Trojaner-Board - Windows Verschlüsselungs Trojaner

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows Verschlüsselungs Trojaner (https://www.trojaner-board.de/116856-windows-verschluesselungs-trojaner.html)

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL Logfile:

Code:

OTL logfile created on: 12.06.2012 16:50:06 - Run 1

OTL by OldTimer - Version 3.2.48.0     Folder = C:\Dokumente und Einstellungen\Dracon\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,75 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 73,55% Memory free

4,59 Gb Paging File | 3,92 Gb Available in Paging File | 85,28% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 20,51 Gb Total Space | 0,40 Gb Free Space | 1,95% Space Free | Partition Type: NTFS

Drive D: | 53,99 Gb Total Space | 25,27 Gb Free Space | 46,81% Space Free | Partition Type: NTFS

Drive G: | 931,51 Gb Total Space | 215,86 Gb Free Space | 23,17% Space Free | Partition Type: NTFS

 

Computer Name: DRAC0N | User Name: Dracon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.06.12 16:46:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Dracon\Eigene Dateien\Downloads\OTL.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2011.11.21 16:12:58 | 000,745,280 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

PRC - [2011.11.21 16:11:58 | 001,052,480 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

PRC - [2011.06.08 23:19:09 | 000,498,760 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDRSS.exe

PRC - [2011.06.08 23:19:08 | 000,676,424 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDClock.exe

PRC - [2011.06.08 23:19:08 | 000,523,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDCountdown.exe

PRC - [2011.06.08 23:19:08 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe

PRC - [2011.06.08 23:19:08 | 000,477,768 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDPop3.exe

PRC - [2010.11.16 13:08:38 | 000,094,280 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\LCore.exe

PRC - [2010.11.11 13:44:00 | 000,594,200 | ---- | M] (Greatis Software) -- C:\Programme\UnHackMe\hackmon.exe

PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010.08.25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2010.01.13 19:14:00 | 000,247,296 | ---- | M] () -- C:\Programme\Mobile Partner Manager\AssistantServices.exe

PRC - [2010.01.13 19:13:20 | 000,133,120 | ---- | M] () -- C:\Programme\Mobile Partner Manager\UIExec.exe

PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2009.05.06 11:11:20 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe

PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008.02.22 15:30:04 | 000,684,032 | ---- | M] (Sonix) -- C:\WINDOWS\vspc1030.exe

PRC - [2007.03.29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe

PRC - [2006.09.24 09:43:42 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

PRC - [2006.06.01 13:32:12 | 000,094,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe

PRC - [2004.12.14 19:51:34 | 000,217,088 | ---- | M] (Labtec Inc.) -- C:\Programme\Logitech\Video\LogiTray.exe

PRC - [2004.12.14 19:34:18 | 000,192,512 | ---- | M] (Labtec Inc.) -- C:\Programme\Logitech\Video\FxSvr2.exe

PRC - [2004.12.14 19:19:44 | 000,221,184 | ---- | M] (Labtec Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE

PRC - [2001.02.23 11:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.06.08 23:19:14 | 000,336,384 | ---- | M] () -- C:\Programme\Logitech Gaming Software\plugins\MainUI-1.00.148\MainUI.dll

MOD - [2011.06.08 23:19:13 | 000,052,224 | ---- | M] () -- C:\Programme\Logitech Gaming Software\plugins\SimInput-1.00.020\SimInput.dll

MOD - [2011.06.08 23:19:06 | 000,129,024 | ---- | M] () -- C:\Programme\Logitech Gaming Software\plugins\G19Device-1.00.072\G19Device.dll

MOD - [2011.06.08 23:19:06 | 000,111,616 | ---- | M] () -- C:\Programme\Logitech Gaming Software\plugins\G13Device-1.00.077\G13Device.dll

MOD - [2011.06.08 23:19:06 | 000,079,360 | ---- | M] () -- C:\Programme\Logitech Gaming Software\plugins\DevBusBulk-1.00.039\DevBusBulk.dll

MOD - [2011.06.08 23:19:05 | 000,079,360 | ---- | M] () -- C:\Programme\Logitech Gaming Software\plugins\DevBusHid-1.00.036\DevBusHid.dll

MOD - [2011.06.08 23:19:05 | 000,068,608 | ---- | M] () -- C:\Programme\Logitech Gaming Software\plugins\DevMgr-1.00.024\DevMgr.dll

MOD - [2011.06.08 23:19:05 | 000,026,112 | ---- | M] () -- C:\Programme\Logitech Gaming Software\plugins\PnpGamePanelDevices-1.00.008\PnpGamePanelDevices.dll

MOD - [2011.06.08 23:19:05 | 000,008,704 | ---- | M] () -- C:\Programme\Logitech Gaming Software\plugins\DevBusFake-1.00.006\DevBusFake.dll

MOD - [2010.08.16 00:08:44 | 000,094,208 | ---- | M] () -- G:\FileZilla FTP Client\fzshellext.dll

MOD - [2010.01.13 19:14:00 | 000,247,296 | ---- | M] () -- C:\Programme\Mobile Partner Manager\AssistantServices.exe

MOD - [2010.01.13 19:13:20 | 000,133,120 | ---- | M] () -- C:\Programme\Mobile Partner Manager\UIExec.exe

MOD - [2009.01.28 16:03:49 | 000,326,401 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.05.05 17:21:44 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.05.04 15:16:46 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.04.28 00:30:00 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.12.25 05:12:04 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.11.21 16:11:58 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2011.11.21 16:10:04 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)

SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010.01.13 19:14:00 | 000,247,296 | ---- | M] () [Auto | Running] -- C:\Programme\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service)

SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009.05.06 11:11:20 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)

SRV - [2006.09.24 09:43:42 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)

SRV - [2006.05.10 11:59:04 | 000,353,912 | ---- | M] (Protection Technology (StarForce)) [Auto | Stopped] -- C:\WINDOWS\System32\sfrem01.exe -- (sfrem01) SF FrontLine Drivers Auto Removal (v1)

SRV - [2001.02.23 11:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.06.08 23:19:13 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGBusEnum.sys -- (LGBusEnum)

DRV - [2011.06.08 23:19:13 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGVirHid.sys -- (LGVirHid)

DRV - [2011.02.23 10:48:13 | 000,100,456 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2010.12.09 22:15:39 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)

DRV - [2010.12.09 21:08:24 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan)

DRV - [2010.04.13 17:53:40 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)

DRV - [2009.12.17 11:31:42 | 000,021,504 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Ndisprot.sys -- (Ndisprot)

DRV - [2009.12.08 02:31:16 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - [2009.10.29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)

DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2009.05.31 01:17:40 | 000,138,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)

DRV - [2009.04.29 11:29:40 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2009.04.29 11:29:40 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.06.11 18:37:10 | 003,035,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\spc1030.sys -- (SPC1030) USB2.0 PC Camera (SPC1030)

DRV - [2008.05.07 11:40:00 | 000,088,704 | R--- | M] (Philips Applied Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\phaudlwr.sys -- (phaudlwr)

DRV - [2008.04.14 00:30:04 | 000,225,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

DRV - [2008.01.03 16:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2007.11.05 11:56:58 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2007.05.01 16:08:40 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH0460.sys -- (SaiH0460)

DRV - [2006.12.21 21:05:22 | 001,294,336 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CM108.sys -- (CM1083264)

DRV - [2006.11.15 15:34:40 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006.05.10 10:59:04 | 000,052,224 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)

DRV - [2006.05.10 10:39:38 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2006.05.10 10:20:28 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2006.04.06 18:21:08 | 000,118,850 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw70bda.sys -- (HCW77BDA)

DRV - [2006.02.23 05:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)

DRV - [2006.02.23 05:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)

DRV - [2005.03.16 08:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)

DRV - [2005.01.04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)

DRV - [2004.10.11 19:22:02 | 000,211,712 | R--- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Labtec WebCam(PID_0928)

DRV - [2004.10.11 19:18:58 | 000,022,016 | R--- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2003.12.21 18:24:22 | 000,140,800 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xmasbus.sys -- (xmasbus)

DRV - [2003.12.20 21:03:42 | 000,005,504 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xmasscsi.sys -- (xmasscsi)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-861567501-1965331169-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-861567501-1965331169-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKU\S-1-5-21-861567501-1965331169-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKU\S-1-5-21-861567501-1965331169-839522115-1003\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-861567501-1965331169-839522115-1003\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)

IE - HKU\S-1-5-21-861567501-1965331169-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-861567501-1965331169-839522115-1003\..\SearchScopes,DefaultScope = {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}

IE - HKU\S-1-5-21-861567501-1965331169-839522115-1003\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = hxxp://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=de&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1

IE - HKU\S-1-5-21-861567501-1965331169-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "https://navigator.web.de/navigator/show?sid=88da678de4c54db45ee56a8133139dedaf088842574fc6326bc2b80f0b94acd57b378ac5fc2917b5ca9796b1eb4561b6#home|https://return2.space/index.php|hxxp://www.meinvz.net/Default|hxxp://www.facebook.com/home.php"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - prefs.js..network.proxy.type: 4

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.08 22:59:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.05 15:40:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.09.16 19:03:40 | 000,000,000 | ---D | M]

 

[2008.06.27 00:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Mozilla\Extensions

[2012.05.03 16:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Mozilla\Firefox\Profiles\wrwezuke.default\extensions

[2011.12.19 13:33:29 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Mozilla\Firefox\Profiles\wrwezuke.default\searchplugins\11-suche.xml

[2011.12.19 13:33:29 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Mozilla\Firefox\Profiles\wrwezuke.default\searchplugins\englische-ergebnisse.xml

[2011.12.19 13:33:29 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Mozilla\Firefox\Profiles\wrwezuke.default\searchplugins\gmx-suche.xml

[2012.04.07 20:32:45 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Mozilla\Firefox\Profiles\wrwezuke.default\searchplugins\icqplugin.xml

[2011.12.19 13:33:29 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Mozilla\Firefox\Profiles\wrwezuke.default\searchplugins\lastminute.xml

[2011.12.19 13:33:29 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Mozilla\Firefox\Profiles\wrwezuke.default\searchplugins\webde-suche.xml

[2012.06.05 15:40:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2009.01.06 11:42:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.02.26 20:02:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\19.0.1084.52\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\19.0.1084.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Unity Player (Enabled) = C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012.06.11 23:23:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKU\S-1-5-21-861567501-1965331169-839522115-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CM108Sound] RunDll32 CM108.cpl,CMICtrlWnd File not found

O4 - HKLM..\Run: [GEST] m’|dú File not found

O4 - HKLM..\Run: [Launch LCore] C:\Programme\Logitech Gaming Software\LCore.exe (Logitech Inc.)

O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe (Labtec Inc.)

O4 - HKLM..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe (Labtec Inc.)

O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Labtec Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [spc1030] C:\WINDOWS\vspc1030.exe (Sonix)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [UIExec] C:\Programme\Mobile Partner Manager\UIExec.exe ()

O4 - HKU\S-1-5-21-861567501-1965331169-839522115-1003..\Run: [B47AB9C5] C:\WINDOWS\system32\694A625BB47AB9C56908.exe File not found

O4 - HKU\S-1-5-21-861567501-1965331169-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-861567501-1965331169-839522115-1003..\Run: [ISUSPM] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)

O4 - HKU\S-1-5-21-861567501-1965331169-839522115-1003..\Run: [Steam] G:\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-861567501-1965331169-839522115-1003..\Run: [UnHackMe Monitor] C:\Programme\UnHackMe\hackmon.exe (Greatis Software)

O4 - HKU\S-1-5-21-861567501-1965331169-839522115-1003..\Run: [uTorrent] C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\.DEFAULT..\RunOnce: [IETI] C:\Programme\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART File not found

O4 - HKU\S-1-5-18..\RunOnce: [IETI] C:\Programme\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART File not found

O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found

O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)

O4 - Startup: C:\Dokumente und Einstellungen\Dracon\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-861567501-1965331169-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found

O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E7944D7-8BF4-46BE-8F41-2CB62A934EE9}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36E3588F-5753-4F02-8708-5A2776757953}: NameServer = 192.168.178.1

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) -  File not found

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{010989c4-487b-11dd-ab63-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{010989c4-487b-11dd-ab63-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{010989c4-487b-11dd-ab63-00e04d1aaffe}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O33 - MountPoints2\{0cdbce7e-1b5b-11e1-a49b-001fd0dd9d75}\Shell\AutoRun\command - "" = I:\Menu.exe

O33 - MountPoints2\{e9d0be6e-59ad-11dd-ab86-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{e9d0be6e-59ad-11dd-ab86-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{e9d0be6e-59ad-11dd-ab86-00e04d1aaffe}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe

O33 - MountPoints2\{ec3e430c-48d6-11dd-ab68-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{ec3e430c-48d6-11dd-ab68-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ec3e430c-48d6-11dd-ab68-00e04d1aaffe}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O33 - MountPoints2\{ec3e430d-48d6-11dd-ab68-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{ec3e430d-48d6-11dd-ab68-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ec3e430d-48d6-11dd-ab68-00e04d1aaffe}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O33 - MountPoints2\{f7812c96-42de-11dd-ab55-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{f7812c96-42de-11dd-ab55-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f7812c96-42de-11dd-ab55-00e04d1aaffe}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O33 - MountPoints2\{f7812c97-42de-11dd-ab55-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{f7812c97-42de-11dd-ab55-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f7812c97-42de-11dd-ab55-00e04d1aaffe}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O33 - MountPoints2\{f7812c98-42de-11dd-ab55-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{f7812c98-42de-11dd-ab55-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f7812c98-42de-11dd-ab55-00e04d1aaffe}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O33 - MountPoints2\{fae0d5d6-5296-11dd-ab7a-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{fae0d5d6-5296-11dd-ab7a-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{fae0d5d6-5296-11dd-ab7a-00e04d1aaffe}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O33 - MountPoints2\{fe04aa16-96fd-11dd-abcf-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{fe04aa16-96fd-11dd-abcf-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{fe04aa16-96fd-11dd-abcf-00e04d1aaffe}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O33 - MountPoints2\{fe04aa17-96fd-11dd-abcf-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{fe04aa17-96fd-11dd-abcf-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{fe04aa17-96fd-11dd-abcf-00e04d1aaffe}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe

O33 - MountPoints2\{fef3fac4-487b-11dd-ab64-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{fef3fac4-487b-11dd-ab64-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{fef3fac4-487b-11dd-ab64-00e04d1aaffe}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (Partizan)

O34 - HKLM BootExecute: (ootExecute settings...)

O34 - HKLM BootExecute: (on\E)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)

NetSvcs: WmdmPmSp -  File not found

 

 

 

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung

ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)

Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)

Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)

Drivers32: VIDC.FFDS - C:\Programme\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()

Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.06.12 03:49:13 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.06.12 00:11:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Malwarebytes

[2012.06.12 00:11:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.06.12 00:11:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.06.12 00:11:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.06.12 00:11:06 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.06.11 23:23:02 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe

[2012.06.11 23:22:59 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.06.11 18:52:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinZip

[2012.06.11 18:51:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip

[2012.06.11 18:51:41 | 000,000,000 | ---D | C] -- C:\Programme\WinZip

[2012.06.04 15:37:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dracon\Startmenü\Programme\AVS4YOU

[2012.06.04 15:37:07 | 000,000,000 | ---D | C] -- C:\Programme\AVS4YOU

[2012.06.04 15:36:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVS4YOU

[2012.06.04 15:35:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

[2012.06.04 15:35:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVS4YOU

[2012.05.14 23:26:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Dracon\Eigene Dateien\Diablo III

[2012.05.14 23:03:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Diablo III

[2012.05.14 22:58:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2012.05.14 22:45:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2012.05.14 22:45:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de

[2012.05.14 22:45:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits

[2012.05.14 22:43:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles

[2012.05.14 22:41:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic

[2012.05.14 22:38:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.06.12 16:34:00 | 000,001,214 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1965331169-839522115-1003UA.job

[2012.06.12 16:21:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.06.12 13:34:00 | 000,001,162 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1965331169-839522115-1003Core.job

[2012.06.12 05:37:37 | 000,002,373 | ---- | M] () -- C:\Dokumente und Einstellungen\Dracon\Desktop\Google Chrome.lnk

[2012.06.12 00:11:07 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.12 00:04:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.06.11 18:52:03 | 000,001,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WinZip.lnk

[2012.06.11 18:52:03 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk

[2012.06.11 00:26:34 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.06.11 00:23:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.06.08 00:05:23 | 000,114,688 | ---- | M] () -- C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.06.07 18:50:31 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012.06.06 21:59:13 | 000,002,562 | ---- | M] () -- C:\WINDOWS\diagwrn.xml

[2012.06.06 21:59:13 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml

[2012.06.05 15:40:09 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk

[2012.06.04 15:37:10 | 000,000,918 | ---- | M] () -- C:\Dokumente und Einstellungen\Dracon\Desktop\AVS4YOU Software Navigator.lnk

[2012.06.01 17:15:00 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job

[2012.05.14 23:18:13 | 000,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Diablo III.lnk

[2012.05.14 23:00:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2012.05.14 22:57:22 | 000,177,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.06.12 00:11:07 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.11 18:52:03 | 000,001,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WinZip.lnk

[2012.06.11 18:52:02 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk

[2012.06.04 15:37:10 | 000,000,918 | ---- | C] () -- C:\Dokumente und Einstellungen\Dracon\Desktop\AVS4YOU Software Navigator.lnk

[2012.05.14 23:03:08 | 000,000,682 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Diablo III.lnk

[2012.05.14 23:00:17 | 000,000,747 | ---- | C] () -- C:\Dokumente und Einstellungen\Dracon\Startmenü\Programme\Internet Explorer.lnk

[2012.05.14 22:45:38 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta

[2012.05.14 22:45:38 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css

[2012.05.14 22:45:38 | 000,001,730 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf

[2012.05.14 22:45:38 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js

[2012.05.14 22:45:37 | 000,660,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm

[2012.05.14 22:45:37 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv

[2012.05.14 22:45:37 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv

[2012.05.14 22:45:37 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav

[2012.05.14 22:45:37 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav

[2012.05.14 22:45:37 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav

[2012.05.14 22:45:37 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv

[2012.05.14 22:45:37 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav

[2012.05.14 22:45:37 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav

[2012.05.14 22:45:37 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav

[2012.05.14 22:45:37 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav

[2012.05.14 22:45:37 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav

[2012.05.14 22:45:37 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav

[2012.05.14 22:45:37 | 000,084,531 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm

[2012.05.14 22:45:37 | 000,076,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm

[2012.05.14 22:45:37 | 000,066,132 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz

[2012.05.14 22:45:37 | 000,058,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf

[2012.05.14 22:45:37 | 000,034,554 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf

[2012.05.14 22:45:37 | 000,026,141 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm

[2012.05.14 22:45:37 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif

[2012.05.14 22:45:37 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip

[2012.05.14 22:45:37 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif

[2012.05.14 22:45:37 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf

[2012.05.14 22:45:37 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif

[2012.05.14 22:45:37 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif

[2012.05.14 22:45:37 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif

[2012.05.14 22:45:37 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif

[2012.05.14 22:45:37 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif

[2012.05.14 22:45:37 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif

[2012.05.14 22:45:37 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif

[2012.05.14 22:45:37 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif

[2012.05.14 22:45:37 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif

[2012.05.14 22:45:37 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js

[2012.05.14 22:45:37 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif

[2012.05.14 22:45:37 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif

[2012.05.14 22:45:37 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif

[2012.05.14 22:45:37 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif

[2012.05.14 22:45:37 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif

[2012.05.14 22:45:37 | 000,001,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf

[2012.05.14 22:45:37 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl

[2012.05.14 22:45:37 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl

[2012.05.14 22:45:37 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl

[2012.05.14 22:45:37 | 000,001,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl

[2012.05.14 22:45:37 | 000,001,467 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl

[2012.05.14 22:45:37 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif

[2012.05.14 22:45:37 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif

[2012.05.14 22:45:37 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif

[2012.05.14 22:45:37 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif

[2012.05.14 22:45:37 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl

[2012.05.14 22:45:37 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm

[2012.05.14 22:45:37 | 000,001,055 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl

[2012.05.14 22:45:37 | 000,001,047 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl

[2012.05.14 22:45:37 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl

[2012.05.14 22:45:37 | 000,000,807 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl

[2012.05.14 22:45:37 | 000,000,800 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl

[2012.05.14 22:45:37 | 000,000,782 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl

[2012.05.14 22:45:37 | 000,000,779 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl

[2012.05.14 22:45:37 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl

[2012.05.14 22:45:37 | 000,000,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl

[2012.05.14 22:45:37 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip

[2012.05.14 22:45:36 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv

[2012.05.14 22:45:36 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv

[2012.05.14 22:45:36 | 000,184,109 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz

[2012.05.14 22:45:36 | 000,036,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf

[2012.05.14 22:45:36 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css

[2012.05.14 22:45:36 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm

[2012.05.14 22:45:36 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js

[2012.05.14 22:45:36 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js

[2012.05.14 22:45:36 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif

[2012.05.14 22:45:36 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif

[2012.05.14 22:45:36 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif

[2012.05.14 22:45:36 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif

[2012.05.14 22:45:36 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif

[2012.05.14 22:45:36 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif

[2012.05.14 22:45:36 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif

[2012.05.14 22:45:36 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif

[2012.05.14 22:41:46 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty

[2012.05.14 22:41:46 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod

[2012.05.14 22:41:41 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img

[2012.05.14 20:10:03 | 000,002,562 | ---- | C] () -- C:\WINDOWS\diagwrn.xml

[2012.05.14 20:10:03 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml

[2011.09.16 21:24:54 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2011.09.16 21:24:54 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2011.09.16 21:24:54 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2011.09.16 21:03:06 | 000,025,305 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat

[2011.06.30 20:19:05 | 000,253,464 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011.06.30 20:19:02 | 000,253,464 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011.06.30 20:19:02 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011.06.30 20:18:39 | 002,293,138 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2011.05.27 22:02:41 | 000,000,225 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010.10.30 16:44:58 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI

 
 ========== LOP Check ==========

 

[2012.03.16 05:44:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net

[2012.04.15 10:35:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts

[2009.01.06 11:41:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ

[2008.06.19 18:31:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Saitek

[2011.05.28 19:04:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

[2009.12.06 21:18:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software

[2008.06.16 19:12:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems

[2012.06.11 18:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip

[2009.12.06 21:18:09 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

[2012.02.12 04:27:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Acreon

[2010.10.30 22:30:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\FileZilla

[2012.05.12 21:04:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\ICQ

[2008.03.08 00:20:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\ICQ Toolbar

[2008.02.20 17:33:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\ICQLite

[2008.04.03 18:59:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Lexmark Imaging Studio

[2010.01.28 00:14:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\MobMapUpdater

[2008.02.21 00:05:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\MusicIP

[2012.03.04 21:52:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Need for Speed World

[2009.01.27 18:10:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\OpenOffice.org

[2011.05.28 19:04:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Registry Mechanic

[2009.05.16 22:03:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\TeamViewer

[2011.05.18 00:07:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\TS3Client

[2008.02.20 17:38:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\TuneUp Software

[2008.07.01 08:17:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Ulead Systems

[2011.07.31 18:20:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Unity

[2012.06.12 16:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\uTorrent

[2008.03.07 00:08:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TeamViewer

[2009.12.06 22:00:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software

[2012.06.01 17:15:00 | 000,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.02.12 04:27:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Acreon

[2008.12.30 13:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Adobe

[2008.05.15 11:34:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\AdobeUM

[2008.08.29 18:26:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Ahead

[2009.07.02 21:22:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\ArcSoft

[2008.03.08 01:39:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\AVS4YOU

[2008.05.29 11:19:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\DivX

[2011.11.20 16:14:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\dvdcss

[2010.10.30 22:30:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\FileZilla

[2008.02.20 17:23:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Google

[2009.08.21 17:30:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Help

[2010.06.08 23:30:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\HP

[2012.06.02 20:44:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\HPAppData

[2012.05.11 21:37:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\HpUpdate

[2012.05.12 21:04:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\ICQ

[2008.03.08 00:20:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\ICQ Toolbar

[2008.02.20 17:33:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\ICQLite

[2008.02.20 16:44:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Identities

[2009.11.12 18:34:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\InstallShield

[2010.04.15 00:32:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\InstallShield Installation Information

[2008.04.03 18:59:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Lexmark Imaging Studio

[2008.02.20 18:11:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Macromedia

[2008.06.26 13:17:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Macrovision

[2012.06.12 00:11:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Malwarebytes

[2012.04.09 19:38:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Media Player Classic

[2012.03.04 21:52:24 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Microsoft

[2010.01.28 00:14:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\MobMapUpdater

[2008.06.27 00:58:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Mozilla

[2008.02.21 00:05:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\MusicIP

[2012.03.04 21:52:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Need for Speed World

[2009.01.27 18:10:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\OpenOffice.org

[2011.05.28 19:04:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Registry Mechanic

[2010.06.13 00:49:05 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\SecuROM

[2011.10.05 17:31:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Skype

[2008.10.05 19:04:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Sun

[2010.03.13 20:54:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\teamspeak2

[2009.05.16 22:03:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\TeamViewer

[2011.05.18 00:07:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\TS3Client

[2008.02.20 17:38:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\TuneUp Software

[2008.07.01 08:17:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Ulead Systems

[2011.07.31 18:20:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Unity

[2012.06.12 16:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\uTorrent

[2008.08.11 19:47:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\vlc

[2008.04.01 15:04:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\WinRAR

[2010.01.07 03:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Xfire

 
 < %APPDATA%\*.exe /s >

[2012.02.12 04:27:12 | 000,272,384 | ---- | M] () -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Acreon\WowMatrix\Modules\curl.exe

[2008.04.02 14:53:39 | 021,277,080 | ---- | M] (                            ) -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe

[2010.04.15 00:21:08 | 000,331,776 | ---- | M] () -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\InstallShield Installation Information\{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}\SetupUT3.exe

[2008.10.11 17:25:31 | 000,011,502 | R--- | M] () -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Microsoft\Installer\{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}\ARPPRODUCTICON.exe

[2008.10.11 17:25:31 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Microsoft\Installer\{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}\FlatOut2.exe1_C884B05AF5D94AE49D84E6BD9F6E7890.exe

[2008.10.11 17:25:31 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Microsoft\Installer\{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}\FlatOut2.exe_C884B05AF5D94AE49D84E6BD9F6E7890.exe

[2008.10.11 17:25:31 | 000,015,086 | R--- | M] () -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Microsoft\Installer\{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}\NewShortcut5_C884B05AF5D94AE49D84E6BD9F6E7890.exe

[2008.10.11 17:25:31 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Dracon\Anwendungsdaten\Microsoft\Installer\{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}\Uninstall_FlatOut2_C884B05AF5D94AE49D84E6BD9F6E7890.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2011.07.13 04:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe

 
 < MD5 for: AGP440.SYS  >

[2004.08.05 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.05 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004.08.05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

[2004.08.05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys

[2004.08.05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0026\DriverFiles\i386\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2004.08.05 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.05 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll

[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.05 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: VIAMRAID.SYS  >

[2007.07.17 07:35:20 | 000,114,944 | R--- | M] (VIA Technologies inc,.ltd) MD5=1B7B0954AF54E716F697C511D68C150E -- C:\WINDOWS\system32\drivers\viamraid.sys

[2007.07.17 07:35:20 | 000,114,944 | R--- | M] (VIA Technologies inc,.ltd) MD5=1B7B0954AF54E716F697C511D68C150E -- C:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\viamraid.sys

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2004.08.05 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004.08.05 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2004.08.05 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.02.21 00:00:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2008.02.21 00:00:15 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2008.02.21 00:00:15 | 000,466,944 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\WgaLogon.pdf:SummaryInformation
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

FF - prefs.js..browser.startup.homepage: "https://navigator.web.de/navigator/show?sid=88da678de4c54db45ee56a8133139dedaf088842574fc6326bc2b80f0b94acd57b378ac5fc2917b5ca9796b1eb4561b6#home|https://return2.space/index.php|http://www.meinvz.net/Default|http://www.facebook.com/home.php"

FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - prefs.js..network.proxy.type: 4

[2009.01.06 11:42:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

O3 - HKU\S-1-5-21-861567501-1965331169-839522115-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [CM108Sound] RunDll32 CM108.cpl,CMICtrlWnd File not found

O4 - HKLM..\Run: [GEST] m’|dú File not found

O4 - HKU\S-1-5-21-861567501-1965331169-839522115-1003..\Run: [B47AB9C5] C:\WINDOWS\system32\694A625BB47AB9C56908.exe File not found

O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found

O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found

O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{010989c4-487b-11dd-ab63-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{010989c4-487b-11dd-ab63-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{010989c4-487b-11dd-ab63-00e04d1aaffe}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O33 - MountPoints2\{0cdbce7e-1b5b-11e1-a49b-001fd0dd9d75}\Shell\AutoRun\command - "" = I:\Menu.exe

O33 - MountPoints2\{e9d0be6e-59ad-11dd-ab86-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{e9d0be6e-59ad-11dd-ab86-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{e9d0be6e-59ad-11dd-ab86-00e04d1aaffe}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe

O33 - MountPoints2\{ec3e430c-48d6-11dd-ab68-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{ec3e430c-48d6-11dd-ab68-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ec3e430c-48d6-11dd-ab68-00e04d1aaffe}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O33 - MountPoints2\{ec3e430d-48d6-11dd-ab68-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{ec3e430d-48d6-11dd-ab68-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ec3e430d-48d6-11dd-ab68-00e04d1aaffe}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O33 - MountPoints2\{f7812c96-42de-11dd-ab55-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{f7812c96-42de-11dd-ab55-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f7812c96-42de-11dd-ab55-00e04d1aaffe}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O33 - MountPoints2\{f7812c97-42de-11dd-ab55-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{f7812c97-42de-11dd-ab55-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f7812c97-42de-11dd-ab55-00e04d1aaffe}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O33 - MountPoints2\{f7812c98-42de-11dd-ab55-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{f7812c98-42de-11dd-ab55-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f7812c98-42de-11dd-ab55-00e04d1aaffe}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O33 - MountPoints2\{fae0d5d6-5296-11dd-ab7a-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{fae0d5d6-5296-11dd-ab7a-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{fae0d5d6-5296-11dd-ab7a-00e04d1aaffe}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O33 - MountPoints2\{fe04aa16-96fd-11dd-abcf-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{fe04aa16-96fd-11dd-abcf-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{fe04aa16-96fd-11dd-abcf-00e04d1aaffe}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O33 - MountPoints2\{fe04aa17-96fd-11dd-abcf-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{fe04aa17-96fd-11dd-abcf-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{fe04aa17-96fd-11dd-abcf-00e04d1aaffe}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe

O33 - MountPoints2\{fef3fac4-487b-11dd-ab64-00e04d1aaffe}\Shell - "" = AutoRun

O33 - MountPoints2\{fef3fac4-487b-11dd-ab64-00e04d1aaffe}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{fef3fac4-487b-11dd-ab64-00e04d1aaffe}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\WgaLogon.pdf:SummaryInformation

:Files

C:\WINDOWS\System32\WgaLogon.pdf

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hab den Text in die "Custom Scan/Fixes" Box reinkopiert und auf Fix geklickt, aber jetzt tut der seit ner 3/4 Stunde nix, da steht nur unten "Killing prozesses. DO NOT INTERRUPT..." sieht aus als hätt er sich aufgehängt :confused:

Firefox war noch vom kopieren an wie ich gestartet hab, sollte das etwa der Grund sein?

Soll ich noch länger abwarten oder versuchen ihn neu zu starten??

stand 17 Uhr: keine Veränderung, inzwischen steht in Klammer Keine Rückmeldung...

Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.

Habs jetzt mehrfach versucht Windows im abgesichterten Modus zu starten. Leider klappt es nicht so wie gewollt. Der schmeißt mich immerwieder aus und Startet komplett neu.
Bin sozusagen in einer endlosschleife gefangen :(

Habs nochmal versucht zu Fixen.
ohne erfolg.
der hängt sich immerwieder auf :heulen:

Dann starte nochmal OTLPE von der CD und mach den Fix darüber

Ueber die CD hats geklappt.
Hier der log dazu.

Code:

========== OTL ==========

Prefs.js: "https://navigator.web.de/navigator/show?sid=88da678de4c54db45ee56a8133139dedaf088842574fc6326bc2b80f0b94acd57b378ac5fc2917b5ca9796b1eb4561b6#home|https://return2.space/index.php|hxxp://www.meinvz.net/Default|hxxp://www.facebook.com/home.php" removed from browser.startup.homepage

Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from keyword.URL

Prefs.js: 4 removed from network.proxy.type

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.

C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.

Registry key HKEY_USERS\S-1-5-21-861567501-1965331169-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CM108Sound deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GEST deleted successfully.

Registry key HKEY_USERS\S-1-5-21-861567501-1965331169-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\ deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{010989c4-487b-11dd-ab63-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{010989c4-487b-11dd-ab63-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{010989c4-487b-11dd-ab63-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{010989c4-487b-11dd-ab63-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{010989c4-487b-11dd-ab63-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{010989c4-487b-11dd-ab63-00e04d1aaffe}\ not found.

File G:\StartVMCLite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cdbce7e-1b5b-11e1-a49b-001fd0dd9d75}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0cdbce7e-1b5b-11e1-a49b-001fd0dd9d75}\ not found.

File I:\Menu.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9d0be6e-59ad-11dd-ab86-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9d0be6e-59ad-11dd-ab86-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9d0be6e-59ad-11dd-ab86-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9d0be6e-59ad-11dd-ab86-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9d0be6e-59ad-11dd-ab86-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9d0be6e-59ad-11dd-ab86-00e04d1aaffe}\ not found.

File H:\StartVMCLite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec3e430c-48d6-11dd-ab68-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec3e430c-48d6-11dd-ab68-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec3e430c-48d6-11dd-ab68-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec3e430c-48d6-11dd-ab68-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec3e430c-48d6-11dd-ab68-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec3e430c-48d6-11dd-ab68-00e04d1aaffe}\ not found.

File G:\StartVMCLite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec3e430d-48d6-11dd-ab68-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec3e430d-48d6-11dd-ab68-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec3e430d-48d6-11dd-ab68-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec3e430d-48d6-11dd-ab68-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec3e430d-48d6-11dd-ab68-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec3e430d-48d6-11dd-ab68-00e04d1aaffe}\ not found.

File G:\StartVMCLite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7812c96-42de-11dd-ab55-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7812c96-42de-11dd-ab55-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7812c96-42de-11dd-ab55-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7812c96-42de-11dd-ab55-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7812c96-42de-11dd-ab55-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7812c96-42de-11dd-ab55-00e04d1aaffe}\ not found.

File G:\StartVMCLite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7812c97-42de-11dd-ab55-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7812c97-42de-11dd-ab55-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7812c97-42de-11dd-ab55-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7812c97-42de-11dd-ab55-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7812c97-42de-11dd-ab55-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7812c97-42de-11dd-ab55-00e04d1aaffe}\ not found.

File G:\StartVMCLite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7812c98-42de-11dd-ab55-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7812c98-42de-11dd-ab55-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7812c98-42de-11dd-ab55-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7812c98-42de-11dd-ab55-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7812c98-42de-11dd-ab55-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7812c98-42de-11dd-ab55-00e04d1aaffe}\ not found.

File G:\StartVMCLite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fae0d5d6-5296-11dd-ab7a-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fae0d5d6-5296-11dd-ab7a-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fae0d5d6-5296-11dd-ab7a-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fae0d5d6-5296-11dd-ab7a-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fae0d5d6-5296-11dd-ab7a-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fae0d5d6-5296-11dd-ab7a-00e04d1aaffe}\ not found.

File G:\StartVMCLite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe04aa16-96fd-11dd-abcf-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe04aa16-96fd-11dd-abcf-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe04aa16-96fd-11dd-abcf-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe04aa16-96fd-11dd-abcf-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe04aa16-96fd-11dd-abcf-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe04aa16-96fd-11dd-abcf-00e04d1aaffe}\ not found.

File G:\StartVMCLite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe04aa17-96fd-11dd-abcf-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe04aa17-96fd-11dd-abcf-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe04aa17-96fd-11dd-abcf-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe04aa17-96fd-11dd-abcf-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe04aa17-96fd-11dd-abcf-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe04aa17-96fd-11dd-abcf-00e04d1aaffe}\ not found.

File H:\StartVMCLite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fef3fac4-487b-11dd-ab64-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fef3fac4-487b-11dd-ab64-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fef3fac4-487b-11dd-ab64-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fef3fac4-487b-11dd-ab64-00e04d1aaffe}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fef3fac4-487b-11dd-ab64-00e04d1aaffe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fef3fac4-487b-11dd-ab64-00e04d1aaffe}\ not found.

File G:\StartVMCLite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.

File G:\StartVMCLite.exe not found.

Unable to delete ADS C:\WINDOWS\System32\WgaLogon.pdf:SummaryInformation .

========== FILES ==========

C:\WINDOWS\System32\WgaLogon.pdf moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 831440 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->FireFox cache emptied: 3410419 bytes

->Flash cache emptied: 83 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 83 bytes

 

User: Dracon

->Temp folder emptied: 528172114 bytes

->Temporary Internet Files folder emptied: 55122816 bytes

->Java cache emptied: 40824988 bytes

->FireFox cache emptied: 266182888 bytes

->Google Chrome cache emptied: 37787267 bytes

->Flash cache emptied: 40833 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 2497134 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 3006327 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2147245 bytes

 

Total Files Cleaned = 897.00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Dracon

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTLPE by OldTimer - Version 3.1.48.0 log created on 06142012_165109

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

hier der gesamte log mit den bemägelten Objekten,die ich geskipt hab:

Code:

18:32:58.0796 0556        TDSS rootkit removing tool 2.7.39.0 Jun 14 2012 08:11:46

18:32:58.0906 0556        ============================================================

18:32:58.0906 0556        Current date / time: 2012/06/14 18:32:58.0906

18:32:58.0906 0556        SystemInfo:

18:32:58.0906 0556        

18:32:58.0906 0556        OS Version: 5.1.2600 ServicePack: 3.0

18:32:58.0906 0556        Product type: Workstation

18:32:58.0906 0556        ComputerName: DRAC0N

18:32:58.0906 0556        UserName: Dracon

18:32:58.0906 0556        Windows directory: C:\WINDOWS

18:32:58.0906 0556        System windows directory: C:\WINDOWS

18:32:58.0906 0556        Processor architecture: Intel x86

18:32:58.0906 0556        Number of processors: 2

18:32:58.0906 0556        Page size: 0x1000

18:32:58.0906 0556        Boot type: Normal boot

18:32:58.0906 0556        ============================================================

18:33:00.0390 0556        Drive \Device\Harddisk0\DR0 - Size: 0x12A04E9E00 (74.50 Gb), SectorSize: 0x200, Cylinders: 0x25FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

18:33:00.0406 0556        Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

18:33:00.0406 0556        ============================================================

18:33:00.0406 0556        \Device\Harddisk0\DR0:

18:33:00.0406 0556        MBR partitions:

18:33:00.0406 0556        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x29037F6

18:33:00.0421 0556        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2903874, BlocksNum 0x6BFB149

18:33:00.0421 0556        \Device\Harddisk1\DR1:

18:33:00.0421 0556        MBR partitions:

18:33:00.0421 0556        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982

18:33:00.0421 0556        ============================================================

18:33:00.0484 0556        C: <-> \Device\Harddisk0\DR0\Partition0

18:33:00.0515 0556        D: <-> \Device\Harddisk0\DR0\Partition1

18:33:00.0562 0556        G: <-> \Device\Harddisk1\DR1\Partition0

18:33:00.0593 0556        ============================================================

18:33:00.0593 0556        Initialize success

18:33:00.0593 0556        ============================================================

18:33:09.0796 3784        ============================================================

18:33:09.0796 3784        Scan started

18:33:09.0796 3784        Mode: Manual; SigCheck; TDLFS; 

18:33:09.0796 3784        ============================================================

18:33:10.0125 3784        6to4            (5f35827a6f048a95588ee3a1f537c256) C:\WINDOWS\System32\6to4svc.dll

18:33:10.0359 3784        6to4 - ok

18:33:10.0375 3784        Abiosdsk - ok

18:33:10.0375 3784        abp480n5 - ok

18:33:10.0484 3784        ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe

18:33:10.0500 3784        ACDaemon - ok

18:33:10.0562 3784        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:33:10.0640 3784        ACPI - ok

18:33:10.0687 3784        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:33:10.0765 3784        ACPIEC - ok

18:33:10.0843 3784        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

18:33:10.0843 3784        AdobeFlashPlayerUpdateSvc - ok

18:33:10.0843 3784        adpu160m - ok

18:33:10.0890 3784        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:33:10.0984 3784        aec - ok

18:33:11.0031 3784        AFD             (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys

18:33:11.0125 3784        AFD - ok

18:33:11.0125 3784        Aha154x - ok

18:33:11.0140 3784        aic78u2 - ok

18:33:11.0140 3784        aic78xx - ok

18:33:11.0156 3784        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

18:33:11.0250 3784        Alerter - ok

18:33:11.0281 3784        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

18:33:11.0375 3784        ALG - ok

18:33:11.0375 3784        AliIde - ok

18:33:11.0375 3784        amsint - ok

18:33:11.0437 3784        AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Programme\Avira\AntiVir Desktop\sched.exe

18:33:11.0468 3784        AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning

18:33:11.0468 3784        AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1)

18:33:11.0500 3784        AntiVirService  (b8720a787c1223492e6f319465e996ce) C:\Programme\Avira\AntiVir Desktop\avguard.exe

18:33:11.0515 3784        AntiVirService ( UnsignedFile.Multi.Generic ) - warning

18:33:11.0515 3784        AntiVirService - detected UnsignedFile.Multi.Generic (1)

18:33:11.0562 3784        AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll

18:33:11.0671 3784        AppMgmt - ok

18:33:11.0671 3784        asc - ok

18:33:11.0671 3784        asc3350p - ok

18:33:11.0671 3784        asc3550 - ok

18:33:11.0765 3784        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

18:33:11.0765 3784        aspnet_state - ok

18:33:11.0796 3784        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:33:11.0890 3784        AsyncMac - ok

18:33:11.0921 3784        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:33:12.0015 3784        atapi - ok

18:33:12.0015 3784        Atdisk - ok

18:33:12.0062 3784        atksgt          (72bc628af75c4c3250f2a3bac260265a) C:\WINDOWS\system32\DRIVERS\atksgt.sys

18:33:12.0078 3784        atksgt - ok

18:33:12.0125 3784        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:33:12.0218 3784        Atmarpc - ok

18:33:12.0250 3784        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

18:33:12.0343 3784        AudioSrv - ok

18:33:12.0390 3784        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:33:12.0468 3784        audstub - ok

18:33:12.0484 3784        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys

18:33:12.0500 3784        avgio - ok

18:33:12.0531 3784        avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

18:33:12.0531 3784        avgntflt - ok

18:33:12.0562 3784        avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys

18:33:12.0562 3784        avipbb - ok

18:33:12.0593 3784        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:33:12.0687 3784        Beep - ok

18:33:12.0718 3784        BIOS            (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys

18:33:12.0734 3784        BIOS ( UnsignedFile.Multi.Generic ) - warning

18:33:12.0734 3784        BIOS - detected UnsignedFile.Multi.Generic (1)

18:33:12.0796 3784        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

18:33:13.0015 3784        BITS - ok

18:33:13.0062 3784        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

18:33:13.0156 3784        Browser - ok

18:33:13.0187 3784        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:33:13.0281 3784        cbidf2k - ok

18:33:13.0296 3784        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:33:13.0390 3784        CCDECODE - ok

18:33:13.0390 3784        cd20xrnt - ok

18:33:13.0406 3784        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:33:13.0500 3784        Cdaudio - ok

18:33:13.0531 3784        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:33:13.0625 3784        Cdfs - ok

18:33:13.0640 3784        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:33:13.0734 3784        Cdrom - ok

18:33:13.0734 3784        Changer - ok

18:33:13.0765 3784        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

18:33:13.0859 3784        CiSvc - ok

18:33:13.0875 3784        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

18:33:13.0968 3784        ClipSrv - ok

18:33:14.0046 3784        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:33:14.0187 3784        clr_optimization_v2.0.50727_32 - ok

18:33:14.0312 3784        CM1083264       (52b6765c02dd55a622c0fd55c889d013) C:\WINDOWS\system32\drivers\CM108.sys

18:33:14.0421 3784        CM1083264 ( UnsignedFile.Multi.Generic ) - warning

18:33:14.0421 3784        CM1083264 - detected UnsignedFile.Multi.Generic (1)

18:33:14.0437 3784        CmdIde - ok

18:33:14.0437 3784        COMSysApp - ok

18:33:14.0437 3784        Cpqarray - ok

18:33:14.0468 3784        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

18:33:14.0562 3784        CryptSvc - ok

18:33:14.0562 3784        dac2w2k - ok

18:33:14.0562 3784        dac960nt - ok

18:33:14.0625 3784        DcomLaunch      (e970c2296916bf4a2f958680016fe312) C:\WINDOWS\system32\rpcss.dll

18:33:14.0750 3784        DcomLaunch - ok

18:33:14.0796 3784        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

18:33:14.0890 3784        Dhcp - ok

18:33:14.0921 3784        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:33:15.0015 3784        Disk - ok

18:33:15.0015 3784        dmadmin - ok

18:33:15.0156 3784        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

18:33:15.0390 3784        dmboot - ok

18:33:15.0437 3784        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

18:33:15.0531 3784        dmio - ok

18:33:15.0578 3784        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:33:15.0671 3784        dmload - ok

18:33:15.0703 3784        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

18:33:15.0781 3784        dmserver - ok

18:33:15.0796 3784        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:33:15.0890 3784        DMusic - ok

18:33:15.0937 3784        Dnscache        (8c9ed3b2834aae63081ab2da831c6fe9) C:\WINDOWS\System32\dnsrslvr.dll

18:33:16.0031 3784        Dnscache - ok

18:33:16.0093 3784        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

18:33:16.0187 3784        Dot3svc - ok

18:33:16.0187 3784        dpti2o - ok

18:33:16.0218 3784        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:33:16.0312 3784        drmkaud - ok

18:33:16.0359 3784        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

18:33:16.0437 3784        EapHost - ok

18:33:16.0468 3784        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

18:33:16.0562 3784        ERSvc - ok

18:33:16.0609 3784        Eventlog        (4bb6a83640f1d1792ad21ce767b621c6) C:\WINDOWS\system32\services.exe

18:33:16.0703 3784        Eventlog - ok

18:33:16.0750 3784        EventSystem     (0f3edaee1ef97cf3db2be23a7289b78c) C:\WINDOWS\system32\es.dll

18:33:16.0843 3784        EventSystem - ok

18:33:16.0875 3784        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:33:16.0968 3784        Fastfat - ok

18:33:17.0015 3784        FastUserSwitchingCompatibility (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll

18:33:17.0109 3784        FastUserSwitchingCompatibility - ok

18:33:17.0140 3784        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:33:17.0218 3784        Fdc - ok

18:33:17.0250 3784        FETND5BV        (41561219a8c2d5cc17aa463acff0506f) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

18:33:17.0312 3784        FETND5BV - ok

18:33:17.0359 3784        FETNDIS         (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys

18:33:17.0453 3784        FETNDIS - ok

18:33:17.0484 3784        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

18:33:17.0578 3784        Fips - ok

18:33:17.0593 3784        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:33:17.0671 3784        Flpydisk - ok

18:33:17.0718 3784        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:33:17.0812 3784        FltMgr - ok

18:33:17.0921 3784        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

18:33:17.0937 3784        FontCache3.0.0.0 - ok

18:33:17.0968 3784        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:33:18.0062 3784        Fs_Rec - ok

18:33:18.0093 3784        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:33:18.0187 3784        Ftdisk - ok

18:33:18.0218 3784        gdrv            (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys

18:33:18.0234 3784        gdrv - ok

18:33:18.0265 3784        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:33:18.0359 3784        Gpc - ok

18:33:18.0390 3784        HCW77BDA        (9936883f7e177159773c18b8e130085b) C:\WINDOWS\system32\Drivers\hcw70bda.sys

18:33:18.0437 3784        HCW77BDA - ok

18:33:18.0468 3784        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

18:33:18.0562 3784        HDAudBus - ok

18:33:18.0640 3784        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

18:33:18.0734 3784        helpsvc - ok

18:33:18.0765 3784        HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll

18:33:18.0859 3784        HidServ - ok

18:33:18.0890 3784        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:33:18.0968 3784        hidusb - ok

18:33:19.0015 3784        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

18:33:19.0109 3784        hkmsvc - ok

18:33:19.0109 3784        hpn - ok

18:33:19.0218 3784        hpqcxs08        (5da42d24712e00728cea2342a65009b2) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll

18:33:19.0234 3784        hpqcxs08 - ok

18:33:19.0265 3784        hpqddsvc        (d86a39bf100069444d026d22d9a6e555) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll

18:33:19.0265 3784        hpqddsvc - ok

18:33:19.0296 3784        HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

18:33:19.0453 3784        HPZid412 - ok

18:33:19.0484 3784        HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

18:33:19.0531 3784        HPZipr12 - ok

18:33:19.0546 3784        HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

18:33:19.0578 3784        HPZius12 - ok

18:33:19.0625 3784        HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

18:33:19.0718 3784        HTTP - ok

18:33:19.0750 3784        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

18:33:19.0828 3784        HTTPFilter - ok

18:33:19.0875 3784        hwdatacard      (2310ca92d37d97c9231adf1796b47b9d) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

18:33:19.0921 3784        hwdatacard - ok

18:33:19.0921 3784        i2omgmt - ok

18:33:19.0921 3784        i2omp - ok

18:33:19.0968 3784        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:33:20.0062 3784        i8042prt - ok

18:33:20.0406 3784        ialm            (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

18:33:20.0906 3784        ialm - ok

18:33:21.0140 3784        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:33:21.0328 3784        idsvc - ok

18:33:21.0421 3784        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:33:21.0515 3784        Imapi - ok

18:33:21.0531 3784        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

18:33:21.0609 3784        ImapiService - ok

18:33:21.0625 3784        ini910u - ok

18:33:21.0937 3784        IntcAzAudAddService (60d7460b07012d364ced11dd9fd83e1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys

18:33:22.0359 3784        IntcAzAudAddService - ok

18:33:22.0484 3784        IntelIde - ok

18:33:22.0515 3784        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:33:22.0609 3784        intelppm - ok

18:33:22.0640 3784        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:33:22.0734 3784        Ip6Fw - ok

18:33:22.0765 3784        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:33:22.0859 3784        IpFilterDriver - ok

18:33:22.0890 3784        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:33:22.0984 3784        IpInIp - ok

18:33:23.0031 3784        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:33:23.0109 3784        IpNat - ok

18:33:23.0156 3784        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:33:23.0250 3784        IPSec - ok

18:33:23.0281 3784        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:33:23.0359 3784        IRENUM - ok

18:33:23.0406 3784        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:33:23.0484 3784        isapnp - ok

18:33:23.0640 3784        JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe

18:33:23.0640 3784        JavaQuickStarterService - ok

18:33:23.0671 3784        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:33:23.0765 3784        Kbdclass - ok

18:33:23.0796 3784        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:33:23.0890 3784        kbdhid - ok

18:33:23.0906 3784        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:33:24.0000 3784        kmixer - ok

18:33:24.0046 3784        KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

18:33:24.0140 3784        KSecDD - ok

18:33:24.0187 3784        lanmanserver    (d6eb4916b203cbe525f8eff5fd5ab16c) C:\WINDOWS\System32\srvsvc.dll

18:33:24.0281 3784        lanmanserver - ok

18:33:24.0312 3784        lanmanworkstation (c0db1e9367681ecd7ecca9615c1d0f9b) C:\WINDOWS\System32\wkssvc.dll

18:33:24.0390 3784        lanmanworkstation - ok

18:33:24.0406 3784        lbrtfdc - ok

18:33:24.0421 3784        LGBusEnum       (170e7093a77ad586f3a012a3db651d94) C:\WINDOWS\system32\drivers\LGBusEnum.sys

18:33:24.0437 3784        LGBusEnum - ok

18:33:24.0453 3784        LGVirHid        (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\WINDOWS\system32\drivers\LGVirHid.sys

18:33:24.0453 3784        LGVirHid - ok

18:33:24.0500 3784        LightScribeService (6f89a671bf0ce4a28635a2eeb7d8fd69) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

18:33:24.0515 3784        LightScribeService ( UnsignedFile.Multi.Generic ) - warning

18:33:24.0515 3784        LightScribeService - detected UnsignedFile.Multi.Generic (1)

18:33:24.0546 3784        lirsgt          (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys

18:33:24.0546 3784        lirsgt - ok

18:33:24.0593 3784        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

18:33:24.0671 3784        LmHosts - ok

18:33:24.0703 3784        LVUSBSta        (0be8e67a2639e6f663225e485cc1b2fb) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys

18:33:24.0750 3784        LVUSBSta - ok

18:33:24.0781 3784        massfilter      (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys

18:33:24.0812 3784        massfilter - ok

18:33:24.0859 3784        MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

18:33:24.0859 3784        MBAMProtector - ok

18:33:24.0906 3784        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

18:33:24.0968 3784        MBAMService - ok

18:33:25.0015 3784        MDM             (21594de976338e43cfa88b131ec7e771) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

18:33:25.0031 3784        MDM ( UnsignedFile.Multi.Generic ) - warning

18:33:25.0031 3784        MDM - detected UnsignedFile.Multi.Generic (1)

18:33:25.0078 3784        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

18:33:25.0156 3784        Messenger - ok

18:33:25.0187 3784        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:33:25.0281 3784        mnmdd - ok

18:33:25.0312 3784        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

18:33:25.0406 3784        mnmsrvc - ok

18:33:25.0437 3784        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

18:33:25.0531 3784        Modem - ok

18:33:25.0562 3784        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:33:25.0656 3784        Mouclass - ok

18:33:25.0671 3784        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:33:25.0765 3784        mouhid - ok

18:33:25.0812 3784        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:33:25.0890 3784        MountMgr - ok

18:33:25.0937 3784        MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe

18:33:25.0953 3784        MozillaMaintenance - ok

18:33:25.0984 3784        MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

18:33:26.0062 3784        MPE - ok

18:33:26.0078 3784        mraid35x - ok

18:33:26.0125 3784        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:33:26.0250 3784        MRxDAV - ok

18:33:26.0312 3784        MRxSmb          (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:33:26.0453 3784        MRxSmb - ok

18:33:26.0500 3784        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

18:33:26.0578 3784        MSDTC - ok

18:33:26.0625 3784        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:33:26.0703 3784        Msfs - ok

18:33:26.0703 3784        MSIServer - ok

18:33:26.0734 3784        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:33:26.0843 3784        MSKSSRV - ok

18:33:26.0859 3784        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:33:26.0937 3784        MSPCLOCK - ok

18:33:26.0937 3784        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:33:27.0062 3784        MSPQM - ok

18:33:27.0078 3784        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:33:27.0140 3784        mssmbios - ok

18:33:27.0156 3784        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

18:33:27.0218 3784        MSTEE - ok

18:33:27.0250 3784        Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

18:33:27.0312 3784        Mup - ok

18:33:27.0328 3784        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:33:27.0406 3784        NABTSFEC - ok

18:33:27.0453 3784        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

18:33:27.0546 3784        napagent - ok

18:33:27.0562 3784        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:33:27.0625 3784        NDIS - ok

18:33:27.0671 3784        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:33:27.0734 3784        NdisIP - ok

18:33:27.0765 3784        Ndisprot        (e94265636d893314463cb650e43c3eb5) C:\WINDOWS\system32\DRIVERS\ndisprot.sys

18:33:27.0765 3784        Ndisprot ( UnsignedFile.Multi.Generic ) - warning

18:33:27.0765 3784        Ndisprot - detected UnsignedFile.Multi.Generic (1)

18:33:27.0796 3784        NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:33:27.0890 3784        NdisTapi - ok

18:33:27.0921 3784        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:33:28.0015 3784        Ndisuio - ok

18:33:28.0031 3784        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:33:28.0125 3784        NdisWan - ok

18:33:28.0171 3784        NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

18:33:28.0250 3784        NDProxy - ok

18:33:28.0281 3784        Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll

18:33:28.0281 3784        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

18:33:28.0281 3784        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

18:33:28.0296 3784        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:33:28.0390 3784        NetBIOS - ok

18:33:28.0437 3784        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:33:28.0515 3784        NetBT - ok

18:33:28.0546 3784        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

18:33:28.0640 3784        NetDDE - ok

18:33:28.0640 3784        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

18:33:28.0718 3784        NetDDEdsdm - ok

18:33:28.0750 3784        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

18:33:28.0828 3784        Netlogon - ok

18:33:28.0859 3784        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

18:33:28.0953 3784        Netman - ok

18:33:29.0062 3784        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:33:29.0093 3784        NetTcpPortSharing - ok

18:33:29.0125 3784        Nla             (f12b9d9a069331877d006cc81b4735f9) C:\WINDOWS\System32\mswsock.dll

18:33:29.0218 3784        Nla - ok

18:33:29.0250 3784        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:33:29.0359 3784        Npfs - ok

18:33:29.0390 3784        NPPTNT2         (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys

18:33:29.0421 3784        NPPTNT2 ( UnsignedFile.Multi.Generic ) - warning

18:33:29.0421 3784        NPPTNT2 - detected UnsignedFile.Multi.Generic (1)

18:33:29.0500 3784        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:33:29.0640 3784        Ntfs - ok

18:33:29.0640 3784        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

18:33:29.0718 3784        NtLmSsp - ok

18:33:29.0828 3784        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

18:33:30.0000 3784        NtmsSvc - ok

18:33:30.0031 3784        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:33:30.0109 3784        Null - ok

18:33:30.0718 3784        nv              (5a72584c700298e82a0342dc4bb38892) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

18:33:31.0546 3784        nv - ok

18:33:31.0703 3784        NVHDA           (50acb7253d1104e5917e15a0670d63d5) C:\WINDOWS\system32\drivers\nvhda32.sys

18:33:31.0718 3784        NVHDA - ok

18:33:31.0750 3784        nvsvc           (ef895a872f11ac584413f6baea2ddb50) C:\WINDOWS\system32\nvsvc32.exe

18:33:31.0750 3784        nvsvc - ok

18:33:31.0781 3784        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:33:32.0046 3784        NwlnkFlt - ok

18:33:32.0078 3784        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:33:32.0171 3784        NwlnkFwd - ok

18:33:32.0203 3784        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

18:33:32.0296 3784        Parport - ok

18:33:32.0343 3784        Partizan        (6ddcf3f801ec15fe698f6a215cf30a1f) C:\WINDOWS\system32\drivers\Partizan.sys

18:33:32.0343 3784        Partizan - ok

18:33:32.0390 3784        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:33:32.0468 3784        PartMgr - ok

18:33:32.0515 3784        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

18:33:32.0593 3784        ParVdm - ok

18:33:32.0625 3784        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

18:33:32.0703 3784        PCI - ok

18:33:32.0718 3784        PCIDump - ok

18:33:32.0734 3784        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:33:32.0812 3784        PCIIde - ok

18:33:32.0859 3784        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:33:32.0968 3784        Pcmcia - ok

18:33:32.0968 3784        PDCOMP - ok

18:33:32.0968 3784        PDFRAME - ok

18:33:32.0968 3784        PDRELI - ok

18:33:32.0968 3784        PDRFRAME - ok

18:33:32.0968 3784        perc2 - ok

18:33:32.0968 3784        perc2hib - ok

18:33:33.0000 3784        phaudlwr        (427e58b9357fba0fdcec08f3930a7325) C:\WINDOWS\system32\DRIVERS\phaudlwr.sys

18:33:33.0062 3784        phaudlwr - ok

18:33:33.0093 3784        PID_0928        (a2b25662fb5faf875ccead2166b5f9ad) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS

18:33:33.0140 3784        PID_0928 - ok

18:33:33.0203 3784        PlugPlay        (4bb6a83640f1d1792ad21ce767b621c6) C:\WINDOWS\system32\services.exe

18:33:33.0265 3784        PlugPlay - ok

18:33:33.0296 3784        Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll

18:33:33.0328 3784        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

18:33:33.0328 3784        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

18:33:33.0359 3784        PnkBstrA        (a1dd33d16f277ce34124ee52ab2c0f14) C:\WINDOWS\system32\PnkBstrA.exe

18:33:33.0375 3784        PnkBstrA - ok

18:33:33.0390 3784        PnkBstrB        (c39fd4dbf5cf5af9e4bdab58a1c323c9) C:\WINDOWS\system32\PnkBstrB.exe

18:33:33.0406 3784        PnkBstrB - ok

18:33:33.0406 3784        PnkBstrK        (fb0c07eacb692deab8468ff048ec9e47) C:\WINDOWS\system32\drivers\PnkBstrK.sys

18:33:33.0421 3784        PnkBstrK - ok

18:33:33.0453 3784        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

18:33:33.0531 3784        PolicyAgent - ok

18:33:33.0546 3784        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:33:33.0625 3784        PptpMiniport - ok

18:33:33.0625 3784        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

18:33:33.0703 3784        ProtectedStorage - ok

18:33:33.0734 3784        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:33:33.0843 3784        PSched - ok

18:33:33.0890 3784        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:33:33.0968 3784        Ptilink - ok

18:33:34.0015 3784        PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:33:34.0015 3784        PxHelp20 - ok

18:33:34.0031 3784        ql1080 - ok

18:33:34.0031 3784        Ql10wnt - ok

18:33:34.0031 3784        ql12160 - ok

18:33:34.0031 3784        ql1240 - ok

18:33:34.0031 3784        ql1280 - ok

18:33:34.0031 3784        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:33:34.0125 3784        RasAcd - ok

18:33:34.0171 3784        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

18:33:34.0265 3784        RasAuto - ok

18:33:34.0281 3784        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:33:34.0375 3784        Rasl2tp - ok

18:33:34.0421 3784        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

18:33:34.0500 3784        RasMan - ok

18:33:34.0515 3784        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:33:34.0609 3784        RasPppoe - ok

18:33:34.0609 3784        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:33:34.0703 3784        Raspti - ok

18:33:34.0750 3784        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:33:34.0843 3784        Rdbss - ok

18:33:34.0859 3784        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:33:34.0937 3784        RDPCDD - ok

18:33:34.0968 3784        rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:33:35.0062 3784        rdpdr - ok

18:33:35.0140 3784        RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

18:33:35.0250 3784        RDPWD - ok

18:33:35.0296 3784        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

18:33:35.0390 3784        RDSessMgr - ok

18:33:35.0406 3784        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:33:35.0484 3784        redbook - ok

18:33:35.0515 3784        RegGuard        (37ecebdd930395a9c399fb18a3c236d3) C:\WINDOWS\system32\Drivers\regguard.sys

18:33:35.0515 3784        RegGuard - ok

18:33:35.0562 3784        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

18:33:35.0656 3784        RemoteAccess - ok

18:33:35.0687 3784        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll

18:33:35.0781 3784        RemoteRegistry - ok

18:33:35.0828 3784        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

18:33:35.0921 3784        RpcLocator - ok

18:33:35.0968 3784        RpcSs           (e970c2296916bf4a2f958680016fe312) C:\WINDOWS\system32\rpcss.dll

18:33:36.0062 3784        RpcSs - ok

18:33:36.0093 3784        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

18:33:36.0187 3784        RSVP - ok

18:33:36.0234 3784        RTLE8023xp      (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

18:33:36.0265 3784        RTLE8023xp - ok

18:33:36.0296 3784        SaiH0460        (de7a2fc379671998865122a08fd9db52) C:\WINDOWS\system32\DRIVERS\SaiH0460.sys

18:33:36.0312 3784        SaiH0460 - ok

18:33:36.0343 3784        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

18:33:36.0421 3784        SamSs - ok

18:33:36.0468 3784        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

18:33:36.0562 3784        SCardSvr - ok

18:33:36.0609 3784        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

18:33:36.0687 3784        Schedule - ok

18:33:36.0734 3784        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:33:36.0796 3784        Secdrv - ok

18:33:36.0828 3784        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

18:33:36.0906 3784        seclogon - ok

18:33:36.0921 3784        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

18:33:37.0015 3784        SENS - ok

18:33:37.0046 3784        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

18:33:37.0125 3784        serenum - ok

18:33:37.0140 3784        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

18:33:37.0281 3784        Serial - ok

18:33:37.0312 3784        sfdrv01         (58235f4483b63ff33b0fc41c1cd624c5) C:\WINDOWS\system32\drivers\sfdrv01.sys

18:33:37.0312 3784        sfdrv01 ( UnsignedFile.Multi.Generic ) - warning

18:33:37.0312 3784        sfdrv01 - detected UnsignedFile.Multi.Generic (1)

18:33:37.0359 3784        sfhlp02         (e58bfc561f3d1d9c79b61a151c208c78) C:\WINDOWS\system32\drivers\sfhlp02.sys

18:33:37.0375 3784        sfhlp02 ( UnsignedFile.Multi.Generic ) - warning

18:33:37.0375 3784        sfhlp02 - detected UnsignedFile.Multi.Generic (1)

18:33:37.0406 3784        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:33:37.0484 3784        Sfloppy - ok

18:33:37.0484 3784        sfrem01 - ok

18:33:37.0500 3784        sfsync04        (8451848f85453c24a8f91ac8d9dfa77f) C:\WINDOWS\system32\drivers\sfsync04.sys

18:33:37.0531 3784        sfsync04 ( UnsignedFile.Multi.Generic ) - warning

18:33:37.0531 3784        sfsync04 - detected UnsignedFile.Multi.Generic (1)

18:33:37.0593 3784        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

18:33:37.0734 3784        SharedAccess - ok

18:33:37.0781 3784        ShellHWDetection (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll

18:33:37.0859 3784        ShellHWDetection - ok

18:33:37.0859 3784        Simbad - ok

18:33:37.0875 3784        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:33:37.0968 3784        SLIP - ok

18:33:37.0968 3784        Sparrow - ok

18:33:38.0187 3784        SPC1030         (475e98db84e481b96ea6789f34f98879) C:\WINDOWS\system32\DRIVERS\spc1030.sys

18:33:38.0484 3784        SPC1030 - ok

18:33:38.0625 3784        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:33:38.0703 3784        splitter - ok

18:33:38.0750 3784        Spooler         (39356a9cdb6753a6d13a4072a9f5a4bb) C:\WINDOWS\system32\spoolsv.exe

18:33:38.0843 3784        Spooler - ok

18:33:38.0890 3784        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

18:33:38.0968 3784        sr - ok

18:33:39.0015 3784        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

18:33:39.0109 3784        srservice - ok

18:33:39.0156 3784        Srv             (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys

18:33:39.0312 3784        Srv - ok

18:33:39.0359 3784        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

18:33:39.0437 3784        SSDPSRV - ok

18:33:39.0500 3784        Steam Client Service - ok

18:33:39.0546 3784        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

18:33:39.0671 3784        stisvc - ok

18:33:39.0703 3784        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:33:39.0796 3784        streamip - ok

18:33:39.0812 3784        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:33:39.0890 3784        swenum - ok

18:33:39.0906 3784        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:33:40.0000 3784        swmidi - ok

18:33:40.0000 3784        SwPrv - ok

18:33:40.0000 3784        symc810 - ok

18:33:40.0000 3784        symc8xx - ok

18:33:40.0000 3784        sym_hi - ok

18:33:40.0000 3784        sym_u3 - ok

18:33:40.0046 3784        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:33:40.0140 3784        sysaudio - ok

18:33:40.0187 3784        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

18:33:40.0296 3784        SysmonLog - ok

18:33:40.0343 3784        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

18:33:40.0421 3784        TapiSrv - ok

18:33:40.0484 3784        Tcpip           (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:33:40.0625 3784        Tcpip - ok

18:33:40.0687 3784        Tcpip6          (aa7a55536096d646dc7ab0ac5641e9e8) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

18:33:40.0781 3784        Tcpip6 - ok

18:33:40.0812 3784        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:33:40.0906 3784        TDPIPE - ok

18:33:40.0937 3784        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:33:41.0031 3784        TDTCP - ok

18:33:41.0125 3784        TeamViewer4     (f3ceb86e2dec7aaea3204117a45293e5) C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe

18:33:41.0140 3784        TeamViewer4 - ok

18:33:41.0187 3784        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:33:41.0281 3784        TermDD - ok

18:33:41.0343 3784        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

18:33:41.0421 3784        TermService - ok

18:33:41.0468 3784        Themes          (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll

18:33:41.0546 3784        Themes - ok

18:33:41.0562 3784        TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe

18:33:41.0656 3784        TlntSvr - ok

18:33:41.0656 3784        TosIde - ok

18:33:41.0703 3784        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

18:33:41.0781 3784        TrkWks - ok

18:33:41.0890 3784        TuneUp.Defrag   (c1a64414db4e49d41d9df9359ed9369b) C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe

18:33:41.0953 3784        TuneUp.Defrag - ok

18:33:42.0046 3784        TuneUp.UtilitiesSvc (dc653cf2d70827c4ebc2b157da25cf57) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

18:33:42.0140 3784        TuneUp.UtilitiesSvc - ok

18:33:42.0171 3784        TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

18:33:42.0171 3784        TuneUpUtilitiesDrv - ok

18:33:42.0359 3784        tunmp           (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

18:33:42.0437 3784        tunmp - ok

18:33:42.0468 3784        uagp35          (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys

18:33:42.0562 3784        uagp35 - ok

18:33:42.0593 3784        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:33:42.0687 3784        Udfs - ok

18:33:42.0734 3784        UI Assistant Service (0ca9e659b7053d398052776ac936b167) C:\Programme\Mobile Partner Manager\AssistantServices.exe

18:33:42.0750 3784        UI Assistant Service ( UnsignedFile.Multi.Generic ) - warning

18:33:42.0750 3784        UI Assistant Service - detected UnsignedFile.Multi.Generic (1)

18:33:42.0750 3784        ultra - ok

18:33:42.0796 3784        UMWdf           (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe

18:33:42.0859 3784        UMWdf - ok

18:33:42.0906 3784        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:33:43.0046 3784        Update - ok

18:33:43.0093 3784        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

18:33:43.0187 3784        upnphost - ok

18:33:43.0203 3784        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

18:33:43.0296 3784        UPS - ok

18:33:43.0343 3784        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

18:33:43.0437 3784        usbaudio - ok

18:33:43.0468 3784        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:33:43.0562 3784        usbccgp - ok

18:33:43.0593 3784        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:33:43.0687 3784        usbehci - ok

18:33:43.0734 3784        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:33:43.0828 3784        usbhub - ok

18:33:43.0859 3784        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:33:43.0953 3784        usbprint - ok

18:33:43.0968 3784        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:33:44.0046 3784        usbscan - ok

18:33:44.0078 3784        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:33:44.0171 3784        USBSTOR - ok

18:33:44.0203 3784        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:33:44.0296 3784        usbuhci - ok

18:33:44.0328 3784        UxTuneUp        (dc2172accb384c6a3d59342050422102) C:\WINDOWS\System32\uxtuneup.dll

18:33:44.0328 3784        UxTuneUp - ok

18:33:44.0359 3784        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:33:44.0437 3784        VgaSave - ok

18:33:44.0484 3784        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

18:33:44.0562 3784        ViaIde - ok

18:33:44.0609 3784        viamraid        (1b7b0954af54e716f697c511d68c150e) C:\WINDOWS\system32\DRIVERS\viamraid.sys

18:33:44.0656 3784        viamraid - ok

18:33:44.0687 3784        videX32         (c8ee49fa76eb7c41a9cddfe58151a74e) C:\WINDOWS\system32\DRIVERS\videX32.sys

18:33:44.0718 3784        videX32 - ok

18:33:44.0765 3784        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

18:33:44.0859 3784        VolSnap - ok

18:33:44.0937 3784        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

18:33:45.0062 3784        VSS - ok

18:33:45.0109 3784        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

18:33:45.0187 3784        W32Time - ok

18:33:45.0218 3784        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:33:45.0312 3784        Wanarp - ok

18:33:45.0359 3784        Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

18:33:45.0406 3784        Wdf01000 - ok

18:33:45.0406 3784        WDICA - ok

18:33:45.0437 3784        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:33:45.0531 3784        wdmaud - ok

18:33:45.0578 3784        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

18:33:45.0671 3784        WebClient - ok

18:33:45.0750 3784        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

18:33:45.0843 3784        winmgmt - ok

18:33:45.0875 3784        WmdmPmSN        (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll

18:33:45.0921 3784        WmdmPmSN - ok

18:33:46.0000 3784        Wmi             (53e1ccf332a2f40b5e08476921cd8b44) C:\WINDOWS\System32\advapi32.dll

18:33:46.0125 3784        Wmi - ok

18:33:46.0171 3784        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

18:33:46.0265 3784        WmiApSrv - ok

18:33:46.0296 3784        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

18:33:46.0390 3784        wscsvc - ok

18:33:46.0421 3784        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:33:46.0515 3784        WSTCODEC - ok

18:33:46.0546 3784        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

18:33:46.0671 3784        wuauserv - ok

18:33:46.0734 3784        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

18:33:46.0859 3784        WZCSVC - ok

18:33:46.0875 3784        xfilt           (fcbc27869092850cdb75139f3818653a) C:\WINDOWS\system32\DRIVERS\xfilt.sys

18:33:46.0890 3784        xfilt - ok

18:33:46.0937 3784        xmasbus         (ddd8286b88fe764ad2a8bd171e7b569a) C:\WINDOWS\system32\DRIVERS\xmasbus.sys

18:33:46.0953 3784        xmasbus ( UnsignedFile.Multi.Generic ) - warning

18:33:46.0953 3784        xmasbus - detected UnsignedFile.Multi.Generic (1)

18:33:46.0968 3784        xmasscsi        (2222677f06fb7fbe44b04316437585d2) C:\WINDOWS\system32\Drivers\xmasscsi.sys

18:33:46.0968 3784        xmasscsi ( UnsignedFile.Multi.Generic ) - warning

18:33:46.0968 3784        xmasscsi - detected UnsignedFile.Multi.Generic (1)

18:33:47.0015 3784        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

18:33:47.0250 3784        xmlprov - ok

18:33:47.0281 3784        ZTEusbmdm6k     (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys

18:33:47.0328 3784        ZTEusbmdm6k - ok

18:33:47.0359 3784        ZTEusbnmea      (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys

18:33:47.0375 3784        ZTEusbnmea - ok

18:33:47.0390 3784        ZTEusbser6k     (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys

18:33:47.0406 3784        ZTEusbser6k - ok

18:33:47.0421 3784        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

18:33:47.0875 3784        \Device\Harddisk0\DR0 - ok

18:33:47.0875 3784        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

18:33:47.0921 3784        \Device\Harddisk1\DR1 - ok

18:33:47.0937 3784        Boot (0x1200)   (5d6777a6cd0c0dfe39327c532c59f946) \Device\Harddisk0\DR0\Partition0

18:33:47.0937 3784        \Device\Harddisk0\DR0\Partition0 - ok

18:33:47.0937 3784        Boot (0x1200)   (110db476b42d742588d829f259c849fc) \Device\Harddisk0\DR0\Partition1

18:33:47.0937 3784        \Device\Harddisk0\DR0\Partition1 - ok

18:33:47.0937 3784        Boot (0x1200)   (d5db7b400c99d049974bd0a5d93c4fe0) \Device\Harddisk1\DR1\Partition0

18:33:47.0937 3784        \Device\Harddisk1\DR1\Partition0 - ok

18:33:47.0937 3784        ============================================================

18:33:47.0937 3784        Scan finished

18:33:47.0937 3784        ============================================================

18:33:48.0031 4052        Detected object count: 16

18:33:48.0031 4052        Actual detected object count: 16

18:41:33.0843 4052        AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user

18:41:33.0843 4052        AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:41:33.0843 4052        AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user

18:41:33.0843 4052        AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:41:33.0843 4052        BIOS ( UnsignedFile.Multi.Generic ) - skipped by user

18:41:33.0843 4052        BIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:41:33.0843 4052        CM1083264 ( UnsignedFile.Multi.Generic ) - skipped by user

18:41:33.0843 4052        CM1083264 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:41:33.0843 4052        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

18:41:33.0843 4052        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:41:33.0843 4052        MDM ( UnsignedFile.Multi.Generic ) - skipped by user

18:41:33.0843 4052        MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:41:33.0843 4052        Ndisprot ( UnsignedFile.Multi.Generic ) - skipped by user

18:41:33.0843 4052        Ndisprot ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:41:33.0843 4052        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

18:41:33.0843 4052        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:41:33.0843 4052        NPPTNT2 ( UnsignedFile.Multi.Generic ) - skipped by user

18:41:33.0843 4052        NPPTNT2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:41:33.0843 4052        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

18:41:33.0843 4052        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:41:33.0843 4052        sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user

18:41:33.0843 4052        sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:41:33.0843 4052        sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user

18:41:33.0843 4052        sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:41:33.0843 4052        sfsync04 ( UnsignedFile.Multi.Generic ) - skipped by user

18:41:33.0843 4052        sfsync04 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:41:33.0843 4052        UI Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user

18:41:33.0843 4052        UI Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:41:33.0843 4052        xmasbus ( UnsignedFile.Multi.Generic ) - skipped by user

18:41:33.0843 4052        xmasbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 

18:41:33.0843 4052        xmasscsi ( UnsignedFile.Multi.Generic ) - skipped by user

18:41:33.0843 4052        xmasscsi ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

hier das ergebnis:

Combofix Logfile:

Code:

ComboFix 12-06-15.02 - Dracon 15.06.2012  16:47:28.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2814.2141 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Dracon\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

c:\dokumente und einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\._Revolution_

c:\programme\driver

c:\windows\IsUn0407.exe

c:\windows\system32\dllcache\dlimport.exe

c:\windows\vspc1030.exe

c:\windows\XSxS

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-05-15 bis 2012-06-15  ))))))))))))))))))))))))))))))

.

.

2012-06-12 15:08 . 2012-06-12 15:08        770384        ----a-w-        c:\programme\Mozilla Firefox\msvcr100.dll

2012-06-12 15:08 . 2012-06-12 15:08        421200        ----a-w-        c:\programme\Mozilla Firefox\msvcp100.dll

2012-06-12 01:49 . 2012-06-12 01:49        --------        d-----w-        c:\programme\ESET

2012-06-11 22:11 . 2012-06-11 22:11        --------        d-----w-        c:\dokumente und einstellungen\Dracon\Anwendungsdaten\Malwarebytes

2012-06-11 22:11 . 2012-06-11 22:11        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2012-06-11 22:11 . 2012-06-11 22:11        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2012-06-11 22:11 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-06-11 21:23 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe

2012-06-11 21:22 . 2012-06-11 17:13        --------        d-----w-        C:\_OTL

2012-06-11 16:51 . 2012-06-11 16:52        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\WinZip

2012-06-05 13:40 . 2012-06-12 15:08        85472        ----a-w-        c:\programme\Mozilla Firefox\components\browsercomps.dll

2012-06-04 13:37 . 2012-06-04 13:37        --------        d-----w-        c:\programme\AVS4YOU

2012-06-04 13:36 . 2012-03-23 17:58        11137024        ----a-w-        c:\windows\system32\libmfxsw32.dll

2012-06-04 13:35 . 2012-06-06 13:03        --------        d-----w-        c:\windows\SxsCaPendDel

2012-06-04 13:35 . 2012-06-04 13:37        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVS4YOU

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 15:21 . 2012-04-06 12:28        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-05-05 15:21 . 2011-05-17 19:17        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-12 15:08 . 2012-06-05 13:40        85472        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\dokumente und einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]

"uTorrent"="c:\programme\uTorrent\uTorrent.exe" [2009-05-01 270128]

"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"UnHackMe Monitor"="c:\programme\UnHackMe\hackmon.exe" [2010-11-11 594200]

"Steam"="g:\steam\steam.exe" [2011-12-25 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]

"LogitechVideoRepair"="c:\programme\Logitech\Video\ISStart.exe" [2004-12-14 458752]

"LogitechVideoTray"="c:\programme\Logitech\Video\LogiTray.exe" [2004-12-14 217088]

"ArcSoft Connection Service"="c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]

"UIExec"="c:\programme\Mobile Partner Manager\UIExec.exe" [2010-01-13 133120]

"Launch LCore"="c:\programme\Logitech Gaming Software\LCore.exe" [2010-11-16 94280]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-20 111208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-20 13881960]

"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2010-12-30 1753192]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]

"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\Dracon\Startmenü\Programme\Autostart\

OpenOffice.org 3.3.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

WinZip Quick Pick.lnk - c:\programme\WinZip\WZQKPICK32.EXE [2012-4-27 603536]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0Partizan\0

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Skype"="c:\programme\Skype\Phone\Skype.exe" /nosplash /minimized

"MsnMsgr"="c:\programme\Windows Live\Messenger\MsnMsgr.Exe" /background

"CurseClient"=c:\programme\Curse\CurseClient.exe -silent

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Programme\\uTorrent\\uTorrent.exe"=

"g:\\World of Warcraft Public Test\\Launcher.exe"=

"d:\\World of Warcraft\\Launcher.exe"=

"g:\\World of Warcraft Public Test\\BackgroundDownloader.exe"=

"d:\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programme\\ICQ7.2\\ICQ.exe"=

"g:\\freespace\\FS.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

"g:\\Steam\\Steam.exe"=

"g:\\Portal 2\\portal2.exe"=

"g:\\Steam\\SteamApps\\common\\star trek online\\Star Trek Online.exe"=

"g:\\Steam\\SteamApps\\common\\forsaken world\\patcher.exe"=

"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=

"c:\\Dokumente und Einstellungen\\Dracon\\Eigene Dateien\\Downloads\\Diablo-III-8370-deDE-Installer-downloader.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"g:\\Diablo 3\\Diablo III\\Diablo III.exe"=

"g:\\Steam\\SteamApps\\common\\portal 2\\portal2.exe"=

"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Battle.net\\Agent\\Agent.976\\Agent.exe"=

"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Battle.net\\Agent\\Agent.998\\Agent.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [09.12.2010 21:08 35816]

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [12.03.2008 19:02 140800]

R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [12.03.2008 19:02 5504]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [20.02.2008 17:01 13696]

R1 Ndisprot;GreenPacket NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [16.07.2010 16:02 21504]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [24.08.2009 21:39 108289]

R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [12.06.2012 00:11 654408]

R2 TeamViewer4;TeamViewer 4;c:\programme\TeamViewer\Version4\TeamViewer_Service.exe [06.05.2009 11:11 185640]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [21.11.2011 16:11 1052480]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [08.06.2011 23:19 19720]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [08.06.2011 23:19 14856]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12.06.2012 00:11 22344]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [30.06.2011 20:15 100456]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 08:24 10064]

S2 UI Assistant Service;UI Assistant Service;c:\programme\Mobile Partner Manager\AssistantServices.exe [16.07.2010 16:02 247296]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06.04.2012 14:28 257696]

S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [28.05.2009 21:11 1294336]

S3 HCW77BDA;Hauppauge Nova-T Stick DVB-T Tuner;c:\windows\system32\drivers\hcw70bda.sys [30.12.2008 13:37 118850]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [16.07.2010 16:02 9216]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [04.05.2012 15:17 113120]

S3 phaudlwr;Philips Audio Filter;c:\windows\system32\drivers\phaudlwr.sys [02.07.2009 21:15 88704]

S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [12.04.2010 17:08 24416]

S3 SaiH0460;SaiH0460;c:\windows\system32\drivers\SaiH0460.sys [01.05.2007 16:08 132232]

S3 SPC1030;USB2.0 PC Camera (SPC1030);c:\windows\system32\drivers\spc1030.sys [02.07.2009 21:00 3035776]

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - UnHackMeDrv

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

Inhalt des "geplante Tasks" Ordners

.

2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:21]

.

2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1965331169-839522115-1003Core.job

- c:\dokumente und einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2012-02-26 18:21]

.

2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1965331169-839522115-1003UA.job

- c:\dokumente und einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2012-02-26 18:21]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://start.icq.com/

mStart Page = hxxp://www.google.com

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

TCP: Interfaces\{36E3588F-5753-4F02-8708-5A2776757953}: NameServer = 192.168.178.1

FF - ProfilePath - c:\dokumente und einstellungen\Dracon\Anwendungsdaten\Mozilla\Firefox\Profiles\wrwezuke.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://navigator.web.de/navigator/show?sid=88da678de4c54db45ee56a8133139dedaf088842574fc6326bc2b80f0b94acd57b378ac5fc2917b5ca9796b1eb4561b6#home|https://return2.space/index.php|hxxp://www.meinvz.net/Default|hxxp://www.facebook.com/home.php

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=

FF - prefs.js: network.proxy.type - 4

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.notify.interval - 600000

FF - user.js: content.switch.threshold - 600000

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: yahoo.homepage.dontask - true

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-B47AB9C5 - c:\windows\system32\694A625BB47AB9C56908.exe

HKLM-Run-spc1030 - c:\windows\vspc1030.exe

HKU-Default-RunOnce-IETI - c:\programme\Skype\Phone\IEPlugin\unins000.exe

AddRemove-FreeSpace - c:\windows\ISUN0407.EXE

AddRemove-Postal 2_is1 - h:\portal 2\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-06-15 16:51

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-861567501-1965331169-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:5c,df,fd,d5,1b,9b,41,66,7a,32,d6,0a,8d,2b,81,d9,bc,a4,06,0f,b2,c8,97,

   4f,96,77,a8,7f,ef,42,8c,27,b3,82,82,26,81,7c,9f,ec,5e,bc,26,91,87,9f,60,de,\

"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b

.

Zeit der Fertigstellung: 2012-06-15  16:54:24

ComboFix-quarantined-files.txt  2012-06-15 14:54

.

Vor Suchlauf: 999.473.152 Bytes frei

Nach Suchlauf: 920.219.648 Bytes frei

.

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[Boot Loader]

Timeout=2

Default=c:\$win_nt$.~bt\BOOTSECT.DAT

[Operating Systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional Setup"

.

- - End Of File - - 194C005CCE5A59815FC21ADF4EA22E9E

--- --- ---

hab ich eigentlich schonmal gesagt, wie dankbar ich für deine hilfe bin?
falls nicht, dann jetzt.
ich danke dir viiiiiiielmals für deine hilfe !

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

hier mal GMER

GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-06-16 19:30:29

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-75DKA0 rev.77.07W77

Running: urpni052.exe; Driver: C:\DOKUME~1\Dracon\LOKALE~1\Temp\fxtdapob.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            B8741B56                                                                                                                                                                                                                                  ZwCreateKey

SSDT            B8741B4C                                                                                                                                                                                                                                  ZwCreateThread

SSDT            B8741B5B                                                                                                                                                                                                                                  ZwDeleteKey

SSDT            B8741B65                                                                                                                                                                                                                                  ZwDeleteValueKey

SSDT            B8741B6A                                                                                                                                                                                                                                  ZwLoadKey

SSDT            B8741B38                                                                                                                                                                                                                                  ZwOpenProcess

SSDT            B8741B3D                                                                                                                                                                                                                                  ZwOpenThread

SSDT            B8741B74                                                                                                                                                                                                                                  ZwReplaceKey

SSDT            B8741B6F                                                                                                                                                                                                                                  ZwRestoreKey

SSDT            B8741B60                                                                                                                                                                                                                                  ZwSetValueKey

SSDT            B8741B47                                                                                                                                                                                                                                  ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.xreloc         C:\WINDOWS\system32\drivers\sfsync04.sys                                                                                                                                                                                                  unknown last section [0xB7F43000, 0xC0A, 0x40000040]

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                                                                                                                  section is writeable [0xB6C683A0, 0x5FD612, 0xE8000020]

.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                                                                                                                                                    section is writeable [0xB2F22300, 0x3ACC8, 0xE8000020]

.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                                                                                                                                                    section is writeable [0xB83A0300, 0x1B7E, 0xE8000020]
 

---- Devices - GMER 1.0.15 ----
 

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                                                                                                    8B4207CC

Device          \FileSystem\Fastfat \FatCdrom                                                                                                                                                                                                             8B039474

Device          \Driver\Cdrom \Device\CdRom0                                                                                                                                                                                                              8AFCA0C8

Device          \FileSystem\Rdbss \Device\FsWrap                                                                                                                                                                                                          8B0022BC

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                                                                                                                                               8B447E10

Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                                                                                                                        8B447E10

Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                                                                                                                        8B447E10

Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e                                                                                                                                                                                               8B447E10

Device          \Driver\Cdrom \Device\CdRom1                                                                                                                                                                                                              8AFCA0C8

Device          \FileSystem\Srv \Device\LanmanServer                                                                                                                                                                                                      8AC73CF4

Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                                                                                                                         8B0B26DC

Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                                                                                                                               8B0B26DC

Device          \FileSystem\Npfs \Device\NamedPipe                                                                                                                                                                                                        8B014784

Device          \FileSystem\Msfs \Device\Mailslot                                                                                                                                                                                                         8ACF34AC

Device          \Driver\viamraid \Device\Scsi\viamraid1Port3Path0Target4Lun0                                                                                                                                                                              8AEFBB18

Device          \Driver\xmasscsi \Device\Scsi\xmasscsi1                                                                                                                                                                                                   8B1190C8

Device          \Driver\viamraid \Device\Scsi\viamraid1                                                                                                                                                                                                   8AEFBB18

Device          \Driver\xmasscsi \Device\Scsi\xmasscsi1Port2Path0Target0Lun0                                                                                                                                                                              8B1190C8

Device          \FileSystem\Fastfat \Fat                                                                                                                                                                                                                  8B039474
 

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                                                                                                  fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer                                                                                                                                                                                        8AC287C4

Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer                                                                                                                                                                                         8AC287C4

Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer                                                                                                                                                                                             8AC287C4

Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer                                                                                                                                                                                          8AC287C4

Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer                                                                                                                                                                                         8AC287C4

Device          \FileSystem\Cdfs \Cdfs                                                                                                                                                                                                                    8AD82B54

---- Processes - GMER 1.0.15 ----
 

Library         C:\Dokumente (*** hidden *** ) @ C:\Dokumente [2760]                                                                                                                                                                                      0x00400000                                                              
 

---- Files - GMER 1.0.15 ----
 

File            C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.0.0.\Alcohol Soft Development Team.manifest         588 bytes

File            C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.0.0.\Alcohol Soft Development Team@1.0.0..manifest  588 bytes

File            C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.7.\Alcohol Soft Development Team.manifest         588 bytes

File            C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.7.\Alcohol Soft Development Team@1.9.7..manifest  588 bytes

File            C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.9.\Alcohol Soft Development Team.manifest         588 bytes

File            C:\Dokumente und Einstellungen\Dracon\Lokale Einstellungen\Anwendungsdaten\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.9.\Alcohol Soft Development Team@1.9.9..manifest  588 bytes
 

---- EOF - GMER 1.0.15 ----

--- --- ---

bei Osam kommt aber beim Online Malware Scanner "Waiting for server analyse request." FAILED

Zitat:

bei Osam kommt aber beim Online Malware Scanner "Waiting for server analyse request." FAILED

Du solltest auch mal meine Hinweise lesen, denn genau diese Abfrage sollte du bei OSAM abbrechen!