected object count: 7

16:37:58.0156 2928        Actual detected object count: 7

16:38:18.0406 2928        AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

16:38:18.0406 2928        AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:38:18.0406 2928        ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user

16:38:18.0406 2928        ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:38:18.0421 2928        cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

16:38:18.0421 2928        cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:38:18.0421 2928        ctdvda2k ( UnsignedFile.Multi.Generic ) - skipped by user

16:38:18.0421 2928        ctdvda2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:38:18.0421 2928        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

16:38:18.0421 2928        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:38:18.0421 2928        MHN ( UnsignedFile.Multi.Generic ) - skipped by user

16:38:18.0421 2928        MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:38:18.0421 2928        MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

16:38:18.0421 2928        MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:38:22.0187 3616        Deinitialize success

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hi,

habe ComboFix durchgeführt. Hier das Resultat:

Gruß!

Code:

ComboFix 12-04-22.01 - T**** 22.04.2012  16:38:05.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1218 [GMT 2:00]

ausgef¸hrt von:: c:\dokumente und einstellungen\T****\Eigene Dateien\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Lˆschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programme\R119714.EXE

c:\windows\IsUn0407.exe

c:\windows\setupapi.log

c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP051                  .MRK

c:\windows\system32\drivers\DELL_XPS_Dell DXP051                  .MRK

.

c:\windows\system32\drivers\i8042prt.sys fehlte 

Kopie von - c:\windows\ServicePackFiles\i386\i8042prt.sys wurde wiederhergestellt

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-03-22 bis 2012-04-22  ))))))))))))))))))))))))))))))

.

.

2012-04-22 14:41 . 2008-04-14 01:55        52992        -c--a-w-        c:\windows\system32\dllcache\i8042prt.sys

2012-04-22 14:41 . 2008-04-14 01:55        52992        ----a-w-        c:\windows\system32\drivers\i8042prt.sys

2012-04-20 14:33 . 2012-04-20 14:33        --------        d-----w-        C:\TDSSKiller_Quarantine

2012-04-19 15:44 . 2012-04-19 15:44        2072112        ----a-w-        c:\programme\tdsskiller.exe

2012-04-13 12:23 . 2012-04-13 12:23        --------        d-----w-        c:\programme\ESET

2012-04-13 11:08 . 2012-04-13 11:08        --------        d-----w-        c:\dokumente und einstellungen\T****\Anwendungsdaten\Malwarebytes

2012-04-13 11:07 . 2012-04-13 11:07        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2012-04-13 11:07 . 2012-04-13 11:07        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2012-04-13 11:07 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-04-12 21:58 . 2012-04-12 21:58        --------        d-----w-        C:\_OTL

2012-04-12 16:21 . 2012-04-12 16:21        --------        d-----w-        c:\dokumente und einstellungen\Administrator

2012-04-04 05:53 . 2012-04-04 05:53        182160        ----a-w-        c:\programme\Mozilla Firefox\plugins\nppdf32.dll

2012-04-04 05:53 . 2012-04-04 05:53        182160        ----a-w-        c:\programme\Internet Explorer\PLUGINS\nppdf32.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-12 16:27 . 2012-04-12 16:27        310120        ----a-w-        C:\_OTL.zip

2012-03-01 01:15 . 2006-03-04 03:34        832512        ----a-w-        c:\windows\system32\wininet.dll

2012-03-01 01:15 . 2004-08-10 12:00        1830912        ------w-        c:\windows\system32\inetcpl.cpl

2012-03-01 01:15 . 2004-08-10 12:00        78336        ----a-w-        c:\windows\system32\ieencode.dll

2012-03-01 01:15 . 2004-08-10 12:00        17408        ------w-        c:\windows\system32\corpol.dll

2012-02-29 14:09 . 2004-08-10 12:00        177664        ----a-w-        c:\windows\system32\wintrust.dll

2012-02-29 14:09 . 2004-08-10 12:00        148480        ----a-w-        c:\windows\system32\imagehlp.dll

2012-02-07 09:02 . 2012-02-07 09:02        1070352        ----a-w-        c:\windows\system32\MSCOMCTL.OCX

2012-02-03 09:57 . 2004-08-10 12:00        1860224        ----a-w-        c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

"DMXLauncher"="c:\programme\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]

"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 344064]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2011-09-18 282624]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\All Users\Startmen¸\Programme\Autostart\

NETGEAR WG111v2 Smart Wizard.lnk - c:\programme\NETGEAR\WG111v2\WG111v2.exe [2006-7-30 1101824]

NkbMonitor.exe.lnk - c:\programme\Nikon\PictureProject\NkbMonitor.exe [2011-9-18 118784]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\TeamViewer\\Version7\\TeamViewer.exe"=

"c:\\Programme\\TeamViewer\\Version7\\TeamViewer_Service.exe"=

"c:\\Programme\\Messenger\\msmsgs.exe"=

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21.01.2011 19:49 64288]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [21.01.2011 18:11 136360]

R2 Gupta SQLBase Advoware;Gupta SQLBase Advoware;c:\advoweb\Advoware\Server\dbntsrv.exe "SERVICE=Gupta SQLBase Advoware" "INI=c:\advoweb\Advoware\Server\sqlsrv.ini" --> c:\advoweb\Advoware\Server\dbntsrv.exe SERVICE=Gupta SQLBase Advoware [?]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [03.12.2010 11:05 2152152]

R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [13.04.2012 13:07 654408]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.04.2012 13:07 22344]

R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27.03.2006 18:53 167808]

S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [21.01.2011 19:42 136176]

S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [21.01.2011 19:42 136176]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programme\Lavasoft\Ad-Aware\kernexplorer.sys [03.12.2010 11:05 15232]

.

Inhalt des "geplante Tasks" Ordners

.

2012-04-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 07:40]

.

2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2011-01-21 17:42]

.

2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2011-01-21 17:42]

.

.

------- Zus‰tzlicher Suchlauf -------

.

uStart Page = hxxp://ksta.de/

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\dokumente und einstellungen\T****\Anwendungsdaten\Mozilla\Firefox\Profiles\dt55zfvp.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-04-22 16:43

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteintr‰ge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\programme\Avira\AntiVir Desktop\avguard.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\programme\Avira\AntiVir Desktop\avshadow.exe

c:\advoweb\Advoware\Server\dbntsrv.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\windows\system32\wdfmgr.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\stsystra.exe

c:\windows\system32\wbem\unsecapp.exe

c:\programme\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-04-22  16:51:10 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-04-22 14:51

.

Vor Suchlauf: 2.735.775.744 Bytes frei

Nach Suchlauf: 3.080.953.856 Bytes frei

.

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 53AAC44AF0791DA311C16E53A616182A