Trojaner-Board - Verschlüsselungs-Trojaner

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Verschlüsselungs-Trojaner - nix geht mehr! (https://www.trojaner-board.de/115581-verschluesselungs-trojaner-nix-geht-mehr.html)

Verschlüsselungs-Trojaner - nix geht mehr!

Hallo Zusammen, finde es super, dass ihr so toll unterstützt!!!!!

Der PC meines Vaters wurde befallen, er hat eine Mail bekommen, er hätte angeblich was für 780 Euro bestellt und er hat den Anhang geöffnet, boom ging nix mehr...

Wenn der PC hochfährt, dauert es wenige Sekunden bevor der gleiche Bildschirm des Trojaners erscheint und nix geht mehr...
Auf dem PC sind aber 2 User, das von meinem Vater funktioniert nicht mehr (infiziert), das von meine Bruder aber geht...und da erscheint kein Trojaner. Wenn ich beim 2ten User die Virussoftware laufen lasse, findet die aber nichts...
Abgesicherter Modus geht auch nicht...

Ich habe mir eure Anleitungen durchgelesen und hänge anbei mein Log.

Ich hoffe ihr könnt weiterhelfen, mein Vater hat schon einen halben Herzinfarkt bekommen, er lässt sich noch nicht überzeugen, dass er keine 780 Euro zahlen muss...!! :stirn:

:dankeschoen:

PS: Konnte eben den mbam malware check über den 2ten User laufen lassen, 8 infizierte Dateien gefunden und gelöscht. Ich komme jetzt auch wieder über den User meines Vaters in den PC. Werde gleich mal nochmal den mbam laufen lassen. Anbei der Log. Sind alle User jetzt sauber?

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

So, endlich hatte ich die Zeit den PC meines Vaters nochmal unter die Lupe zu nehmen. Habe wie von Dir vorgeschlagen den malwarebyte VOLLScan nochmal durchgeführt. Der hat auch was gefunden, hier der LOG:

Code:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org
 

Database version: v2012.05.23.04
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Besitzer :: MANCINI-QQHXFDO [administrator]
 

23.05.2012 14:45:34

mbam-log-2012-05-23 (14-45-34).txt
 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 236281

Time elapsed: 2 hour(s), 38 minute(s), 15 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 1 -> Quarantined and deleted successfully.
 

Registry Data Items Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 1

E:\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 

(end)

Dann habe ich den ESET durchgeführt, da hat er auch was gefunden, habe aber den Haken bei "Remove..." wie von dir gesagt NICHT gesetzt. Muss ich die dann auch noch löschen? Hier ist der ESET Log:

Code:

 ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=f852ec419ecdbc49beb9e588e1d4bfa8

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-05-25 04:12:09

# local_time=2012-05-25 06:12:09 (+0100, Westeuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1792 16777195 100 0 128746293 128746293 0 0

# compatibility_mode=8192 67108863 100 0 170417 170417 0 0

# compatibility_mode=9217 16777214 75 66 22552289 39919345 0 0

# scanned=42225

# found=2

# cleaned=0

# scan_time=3689

C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\Rechnung 2012.zip        a variant of Win32/Injector.RQR trojan (unable to clean)        00000000000000000000000000000000        I

C:\WINDOWS\system32\memw.exe        a variant of Win32/Kryptik.AFKT trojan (unable to clean)        00000000000000000000000000000000        I

Ich habe jetzt keinen Plan wie ich weiter vorgehen soll. Das ist so das größte was ich je an Virenbekämpfung vollbracht hab in der Richtung *aufeigeneschulterklopf* ;-)

Ich hoffe, dass ich das irgendwie hinkriege. Die Dateien sind ja auch noch alle verschlüsselt. Wann kann ich den Decrypter laufen lassen? (das mit den Beispieldateien in der Anleitung habe ich nicht ganz verstanden...)

DANKE SCHONMAL!!!!!!

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Hallo,
ja der Windows Modus funktioniert wieder uneingeschränkt.
Es fehlen auf den ersten Blick auch keine Sachen im Startmenu und unter alle Programme sind keine Leeren Ordner...
Die Dateien sind halt alle verschlüsselt...Wat nu? :wtf:

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL.txt

Code:

OTL logfile created on: 30.05.2012 16:36:28 - Run 1

OTL by OldTimer - Version 3.2.44.0     Folder = C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

510,48 Mb Total Physical Memory | 336,73 Mb Available Physical Memory | 65,96% Memory free

1,22 Gb Paging File | 0,91 Gb Available in Paging File | 74,62% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 37,26 Gb Total Space | 25,30 Gb Free Space | 67,91% Space Free | Partition Type: NTFS

 

Computer Name: MANCINI-QQHXFDO | User Name: Besitzer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.05.30 16:34:08 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\OTL.exe

PRC - [2011.06.09 14:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe

PRC - [2011.02.18 17:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe

PRC - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe

PRC - [2011.02.15 17:25:42 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008.03.26 15:34:45 | 000,147,201 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe

PRC - [2008.03.07 12:00:05 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe

PRC - [2008.02.12 10:06:47 | 000,262,401 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe

PRC - [2007.12.13 08:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIEFE.EXE

PRC - [2007.05.18 18:36:44 | 000,794,624 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe

PRC - [2003.05.16 08:14:26 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU

MOD - [2008.01.22 19:28:02 | 000,339,968 | ---- | M] () -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sqlite3.dll

MOD - [2007.08.24 17:38:08 | 000,077,312 | ---- | M] () -- C:\Programme\Avira\AntiVir PersonalEdition Classic\unacev2.dll

MOD - [2006.10.26 22:30:12 | 000,131,072 | R--- | M] () -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\EnumDevLib.dll

MOD - [2005.07.20 04:53:04 | 000,966,765 | R--- | M] () -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\acAuth.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012.05.30 16:15:39 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)

SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)

SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)

SRV - [2008.04.14 04:22:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)

SRV - [2008.04.14 04:22:16 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)

SRV - [2008.04.14 04:22:15 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)

SRV - [2008.04.14 04:22:07 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)

SRV - [2008.03.26 15:34:45 | 000,147,201 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)

SRV - [2008.03.07 12:00:05 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2011.02.15 17:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2010.05.13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2008.04.14 04:02:16 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)

DRV - [2008.04.14 03:58:18 | 000,154,112 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)

DRV - [2008.04.14 03:58:13 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)

DRV - [2008.04.13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)

DRV - [2008.04.13 20:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)

DRV - [2008.03.04 13:28:49 | 000,079,424 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2008.02.18 17:07:53 | 000,049,472 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)

DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2007.05.21 09:29:26 | 000,235,648 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)

DRV - [2007.02.27 15:24:55 | 000,011,840 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)

DRV - [2001.08.18 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)

DRV - [2001.08.18 14:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)

DRV - [2001.08.18 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)

DRV - [2001.08.17 13:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550

IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.03.10 18:34:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.30 16:18:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.30 16:34:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.01.22 12:42:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

 

[2010.12.22 11:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions

[2010.12.22 11:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.05.23 16:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\extensions

[2012.02.02 12:08:55 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\doTuoUOTUjlgjGJDG

[2012.02.02 12:08:55 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\duTUoTgjUglxjDJLxvpfn

[2012.02.02 12:08:55 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\jQQddaaAAOOxxDlnnJJV

[2012.02.02 12:08:55 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\tnpNqVNesysuotu

[2012.02.02 12:08:55 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\XxjDJLGJpfnpNqVNesy

[2012.05.30 16:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2001.08.18 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)

O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003..\Run: [04FE9CEF] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol\8378A3F104FE9CEFA3D0.exe File not found

O4 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\REALTEK USB Wireless LAN Utility.lnk = C:\Programme\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.)

O4 - Startup: C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Dokumente und Einstellungen\Lorenzo\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O15 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..Trusted Domains:   ([]msn in My Computer)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47DDCEC0-D548-4613-80BE-FC989B599B06}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.03.28 04:46:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{3d1dc533-a29f-11dd-acf7-00400c028909}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

O33 - MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\Shell - "" = AutoRun

O33 - MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\Shell\AutoRun\command - "" = E:\pushinst.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: 6to4 -  File not found

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

 

 

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.30 16:28:29 | 000,000,000 | ---D | C] -- C:\Programme\Adobe

[2012.05.30 16:26:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.05.30 16:18:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla

[2012.05.30 16:18:22 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service

[2012.05.23 17:50:26 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.05.23 17:49:55 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\esetsmartinstaller_enu.exe

[2012.05.23 14:45:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\PCHealth

[2012.05.23 14:43:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes

[2012.05.22 14:31:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.05.22 14:31:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.05.22 14:31:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.05.22 14:31:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.05.21 17:07:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol

[2012.05.21 17:06:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.30 16:34:02 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk

[2012.05.30 16:22:24 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.05.30 16:18:25 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk

[2012.05.30 16:13:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.05.30 16:13:41 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.30 15:59:21 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.05.23 17:50:16 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\esetsmartinstaller_enu.exe

[2012.05.23 14:33:40 | 000,000,522 | ---- | M] () -- C:\hpfr3320.xml

[2012.05.22 14:31:36 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.21 16:55:00 | 000,114,176 | ---- | M] () -- C:\GgDtAevoxuTVEXg

[2012.05.21 16:55:00 | 000,000,521 | ---- | M] () -- C:\GoXgydreGqDuns

[2012.05.18 15:10:34 | 005,811,800 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\gsGXanErOVUlsjqvu

[2012.05.15 17:38:56 | 005,704,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\QqxQlsopuLUrafqDN

[2012.05.12 12:57:29 | 000,136,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.05.11 21:50:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323

[2012.05.11 21:50:40 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322

[2012.05.11 21:50:32 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321

[2012.05.11 21:50:22 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320

[2012.05.11 19:08:17 | 000,448,898 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.05.11 19:08:17 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.05.11 19:08:17 | 000,080,338 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.05.11 19:08:17 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.05.11 19:02:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.05.07 11:31:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.05.30 16:34:02 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk

[2012.05.30 16:34:01 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk

[2012.05.30 16:15:41 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.05.23 14:33:39 | 000,000,522 | ---- | C] () -- C:\hpfr3320.xml

[2012.05.22 14:31:36 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325

[2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324

[2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323

[2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322

[2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321

[2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320

[2012.02.19 11:39:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.11.28 12:31:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011.05.07 14:33:56 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

 
 ========== LOP Check ==========

 

[2009.07.07 18:21:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON

[2008.04.26 14:28:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier

[2011.09.07 16:14:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\CheckPoint

[2012.05.22 13:54:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol

[2008.11.03 17:32:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\OpenOffice.org

[2010.12.22 11:55:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Thunderbird

[2011.02.10 12:56:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Watchtower

[2011.09.09 17:38:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lorenzo\Anwendungsdaten\CheckPoint

[2011.10.23 19:49:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lorenzo\Anwendungsdaten\OpenOffice.org

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2009.04.30 13:48:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Adobe

[2011.09.07 16:14:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\CheckPoint

[2008.04.09 15:51:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Help

[2008.03.28 04:51:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Identities

[2008.04.15 13:15:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\InstallShield

[2012.05.22 13:54:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol

[2009.01.13 18:00:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia

[2012.05.23 14:43:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes

[2012.05.21 17:11:26 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft

[2009.07.28 06:58:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla

[2009.09.07 19:55:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\MSN6

[2008.11.03 17:32:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\OpenOffice.org

[2008.11.03 17:25:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sun

[2008.10.25 16:26:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Talkback

[2010.12.22 11:55:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Thunderbird

[2011.02.10 12:56:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Watchtower

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008.10.27 19:24:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys

[2008.10.27 19:24:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008.10.27 19:24:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys

[2008.10.27 19:24:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll

[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2003.01.01 03:16:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2003.01.01 03:16:15 | 000,610,304 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2003.01.01 03:16:15 | 000,409,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 <           >
 

< End of report >

Und die Extras.txt

Code:

OTL Extras logfile created on: 30.05.2012 16:36:28 - Run 1

OTL by OldTimer - Version 3.2.44.0     Folder = C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

510,48 Mb Total Physical Memory | 336,73 Mb Available Physical Memory | 65,96% Memory free

1,22 Gb Paging File | 0,91 Gb Available in Paging File | 74,62% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 37,26 Gb Total Space | 25,30 Gb Free Space | 67,91% Space Free | Partition Type: NTFS

 

Computer Name: MANCINI-QQHXFDO | User Name: Besitzer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[HKEY_USERS\S-1-5-21-1220945662-1078081533-839522115-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1E36941C-7A4D-4E08-8B4B-3B556C45C528}" = Watchtower Library 2010 - Italiano

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 29

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK USB Wireless LAN Driver and Utility

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F672B967-BC29-4C4D-A16A-C71C0B9DC656}" = Watchtower Library 2011 - Italiano

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AntiVir PersonalEdition Classic" = Avira AntiVir Personal – Free Antivirus

"EPSON Scanner" = EPSON Scan

"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall

"EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch" = EPSON Stylus SX200_SX400_TX200_TX400 Handbuch

"ESET Online Scanner" = ESET Online Scanner v3

"hp deskjet 3320 series" = hp deskjet 3320 series (nur entfernen)

"hp deskjet 3320 series_Driver" = hp deskjet 3320 series

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)

"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"ZoneAlarm" = ZoneAlarm

"ZoneAlarm Free" = ZoneAlarm Free

"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 23.05.2012 08:38:28 | Computer Name = MANCINI-QQHXFDO | Source = MsiInstaller | ID = 1023

Description = Produkt: Microsoft .NET Framework 2.0 Service Pack 2 - Update "KB2518864"

 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in

 der Protokolldatei C:\WINDOWS\system32\config\SYSTEM~1\LOKALE~1\Temp\Microsoft 

.NET Framework 2.0-KB2518864_20120523_123759734-Msi0.txt enthalten.

 

Error - 23.05.2012 08:38:36 | Computer Name = MANCINI-QQHXFDO | Source = HotFixInstaller | ID = 5000

Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2518864,

 P2 1031, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10 

1719.

 

Error - 23.05.2012 11:50:20 | Computer Name = MANCINI-QQHXFDO | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

 in der signierten Datei.  .

 

Error - 23.05.2012 11:50:21 | Computer Name = MANCINI-QQHXFDO | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

 in der signierten Datei.  .

 

Error - 23.05.2012 11:56:21 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421,

 Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 23.05.2012 11:56:58 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421,

 Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 23.05.2012 11:57:16 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421,

 Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 25.05.2012 11:01:28 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421,

 Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 25.05.2012 11:01:51 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421,

 Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 25.05.2012 11:01:54 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421,

 Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ Application Events ]

Error - 23.05.2012 08:38:28 | Computer Name = MANCINI-QQHXFDO | Source = MsiInstaller | ID = 1023

Description = Produkt: Microsoft .NET Framework 2.0 Service Pack 2 - Update "KB2518864"

 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in

 der Protokolldatei C:\WINDOWS\system32\config\SYSTEM~1\LOKALE~1\Temp\Microsoft 

.NET Framework 2.0-KB2518864_20120523_123759734-Msi0.txt enthalten.

 

Error - 23.05.2012 08:38:36 | Computer Name = MANCINI-QQHXFDO | Source = HotFixInstaller | ID = 5000

Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2518864,

 P2 1031, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10 

1719.

 

Error - 23.05.2012 11:50:20 | Computer Name = MANCINI-QQHXFDO | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

 in der signierten Datei.  .

 

Error - 23.05.2012 11:50:21 | Computer Name = MANCINI-QQHXFDO | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

 in der signierten Datei.  .

 

Error - 23.05.2012 11:56:21 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421,

 Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 23.05.2012 11:56:58 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421,

 Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 23.05.2012 11:57:16 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421,

 Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 25.05.2012 11:01:28 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421,

 Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 25.05.2012 11:01:51 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421,

 Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 25.05.2012 11:01:54 | Computer Name = MANCINI-QQHXFDO | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung esetsmartinstaller_enu.exe, Version 1.0.0.6421,

 Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ System Events ]

Error - 21.05.2012 11:31:23 | Computer Name = MANCINI-QQHXFDO | Source = DCOM | ID = 10010

Description = Der Server "{80EE4901-33A8-11D1-A213-0080C88593A5}" konnte innerhalb

 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

 

Error - 22.05.2012 08:02:54 | Computer Name = MANCINI-QQHXFDO | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 

Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung

 wurde angehalten.

 

Error - 23.05.2012 11:44:28 | Computer Name = MANCINI-QQHXFDO | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 

Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung

 wurde angehalten.

 

 

< End of report >

Zitat:

(Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
(Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe

ZoneAlarm ist kontraproduktiver Müll, bitte umgehend deinstallieren und die Windows-Firewall einschalten!
Mach danach bitte wieder ein neues OTL-Log wie o.g.

So, Zone Alarm deinstalliert, neue OTL:

Code:

OTL logfile created on: 01.06.2012 16:38:44 - Run 2

OTL by OldTimer - Version 3.2.44.0     Folder = C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

510,48 Mb Total Physical Memory | 230,09 Mb Available Physical Memory | 45,07% Memory free

1,22 Gb Paging File | 0,92 Gb Available in Paging File | 75,82% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 37,26 Gb Total Space | 25,44 Gb Free Space | 68,27% Space Free | Partition Type: NTFS

 

Computer Name: MANCINI-QQHXFDO | User Name: Besitzer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.05.30 16:34:08 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\OTL.exe

PRC - [2012.04.21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2011.06.09 14:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2008.09.30 17:57:54 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin

PRC - [2008.09.30 17:57:32 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008.03.26 15:34:45 | 000,147,201 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe

PRC - [2008.03.07 12:00:05 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe

PRC - [2008.02.12 10:06:47 | 000,262,401 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe

PRC - [2007.12.13 08:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIEFE.EXE

PRC - [2007.05.18 18:36:44 | 000,794,624 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe

PRC - [2003.05.16 08:14:26 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.04.21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU

MOD - [2008.07.29 15:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll

MOD - [2008.01.22 19:28:02 | 000,339,968 | ---- | M] () -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sqlite3.dll

MOD - [2007.08.24 17:38:08 | 000,077,312 | ---- | M] () -- C:\Programme\Avira\AntiVir PersonalEdition Classic\unacev2.dll

MOD - [2006.10.26 22:30:12 | 000,131,072 | R--- | M] () -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\EnumDevLib.dll

MOD - [2005.07.20 04:53:04 | 000,966,765 | R--- | M] () -- C:\Programme\REALTEK USB Wireless LAN Driver and Utility\acAuth.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012.05.30 16:15:39 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)

SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)

SRV - [2008.04.14 04:22:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)

SRV - [2008.04.14 04:22:16 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)

SRV - [2008.04.14 04:22:15 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)

SRV - [2008.04.14 04:22:07 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)

SRV - [2008.03.26 15:34:45 | 000,147,201 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)

SRV - [2008.03.07 12:00:05 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2008.04.14 04:02:16 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)

DRV - [2008.04.14 03:58:18 | 000,154,112 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)

DRV - [2008.04.14 03:58:13 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)

DRV - [2008.04.13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)

DRV - [2008.04.13 20:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)

DRV - [2008.03.04 13:28:49 | 000,079,424 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2008.02.18 17:07:53 | 000,049,472 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)

DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2007.05.21 09:29:26 | 000,235,648 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)

DRV - [2007.02.27 15:24:55 | 000,011,840 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)

DRV - [2001.08.18 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)

DRV - [2001.08.18 14:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)

DRV - [2001.08.18 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)

DRV - [2001.08.17 13:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550

IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.30 16:18:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.30 16:34:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.01.22 12:42:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

 

[2010.12.22 11:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions

[2010.12.22 11:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.05.23 16:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\extensions

[2012.02.02 12:08:55 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\doTuoUOTUjlgjGJDG

[2012.02.02 12:08:55 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\duTUoTgjUglxjDJLxvpfn

[2012.02.02 12:08:55 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\jQQddaaAAOOxxDlnnJJV

[2012.02.02 12:08:55 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\tnpNqVNesysuotu

[2012.02.02 12:08:55 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\XxjDJLGJpfnpNqVNesy

[2012.05.30 16:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2001.08.18 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found

O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found

O3 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)

O4 - HKLM..\Run: [ISW] "C:\Programme\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003..\Run: [04FE9CEF] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol\8378A3F104FE9CEFA3D0.exe File not found

O4 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\REALTEK USB Wireless LAN Utility.lnk = C:\Programme\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.)

O4 - Startup: C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Dokumente und Einstellungen\Lorenzo\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O15 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..Trusted Domains:   ([]msn in My Computer)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47DDCEC0-D548-4613-80BE-FC989B599B06}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.03.28 04:46:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{3d1dc533-a29f-11dd-acf7-00400c028909}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

O33 - MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\Shell - "" = AutoRun

O33 - MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\Shell\AutoRun\command - "" = E:\pushinst.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: 6to4 -  File not found

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

 

 

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.06.01 16:35:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs

[2012.06.01 16:33:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data

[2012.05.30 16:28:29 | 000,000,000 | ---D | C] -- C:\Programme\Adobe

[2012.05.30 16:26:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.05.30 16:18:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla

[2012.05.30 16:18:22 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service

[2012.05.23 17:50:26 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.05.23 17:49:55 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\esetsmartinstaller_enu.exe

[2012.05.23 14:45:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\PCHealth

[2012.05.23 14:43:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes

[2012.05.22 14:31:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.05.22 14:31:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.05.22 14:31:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.05.22 14:31:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.05.21 17:07:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol

[2012.05.21 17:06:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.06.01 16:34:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.06.01 16:34:39 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys

[2012.06.01 16:30:40 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat

[2012.06.01 16:24:44 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.05.30 17:22:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.05.30 16:34:02 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk

[2012.05.30 16:18:25 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk

[2012.05.23 17:50:16 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\esetsmartinstaller_enu.exe

[2012.05.23 14:33:40 | 000,000,522 | ---- | M] () -- C:\hpfr3320.xml

[2012.05.22 14:31:36 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.21 16:55:00 | 000,114,176 | ---- | M] () -- C:\GgDtAevoxuTVEXg

[2012.05.21 16:55:00 | 000,000,521 | ---- | M] () -- C:\GoXgydreGqDuns

[2012.05.18 15:10:34 | 005,811,800 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\gsGXanErOVUlsjqvu

[2012.05.15 17:38:56 | 005,704,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\QqxQlsopuLUrafqDN

[2012.05.12 12:57:29 | 000,136,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.05.11 21:50:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323

[2012.05.11 21:50:40 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322

[2012.05.11 21:50:32 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321

[2012.05.11 21:50:22 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320

[2012.05.11 19:08:17 | 000,448,898 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.05.11 19:08:17 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.05.11 19:08:17 | 000,080,338 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.05.11 19:08:17 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.05.11 19:02:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.05.07 11:31:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.06.01 16:30:40 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2012.05.30 16:34:02 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk

[2012.05.30 16:34:01 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk

[2012.05.30 16:15:41 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.05.23 14:33:39 | 000,000,522 | ---- | C] () -- C:\hpfr3320.xml

[2012.05.22 14:31:36 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325

[2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324

[2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323

[2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322

[2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321

[2012.05.21 17:08:04 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320

[2012.02.19 11:39:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.11.28 12:31:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011.05.07 14:33:56 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

 
 ========== LOP Check ==========

 

[2009.07.07 18:21:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON

[2008.04.26 14:28:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier

[2012.06.01 16:28:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\CheckPoint

[2012.05.22 13:54:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol

[2008.11.03 17:32:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\OpenOffice.org

[2010.12.22 11:55:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Thunderbird

[2011.02.10 12:56:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Watchtower

[2011.09.09 17:38:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lorenzo\Anwendungsdaten\CheckPoint

[2011.10.23 19:49:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lorenzo\Anwendungsdaten\OpenOffice.org

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2009.04.30 13:48:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Adobe

[2012.06.01 16:28:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\CheckPoint

[2008.04.09 15:51:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Help

[2008.03.28 04:51:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Identities

[2008.04.15 13:15:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\InstallShield

[2012.05.22 13:54:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol

[2009.01.13 18:00:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia

[2012.05.23 14:43:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes

[2012.05.21 17:11:26 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft

[2009.07.28 06:58:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla

[2009.09.07 19:55:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\MSN6

[2008.11.03 17:32:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\OpenOffice.org

[2008.11.03 17:25:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sun

[2008.10.25 16:26:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Talkback

[2010.12.22 11:55:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Thunderbird

[2011.02.10 12:56:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Watchtower

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008.10.27 19:24:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys

[2008.10.27 19:24:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008.10.27 19:24:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys

[2008.10.27 19:24:29 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll

[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2001.08.18 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2003.01.01 03:16:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2003.01.01 03:16:15 | 000,610,304 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2003.01.01 03:16:15 | 000,409,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 

< End of report >

Wie geht es weiter? Der Eset Scan hatte ja was gefunden (Log oben), hab ich aber nicht gelöscht wie von Dir empfohlen, muss ich da noch was tun?
Was nun, kann ich die Dateien entschlüsseln? Wie genau?

Fragen über Fragen...ich DANKE nochmal vielmals im Voraus!!! :-)

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550

[2012.02.02 12:08:55 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\doTuoUOTUjlgjGJDG

[2012.02.02 12:08:55 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\duTUoTgjUglxjDJLxvpfn

[2012.02.02 12:08:55 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\jQQddaaAAOOxxDlnnJJV

[2012.02.02 12:08:55 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\tnpNqVNesysuotu

[2012.02.02 12:08:55 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\XxjDJLGJpfnpNqVNesy

O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found

O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found

O3 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)

O4 - HKLM..\Run: [ISW] "C:\Programme\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003..\Run: [04FE9CEF] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol\8378A3F104FE9CEFA3D0.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1220945662-1078081533-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.03.28 04:46:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{3d1dc533-a29f-11dd-acf7-00400c028909}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

O33 - MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\Shell - "" = AutoRun

O33 - MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\Shell\AutoRun\command - "" = E:\pushinst.exe

:Files

C:\WINDOWS\Internet Logs

C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol

C:\GgDtAevoxuTVEXg

C:\GoXgydreGqDuns

C:\WINDOWS\System32\winsh32?

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

erledigt. Habe aber vergessen All Users anzuklicken, ist das schlimm?

Code:

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-1220945662-1078081533-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ deleted successfully.

C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll moved successfully.

HKEY_USERS\S-1-5-21-1220945662-1078081533-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1220945662-1078081533-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\doTuoUOTUjlgjGJDG moved successfully.

C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\duTUoTgjUglxjDJLxvpfn moved successfully.

C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\jQQddaaAAOOxxDlnnJJV moved successfully.

C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\tnpNqVNesysuotu moved successfully.

C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\searchplugins\XxjDJLGJpfnpNqVNesy moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.

File C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.

File Sicherheit\prxtbZone.dll not found.

Registry value HKEY_USERS\S-1-5-21-1220945662-1078081533-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.

Registry value HKEY_USERS\S-1-5-21-1220945662-1078081533-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}\ not found.

File Sicherheit\prxtbZone.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISW deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1220945662-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\04FE9CEF deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.

Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1220945662-1078081533-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\AUTOEXEC.BAT moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d1dc533-a29f-11dd-acf7-00400c028909}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d1dc533-a29f-11dd-acf7-00400c028909}\ not found.

File E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5c43cbe-d760-11de-871b-e0f4ef53a70f}\ not found.

File E:\pushinst.exe not found.

========== FILES ==========

C:\WINDOWS\Internet Logs folder moved successfully.

C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Jjptgol folder moved successfully.

C:\GgDtAevoxuTVEXg moved successfully.

C:\GoXgydreGqDuns moved successfully.

C:\WINDOWS\System32\winsh320 moved successfully.

C:\WINDOWS\System32\winsh321 moved successfully.

C:\WINDOWS\System32\winsh322 moved successfully.

C:\WINDOWS\System32\winsh323 moved successfully.

C:\WINDOWS\System32\winsh324 moved successfully.

C:\WINDOWS\System32\winsh325 moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Besitzer

->Temp folder emptied: 207802097 bytes

->Temporary Internet Files folder emptied: 76447096 bytes

->Java cache emptied: 16 bytes

->FireFox cache emptied: 79811047 bytes

->Flash cache emptied: 45314 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 2204040 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Lorenzo

->Temp folder emptied: 130740055 bytes

->Temporary Internet Files folder emptied: 25395127 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 129700305 bytes

->Flash cache emptied: 2792 bytes

 

User: NetworkService

->Temp folder emptied: 2132440 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1138908 bytes

%systemroot%\System32 .tmp files removed: 2951 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 19934648 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 644,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Besitzer

->Flash cache emptied: 0 bytes

 

User: Default User

 

User: LocalService

 

User: Lorenzo

->Flash cache emptied: 0 bytes

 

User: NetworkService

 

Total Flash Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.44.0 log created on 06022012_202442
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

So, hier das TDSS LOG:

Code:

 

22:34:51.0125 1236        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

22:34:51.0453 1236        ============================================================

22:34:51.0453 1236        Current date / time: 2012/06/02 22:34:51.0453

22:34:51.0453 1236        SystemInfo:

22:34:51.0453 1236        

22:34:51.0453 1236        OS Version: 5.1.2600 ServicePack: 3.0

22:34:51.0453 1236        Product type: Workstation

22:34:51.0453 1236        ComputerName: MANCINI-QQHXFDO

22:34:51.0453 1236        UserName: Besitzer

22:34:51.0453 1236        Windows directory: C:\WINDOWS

22:34:51.0453 1236        System windows directory: C:\WINDOWS

22:34:51.0453 1236        Processor architecture: Intel x86

22:34:51.0453 1236        Number of processors: 1

22:34:51.0453 1236        Page size: 0x1000

22:34:51.0453 1236        Boot type: Normal boot

22:34:51.0453 1236        ============================================================

22:34:53.0718 1236        Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

22:34:53.0718 1236        Drive \Device\Harddisk1\DR2 - Size: 0x1E880000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

22:34:53.0734 1236        ============================================================

22:34:53.0734 1236        \Device\Harddisk0\DR0:

22:34:53.0734 1236        MBR partitions:

22:34:53.0734 1236        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1

22:34:53.0734 1236        \Device\Harddisk1\DR2:

22:34:53.0734 1236        MBR partitions:

22:34:53.0734 1236        ============================================================

22:34:54.0000 1236        C: <-> \Device\Harddisk0\DR0\Partition0

22:34:54.0062 1236        ============================================================

22:34:54.0062 1236        Initialize success

22:34:54.0062 1236        ============================================================

22:35:17.0484 2084        ============================================================

22:35:17.0484 2084        Scan started

22:35:17.0484 2084        Mode: Manual; SigCheck; TDLFS; 

22:35:17.0484 2084        ============================================================

22:35:17.0781 2084        Abiosdsk - ok

22:35:17.0812 2084        abp480n5 - ok

22:35:17.0906 2084        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

22:35:18.0859 2084        ACPI - ok

22:35:18.0906 2084        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

22:35:19.0171 2084        ACPIEC - ok

22:35:19.0343 2084        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

22:35:19.0406 2084        AdobeFlashPlayerUpdateSvc - ok

22:35:19.0421 2084        adpu160m - ok

22:35:19.0484 2084        AegisP          (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

22:35:19.0531 2084        AegisP ( UnsignedFile.Multi.Generic ) - warning

22:35:19.0531 2084        AegisP - detected UnsignedFile.Multi.Generic (1)

22:35:19.0625 2084        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

22:35:19.0671 2084        AFD - ok

22:35:19.0687 2084        Aha154x - ok

22:35:19.0718 2084        aic78u2 - ok

22:35:19.0750 2084        aic78xx - ok

22:35:19.0812 2084        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

22:35:20.0031 2084        Alerter - ok

22:35:20.0078 2084        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

22:35:20.0281 2084        ALG - ok

22:35:20.0296 2084        AliIde - ok

22:35:20.0375 2084        AmdK7           (3a0dafac778236559c14c7203fb550eb) C:\WINDOWS\system32\DRIVERS\amdk7.sys

22:35:20.0562 2084        AmdK7 - ok

22:35:20.0609 2084        amsint - ok

22:35:20.0812 2084        AntiVirScheduler (1c51917c9b30530a781f438f6a4ac49f) C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe

22:35:20.0828 2084        AntiVirScheduler ( UnsignedFile.Multi.Generic ) - warning

22:35:20.0828 2084        AntiVirScheduler - detected UnsignedFile.Multi.Generic (1)

22:35:20.0921 2084        AntiVirService  (980825559f7c70b565add5f5c71cfe8f) C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe

22:35:20.0953 2084        AntiVirService ( UnsignedFile.Multi.Generic ) - warning

22:35:20.0953 2084        AntiVirService - detected UnsignedFile.Multi.Generic (1)

22:35:20.0984 2084        AppMgmt - ok

22:35:21.0015 2084        asc - ok

22:35:21.0046 2084        asc3350p - ok

22:35:21.0093 2084        asc3550 - ok

22:35:21.0312 2084        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

22:35:21.0421 2084        aspnet_state - ok

22:35:21.0468 2084        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

22:35:21.0687 2084        AsyncMac - ok

22:35:21.0750 2084        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

22:35:21.0921 2084        atapi - ok

22:35:21.0953 2084        Atdisk - ok

22:35:22.0000 2084        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

22:35:22.0187 2084        Atmarpc - ok

22:35:22.0250 2084        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

22:35:22.0421 2084        AudioSrv - ok

22:35:22.0500 2084        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

22:35:22.0718 2084        audstub - ok

22:35:22.0750 2084        avgio           (71a751d7f8b0219bcf827596fc5af318) C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys

22:35:22.0750 2084        avgio - ok

22:35:22.0843 2084        avgntflt        (37f8550dcd2bb6a3c0d38b48559f0380) C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys

22:35:22.0843 2084        avgntflt - ok

22:35:22.0937 2084        avipbb          (f41752812e23bdbdcafec310c38ab3fa) C:\WINDOWS\system32\DRIVERS\avipbb.sys

22:35:22.0937 2084        avipbb - ok

22:35:23.0046 2084        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

22:35:23.0281 2084        Beep - ok

22:35:23.0390 2084        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

22:35:23.0765 2084        BITS - ok

22:35:23.0843 2084        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

22:35:24.0015 2084        Browser - ok

22:35:24.0046 2084        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

22:35:24.0296 2084        cbidf2k - ok

22:35:24.0312 2084        cd20xrnt - ok

22:35:24.0390 2084        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

22:35:24.0640 2084        Cdaudio - ok

22:35:24.0718 2084        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

22:35:24.0890 2084        Cdfs - ok

22:35:24.0937 2084        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

22:35:25.0109 2084        Cdrom - ok

22:35:25.0140 2084        Changer - ok

22:35:25.0203 2084        cisvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\System32\cisvc.exe

22:35:25.0390 2084        cisvc - ok

22:35:25.0437 2084        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

22:35:25.0609 2084        ClipSrv - ok

22:35:25.0703 2084        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:35:25.0812 2084        clr_optimization_v2.0.50727_32 - ok

22:35:25.0828 2084        CmdIde - ok

22:35:25.0859 2084        COMSysApp - ok

22:35:25.0906 2084        Cpqarray - ok

22:35:25.0984 2084        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

22:35:26.0156 2084        CryptSvc - ok

22:35:26.0171 2084        dac2w2k - ok

22:35:26.0203 2084        dac960nt - ok

22:35:26.0296 2084        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

22:35:26.0390 2084        DcomLaunch - ok

22:35:26.0484 2084        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

22:35:26.0687 2084        Dhcp - ok

22:35:26.0734 2084        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

22:35:26.0906 2084        Disk - ok

22:35:26.0937 2084        dmadmin - ok

22:35:27.0046 2084        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

22:35:27.0312 2084        dmboot - ok

22:35:27.0375 2084        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

22:35:27.0562 2084        dmio - ok

22:35:27.0640 2084        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

22:35:27.0890 2084        dmload - ok

22:35:27.0937 2084        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

22:35:28.0125 2084        dmserver - ok

22:35:28.0203 2084        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

22:35:28.0296 2084        Dnscache - ok

22:35:28.0375 2084        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

22:35:28.0562 2084        Dot3svc - ok

22:35:28.0593 2084        dpti2o - ok

22:35:28.0640 2084        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

22:35:28.0796 2084        EapHost - ok

22:35:28.0875 2084        EAPPkt          (d82414ec520453efe2eba936f6a9115a) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys

22:35:28.0906 2084        EAPPkt ( UnsignedFile.Multi.Generic ) - warning

22:35:28.0906 2084        EAPPkt - detected UnsignedFile.Multi.Generic (1)

22:35:28.0968 2084        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

22:35:29.0140 2084        ERSvc - ok

22:35:29.0234 2084        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

22:35:29.0265 2084        Eventlog - ok

22:35:29.0375 2084        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll

22:35:29.0468 2084        EventSystem - ok

22:35:29.0546 2084        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

22:35:29.0718 2084        Fastfat - ok

22:35:29.0796 2084        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

22:35:29.0828 2084        FastUserSwitchingCompatibility - ok

22:35:29.0859 2084        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

22:35:30.0031 2084        Fdc - ok

22:35:30.0093 2084        FETNDIS         (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys

22:35:30.0296 2084        FETNDIS - ok

22:35:30.0343 2084        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

22:35:30.0515 2084        Fips - ok

22:35:30.0578 2084        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

22:35:30.0765 2084        Flpydisk - ok

22:35:30.0796 2084        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

22:35:30.0968 2084        FltMgr - ok

22:35:31.0125 2084        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

22:35:31.0250 2084        FontCache3.0.0.0 - ok

22:35:31.0328 2084        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

22:35:31.0546 2084        Fs_Rec - ok

22:35:31.0593 2084        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

22:35:31.0828 2084        Ftdisk - ok

22:35:31.0906 2084        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

22:35:32.0062 2084        Gpc - ok

22:35:32.0312 2084        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

22:35:32.0484 2084        helpsvc - ok

22:35:32.0578 2084        HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll

22:35:32.0734 2084        HidServ - ok

22:35:32.0765 2084        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

22:35:32.0937 2084        hidusb - ok

22:35:33.0000 2084        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

22:35:33.0156 2084        hkmsvc - ok

22:35:33.0187 2084        hpn - ok

22:35:33.0203 2084        hpt3xx - ok

22:35:33.0296 2084        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

22:35:33.0328 2084        HTTP - ok

22:35:33.0406 2084        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

22:35:33.0578 2084        HTTPFilter - ok

22:35:33.0609 2084        i2omgmt - ok

22:35:33.0640 2084        i2omp - ok

22:35:33.0734 2084        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

22:35:33.0890 2084        i8042prt - ok

22:35:34.0093 2084        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

22:35:34.0343 2084        idsvc - ok

22:35:34.0406 2084        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

22:35:34.0593 2084        Imapi - ok

22:35:34.0703 2084        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\System32\imapi.exe

22:35:34.0859 2084        ImapiService - ok

22:35:34.0906 2084        ini910u - ok

22:35:34.0968 2084        IntelIde - ok

22:35:35.0046 2084        ip6fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

22:35:35.0234 2084        ip6fw - ok

22:35:35.0281 2084        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

22:35:35.0531 2084        IpFilterDriver - ok

22:35:35.0578 2084        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

22:35:35.0765 2084        IpInIp - ok

22:35:35.0812 2084        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

22:35:35.0968 2084        IpNat - ok

22:35:36.0031 2084        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

22:35:36.0203 2084        IPSec - ok

22:35:36.0265 2084        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

22:35:36.0437 2084        IRENUM - ok

22:35:36.0468 2084        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

22:35:36.0640 2084        isapnp - ok

22:35:36.0890 2084        JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe

22:35:36.0906 2084        JavaQuickStarterService - ok

22:35:36.0937 2084        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

22:35:37.0109 2084        Kbdclass - ok

22:35:37.0171 2084        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

22:35:37.0343 2084        kbdhid - ok

22:35:37.0421 2084        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

22:35:37.0515 2084        KSecDD - ok

22:35:37.0593 2084        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

22:35:37.0625 2084        lanmanserver - ok

22:35:37.0718 2084        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

22:35:37.0765 2084        lanmanworkstation - ok

22:35:37.0796 2084        lbrtfdc - ok

22:35:37.0906 2084        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

22:35:38.0078 2084        LmHosts - ok

22:35:38.0359 2084        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

22:35:38.0531 2084        Messenger - ok

22:35:38.0593 2084        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

22:35:38.0796 2084        mnmdd - ok

22:35:38.0890 2084        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe

22:35:39.0062 2084        mnmsrvc - ok

22:35:39.0140 2084        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

22:35:39.0328 2084        Modem - ok

22:35:39.0375 2084        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

22:35:39.0531 2084        Mouclass - ok

22:35:39.0781 2084        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

22:35:39.0984 2084        mouhid - ok

22:35:40.0031 2084        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

22:35:40.0171 2084        MountMgr - ok

22:35:40.0281 2084        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe

22:35:40.0343 2084        MozillaMaintenance - ok

22:35:40.0359 2084        mraid35x - ok

22:35:40.0406 2084        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

22:35:40.0625 2084        MRxDAV - ok

22:35:40.0734 2084        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

22:35:40.0812 2084        MRxSmb - ok

22:35:40.0875 2084        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe

22:35:41.0046 2084        MSDTC - ok

22:35:41.0125 2084        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

22:35:41.0312 2084        Msfs - ok

22:35:41.0328 2084        MSIServer - ok

22:35:41.0375 2084        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

22:35:41.0500 2084        mssmbios - ok

22:35:41.0593 2084        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

22:35:41.0671 2084        Mup - ok

22:35:41.0765 2084        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

22:35:41.0953 2084        napagent - ok

22:35:42.0046 2084        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

22:35:42.0203 2084        NDIS - ok

22:35:42.0281 2084        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

22:35:42.0312 2084        NdisTapi - ok

22:35:42.0343 2084        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

22:35:42.0500 2084        Ndisuio - ok

22:35:42.0531 2084        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

22:35:42.0687 2084        NdisWan - ok

22:35:42.0765 2084        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

22:35:42.0859 2084        NDProxy - ok

22:35:42.0937 2084        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

22:35:43.0109 2084        NetBIOS - ok

22:35:43.0156 2084        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

22:35:43.0328 2084        NetBT - ok

22:35:43.0421 2084        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

22:35:43.0593 2084        NetDDE - ok

22:35:43.0625 2084        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

22:35:43.0781 2084        NetDDEdsdm - ok

22:35:43.0843 2084        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe

22:35:43.0984 2084        Netlogon - ok

22:35:44.0062 2084        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

22:35:44.0234 2084        Netman - ok

22:35:44.0421 2084        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:35:44.0453 2084        NetTcpPortSharing - ok

22:35:44.0562 2084        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

22:35:44.0593 2084        Nla - ok

22:35:44.0656 2084        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

22:35:44.0828 2084        Npfs - ok

22:35:44.0890 2084        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

22:35:45.0171 2084        Ntfs - ok

22:35:45.0187 2084        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe

22:35:45.0359 2084        NtLmSsp - ok

22:35:45.0468 2084        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

22:35:45.0781 2084        NtmsSvc - ok

22:35:45.0859 2084        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

22:35:46.0093 2084        Null - ok

22:35:46.0328 2084        nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

22:35:46.0671 2084        nv - ok

22:35:46.0968 2084        nv4             (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys

22:35:47.0281 2084        nv4 - ok

22:35:47.0343 2084        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

22:35:47.0625 2084        NwlnkFlt - ok

22:35:47.0656 2084        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

22:35:47.0906 2084        NwlnkFwd - ok

22:35:48.0015 2084        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

22:35:48.0171 2084        Parport - ok

22:35:48.0203 2084        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

22:35:48.0375 2084        PartMgr - ok

22:35:48.0437 2084        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

22:35:48.0671 2084        ParVdm - ok

22:35:48.0718 2084        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

22:35:48.0843 2084        PCI - ok

22:35:48.0890 2084        PCIDump - ok

22:35:48.0921 2084        PCIIde - ok

22:35:49.0031 2084        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

22:35:49.0187 2084        Pcmcia - ok

22:35:49.0218 2084        PDCOMP - ok

22:35:49.0250 2084        PDFRAME - ok

22:35:49.0281 2084        PDRELI - ok

22:35:49.0296 2084        PDRFRAME - ok

22:35:49.0328 2084        perc2 - ok

22:35:49.0375 2084        perc2hib - ok

22:35:49.0515 2084        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

22:35:49.0546 2084        PlugPlay - ok

22:35:49.0625 2084        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe

22:35:49.0765 2084        PolicyAgent - ok

22:35:49.0843 2084        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

22:35:50.0000 2084        PptpMiniport - ok

22:35:50.0046 2084        Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys

22:35:50.0234 2084        Processor - ok

22:35:50.0265 2084        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

22:35:50.0406 2084        ProtectedStorage - ok

22:35:50.0437 2084        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

22:35:50.0593 2084        PSched - ok

22:35:50.0671 2084        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

22:35:50.0906 2084        Ptilink - ok

22:35:50.0937 2084        ql1080 - ok

22:35:50.0968 2084        Ql10wnt - ok

22:35:50.0984 2084        ql12160 - ok

22:35:51.0015 2084        ql1240 - ok

22:35:51.0046 2084        ql1280 - ok

22:35:51.0093 2084        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

22:35:51.0328 2084        RasAcd - ok

22:35:51.0421 2084        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

22:35:51.0562 2084        RasAuto - ok

22:35:51.0593 2084        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

22:35:51.0765 2084        Rasl2tp - ok

22:35:51.0859 2084        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

22:35:52.0031 2084        RasMan - ok

22:35:52.0078 2084        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

22:35:52.0234 2084        RasPppoe - ok

22:35:52.0265 2084        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

22:35:52.0500 2084        Raspti - ok

22:35:52.0546 2084        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

22:35:52.0718 2084        Rdbss - ok

22:35:52.0750 2084        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

22:35:52.0984 2084        RDPCDD - ok

22:35:53.0078 2084        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

22:35:53.0109 2084        RDPWD - ok

22:35:53.0218 2084        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

22:35:53.0359 2084        RDSessMgr - ok

22:35:53.0421 2084        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

22:35:53.0578 2084        redbook - ok

22:35:53.0625 2084        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

22:35:53.0796 2084        RemoteAccess - ok

22:35:53.0859 2084        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe

22:35:54.0031 2084        RpcLocator - ok

22:35:54.0140 2084        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

22:35:54.0187 2084        RpcSs - ok

22:35:54.0265 2084        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe

22:35:54.0484 2084        RSVP - ok

22:35:54.0593 2084        RTLWUSB         (0b3b199ab00cfa82747d0892c027c077) C:\WINDOWS\system32\DRIVERS\RTL8187.sys

22:35:54.0687 2084        RTLWUSB - ok

22:35:54.0750 2084        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

22:35:54.0875 2084        SamSs - ok

22:35:54.0953 2084        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

22:35:55.0140 2084        SCardSvr - ok

22:35:55.0234 2084        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

22:35:55.0390 2084        Schedule - ok

22:35:55.0468 2084        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

22:35:55.0609 2084        Secdrv - ok

22:35:55.0671 2084        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

22:35:55.0843 2084        seclogon - ok

22:35:55.0875 2084        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

22:35:56.0031 2084        SENS - ok

22:35:56.0093 2084        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

22:35:56.0250 2084        serenum - ok

22:35:56.0281 2084        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

22:35:56.0421 2084        Serial - ok

22:35:56.0531 2084        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

22:35:56.0687 2084        Sfloppy - ok

22:35:56.0796 2084        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

22:35:57.0125 2084        SharedAccess - ok

22:35:57.0218 2084        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

22:35:57.0250 2084        ShellHWDetection - ok

22:35:57.0265 2084        Simbad - ok

22:35:57.0296 2084        Sparrow - ok

22:35:57.0390 2084        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

22:35:57.0468 2084        Spooler - ok

22:35:57.0515 2084        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

22:35:57.0671 2084        sr - ok

22:35:57.0750 2084        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll

22:35:57.0921 2084        srservice - ok

22:35:58.0046 2084        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

22:35:58.0218 2084        Srv - ok

22:35:58.0296 2084        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

22:35:58.0453 2084        SSDPSRV - ok

22:35:58.0531 2084        ssmdrv          (71d609c5dff067906d930bde031c4cfe) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

22:35:58.0546 2084        ssmdrv ( UnsignedFile.Multi.Generic ) - warning

22:35:58.0546 2084        ssmdrv - detected UnsignedFile.Multi.Generic (1)

22:35:58.0640 2084        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

22:35:58.0890 2084        stisvc - ok

22:35:58.0968 2084        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

22:35:59.0125 2084        swenum - ok

22:35:59.0140 2084        SwPrv - ok

22:35:59.0187 2084        symc810 - ok

22:35:59.0203 2084        symc8xx - ok

22:35:59.0234 2084        sym_hi - ok

22:35:59.0265 2084        sym_u3 - ok

22:35:59.0375 2084        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

22:35:59.0515 2084        SysmonLog - ok

22:35:59.0609 2084        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

22:35:59.0781 2084        TapiSrv - ok

22:35:59.0906 2084        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

22:36:00.0031 2084        Tcpip - ok

22:36:00.0109 2084        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

22:36:00.0265 2084        TDPIPE - ok

22:36:00.0312 2084        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

22:36:00.0468 2084        TDTCP - ok

22:36:00.0484 2084        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

22:36:00.0625 2084        TermDD - ok

22:36:00.0703 2084        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

22:36:00.0906 2084        TermService - ok

22:36:01.0031 2084        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

22:36:01.0046 2084        Themes - ok

22:36:01.0078 2084        TosIde - ok

22:36:01.0406 2084        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

22:36:01.0546 2084        TrkWks - ok

22:36:01.0671 2084        uagp35          (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys

22:36:01.0828 2084        uagp35 - ok

22:36:01.0937 2084        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

22:36:02.0078 2084        Udfs - ok

22:36:02.0109 2084        ultra - ok

22:36:02.0203 2084        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

22:36:02.0390 2084        Update - ok

22:36:02.0468 2084        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

22:36:02.0640 2084        upnphost - ok

22:36:02.0671 2084        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

22:36:02.0828 2084        UPS - ok

22:36:02.0906 2084        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

22:36:03.0062 2084        usbccgp - ok

22:36:03.0109 2084        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

22:36:03.0265 2084        usbhub - ok

22:36:03.0343 2084        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

22:36:03.0500 2084        usbprint - ok

22:36:03.0578 2084        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

22:36:03.0734 2084        usbscan - ok

22:36:03.0812 2084        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

22:36:03.0968 2084        USBSTOR - ok

22:36:04.0015 2084        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

22:36:04.0156 2084        usbuhci - ok

22:36:04.0187 2084        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

22:36:04.0328 2084        VgaSave - ok

22:36:04.0359 2084        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

22:36:04.0515 2084        ViaIde - ok

22:36:04.0546 2084        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

22:36:04.0703 2084        VolSnap - ok

22:36:04.0796 2084        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

22:36:04.0953 2084        VSS - ok

22:36:05.0000 2084        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\System32\w32time.dll

22:36:05.0140 2084        W32Time - ok

22:36:05.0234 2084        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

22:36:05.0406 2084        Wanarp - ok

22:36:05.0421 2084        WDICA - ok

22:36:05.0515 2084        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

22:36:05.0656 2084        WebClient - ok

22:36:06.0015 2084        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

22:36:06.0156 2084        winmgmt - ok

22:36:06.0281 2084        WmdmPmSN        (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\mspmsnsv.dll

22:36:06.0437 2084        WmdmPmSN - ok

22:36:06.0546 2084        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe

22:36:06.0687 2084        WmiApSrv - ok

22:36:06.0765 2084        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

22:36:06.0921 2084        wscsvc - ok

22:36:06.0937 2084        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

22:36:07.0125 2084        wuauserv - ok

22:36:07.0218 2084        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

22:36:07.0421 2084        WZCSVC - ok

22:36:07.0500 2084        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

22:36:07.0640 2084        xmlprov - ok

22:36:07.0734 2084        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

22:36:08.0359 2084        \Device\Harddisk0\DR0 - ok

22:36:08.0421 2084        MBR (0x1B8)     (7ca7e5712c1e22b4bc4171df4579ea07) \Device\Harddisk1\DR2

22:36:42.0578 2084        \Device\Harddisk1\DR2 - ok

22:36:42.0625 2084        Boot (0x1200)   (28923f1eed9b1c1e8bc4d279573162c1) \Device\Harddisk0\DR0\Partition0

22:36:42.0625 2084        \Device\Harddisk0\DR0\Partition0 - ok

22:36:42.0640 2084        ============================================================

22:36:42.0640 2084        Scan finished

22:36:42.0640 2084        ============================================================

22:36:42.0781 2076        Detected object count: 5

22:36:42.0781 2076        Actual detected object count: 5

22:37:10.0468 2076        AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:10.0468 2076        AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:37:10.0468 2076        AntiVirScheduler ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:10.0468 2076        AntiVirScheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:37:10.0484 2076        AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:10.0484 2076        AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:37:10.0484 2076        EAPPkt ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:10.0484 2076        EAPPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:37:10.0500 2076        ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user

22:37:10.0500 2076        ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Anbei der ComboFix Log:

Combofix Logfile:

Code:

ComboFix 12-06-03.01 - Besitzer 03.06.2012  20:36:31.1.1 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.510.307 [GMT 2:00]

ausgeführt von:: E:\ComboFix.exe

AV: Avira AntiVir PersonalEdition *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\EventSystem.log

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\drivers\etc\hosts.ics

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-05-03 bis 2012-06-03  ))))))))))))))))))))))))))))))

.

.

2012-06-03 18:29 . 2008-04-14 02:22        26624        ----a-w-        c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2012-06-02 18:24 . 2012-06-02 18:24        --------        d-----w-        C:\_OTL

2012-05-30 14:18 . 2012-05-30 14:18        --------        d-----w-        c:\programme\Mozilla Maintenance Service

2012-05-30 14:18 . 2012-04-21 01:18        97208        ----a-w-        c:\programme\Mozilla Firefox\components\browsercomps.dll

2012-05-30 14:18 . 2012-04-21 01:16        43960        ----a-w-        c:\programme\Mozilla Firefox\mozglue.dll

2012-05-30 14:18 . 2012-04-21 01:16        157352        ----a-w-        c:\programme\Mozilla Firefox\maintenanceservice_installer.exe

2012-05-30 14:18 . 2012-04-21 01:16        129976        ----a-w-        c:\programme\Mozilla Firefox\maintenanceservice.exe

2012-05-30 14:18 . 2012-04-21 01:16        588728        ----a-w-        c:\programme\Mozilla Firefox\gkmedias.dll

2012-05-30 14:15 . 2012-05-30 14:15        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-05-23 15:50 . 2012-05-23 15:50        --------        d-----w-        c:\programme\ESET

2012-05-23 12:45 . 2012-05-23 12:45        --------        d-----w-        c:\dokumente und einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\PCHealth

2012-05-23 12:43 . 2012-05-23 12:43        --------        d-----w-        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Malwarebytes

2012-05-22 12:31 . 2012-05-22 12:31        --------        d-----w-        c:\dokumente und einstellungen\Lorenzo\Anwendungsdaten\Malwarebytes

2012-05-22 12:31 . 2012-05-22 12:31        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2012-05-22 12:31 . 2012-05-22 12:31        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2012-05-22 12:31 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-05-22 10:48 . 2012-05-22 10:48        --------        d-sh--w-        c:\windows\system32\config\systemprofile\IETldCache

2012-05-21 15:06 . 2012-05-21 15:06        --------        d--h--w-        c:\windows\PIF

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-30 14:15 . 2011-12-25 10:31        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-11 13:51 . 2001-08-18 04:28        2071424        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:51 . 2001-08-18 12:00        1862400        ----a-w-        c:\windows\system32\win32k.sys

2012-04-11 13:51 . 2001-08-18 12:00        2194944        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-04-21 01:18 . 2012-05-30 14:18        97208        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll

[7] 2004-08-03 . 4721744CE11F385073F6F9F7831752C7 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll

.

c:\windows\System32\ksuser.dll ... Fehlt !!

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-16 188416]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\Lorenzo\Startmenü\Programme\Autostart\

OpenOffice.org 3.0.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

.

c:\dokumente und einstellungen\Besitzer\Startmenü\Programme\Autostart\

OpenOffice.org 3.0.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

REALTEK USB Wireless LAN Utility.lnk - c:\programme\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe [2008-4-15 794624]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 257696]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]

R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2007-05-21 235648]

S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2006-11-15 38144]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 14:15]

.

.

------- Zusätzlicher Suchlauf -------

.

FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5gkgetbt.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-ZoneAlarm - c:\programme\Zone Labs\ZoneAlarm\zauninst.exe

AddRemove-{F672B967-BC29-4C4D-A16A-C71C0B9DC656} - c:\programme\Watchtower\Watchtower Library 2011\I\uninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-06-03 20:45

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-06-03  20:50:44

ComboFix-quarantined-files.txt  2012-06-03 18:50

.

Vor Suchlauf: 8 Verzeichnis(se), 27.904.708.608 Bytes frei

Nach Suchlauf: 10 Verzeichnis(se), 28.145.242.112 Bytes frei

.

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - EE5D31C6E761FB3AF10A4655B47695A7

--- --- ---