Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Schwarzer Desktop, Icons versteckt, "delayed write failed..." (https://www.trojaner-board.de/105152-schwarzer-desktop-icons-versteckt-delayed-write-failed.html)

sid77 16.11.2011 21:29
Schwarzer Desktop, Icons versteckt, "delayed write failed..."
 
Wie bei vielen anderen hat der Schädling auch meine Platte mit seiner Anwesenheit beglückt. Was genau macht der Virus/Trojaner/wasauchimmer gerade mit meinem System? Muss ich das Sytem neu aufsetzen? Wäre super wenn mir jemand helfen könnte :)

Hier die LogFiles
Zitat:
OTL logfile created on: 16.11.2011 21:08:19 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

511,48 Mb Total Physical Memory | 261,03 Mb Available Physical Memory | 51,03% Memory free
2,47 Gb Paging File | 2,18 Gb Available in Paging File | 88,13% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 90,45 Gb Total Space | 26,55 Gb Free Space | 29,35% Space Free | Partition Type: FAT32
Drive D: | 90,94 Gb Total Space | 77,15 Gb Free Space | 84,84% Space Free | Partition Type: FAT32
Drive F: | 7,45 Gb Total Space | 7,25 Gb Free Space | 97,22% Space Free | Partition Type: FAT32

Computer Name: ACER-59DE6FF88D | User Name: CSCH1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
PRC - C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe ()
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)


========== Modules (No Company Name) ==========

MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (MA_CMIDI_InstallerService) -- C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech Webcam 200(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NvnUsbAudio) -- C:\WINDOWS\system32\drivers\nvnusbaudio.sys (Novation DMS Ltd.)
DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (BCMIDI) -- C:\WINDOWS\system32\drivers\bcmidi2.sys (Behringer Spezielle Studiotechnik GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (MA_CMIDI) -- C:\WINDOWS\system32\drivers\ma_cmidi.sys (M-Audio)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (BCR2000) B-Control Rotary/Fader 2000 (12/23/2004,1.1.1.1) -- C:\WINDOWS\system32\drivers\bcr2000.sys (Behringer Spezielle Studiotechnik GmbH)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DELTA) Service for Delta Driver (WDM) -- C:\WINDOWS\system32\drivers\delta.sys (Midiman/M-Audio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wer-kennt-wen.de/start
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.sequencer.de/synthesizer/index.php"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2008.07.02 19:52:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008.07.02 19:52:38 | 000,000,000 | ---D | M]

[2008.07.02 19:52:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\Mozilla\Extensions
[2006.07.18 12:47:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\Mozilla\Firefox\Profiles\joa8o0hr.default\extensions
[2010.04.27 17:33:20 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\Mozilla\Firefox\Profiles\joa8o0hr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.04 14:03:26 | 000,000,000 | -H-D | M] (ColorZilla) -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\Mozilla\Firefox\Profiles\joa8o0hr.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011.11.11 16:56:10 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\Mozilla\Firefox\Profiles\joa8o0hr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.09.26 14:24:04 | 000,000,000 | -H-D | M] (PitchDark) -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\Mozilla\Firefox\Profiles\joa8o0hr.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009.03.30 20:02:52 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\Mozilla\Firefox\Profiles\joa8o0hr.default\extensions\moveplayer@movenetworks.com
[2009.07.15 17:57:48 | 000,000,687 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\Mozilla\Firefox\Profiles\joa8o0hr.default\searchplugins\icq-search.xml
[2009.07.15 17:58:08 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\Mozilla\Firefox\Profiles\joa8o0hr.default\searchplugins\icqplugin.xml
[2008.07.02 19:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.03.30 20:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\CSCH1\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JOA8O0HR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\CSCH1\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JOA8O0HR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.11 21:23:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.09.01 22:14:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.05 18:44:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2011.10.05 18:44:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.05 18:44:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.05 18:44:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.05 18:44:32 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.05 18:44:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.11.02 16:54:30 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006.06.22 10:03:46 | 000,000,100 | -H-- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{81801140-fe44-11e0-872f-0016ec1a3802}\Shell - "" = AutoRun
O33 - MountPoints2\{81801140-fe44-11e0-872f-0016ec1a3802}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{81801140-fe44-11e0-872f-0016ec1a3802}\Shell\AutoRun\command - "" = F:\HPLauncher.exe
O33 - MountPoints2\{97e9e4d3-82d3-11db-be04-001150b13bc9}\Shell - "" = AutoRun
O33 - MountPoints2\{97e9e4d3-82d3-11db-be04-001150b13bc9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{97e9e4d3-82d3-11db-be04-001150b13bc9}\Shell\AutoRun\command - "" = J:\LaunchU3.exe
O33 - MountPoints2\{e7a9c166-e9a8-11df-857a-0016ec1a3802}\Shell\AutoRun\command - "" = F:\TranscendService(JF).exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.11.16 20:25:31 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\CSCH1\Recent
[2011.11.16 20:21:04 | 000,000,000 | -HSD | C] -- C:\FOUND.008
[2011.11.16 19:56:34 | 000,000,000 | -HSD | C] -- C:\FOUND.007
[2011.11.16 18:33:04 | 000,491,520 | -H-- | C] (Rcvr Inc) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IoWwDnqsYPU.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.16 20:39:52 | 000,000,684 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011.11.16 20:39:44 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.16 20:38:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.16 20:38:30 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.16 20:37:20 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011.11.16 18:28:50 | 000,491,520 | -H-- | M] (Rcvr Inc) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IoWwDnqsYPU.exe
[2011.11.16 15:30:44 | 000,001,324 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.11.15 19:43:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011.11.15 19:43:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011.11.10 18:59:40 | 239,534,758 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\audlab1-8.zip
[2011.11.10 18:43:24 | 036,756,734 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\Cutout-BipolarEP-Audlab8-MP3-Promo.zip
[2011.11.10 18:43:10 | 034,033,893 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\S-Tek-RoteErdeEP-Audlab9-MP3-Promo.zip
[2011.11.10 17:49:10 | 000,236,032 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.06 11:45:26 | 002,915,824 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\anleitung_sound_windowsxp.pdf
[2011.11.05 20:49:30 | 002,026,713 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\09-patch_panel_pg-2010-d.pdf
[2011.11.05 18:05:34 | 000,653,279 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\PX2000_GER_Rev_D.pdf
[2011.11.02 13:47:12 | 000,006,654 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\.recently-used.xbel
[2011.10.30 08:20:00 | 000,235,960 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.16 20:38:29 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.16 20:08:26 | 000,000,684 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2011.11.10 18:36:24 | 239,534,758 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\audlab1-8.zip
[2011.11.10 18:36:05 | 034,033,893 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\S-Tek-RoteErdeEP-Audlab9-MP3-Promo.zip
[2011.11.10 18:35:51 | 036,756,734 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\Cutout-BipolarEP-Audlab8-MP3-Promo.zip
[2011.11.06 11:45:25 | 002,915,824 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\anleitung_sound_windowsxp.pdf
[2011.11.05 20:49:26 | 002,026,713 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\09-patch_panel_pg-2010-d.pdf
[2011.11.05 18:05:33 | 000,653,279 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\PX2000_GER_Rev_D.pdf
[2011.11.02 13:47:11 | 000,006,654 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\.recently-used.xbel
[2011.08.18 15:42:28 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\InstFunc.exe
[2010.11.05 18:31:28 | 000,082,289 | RH-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010.09.22 12:34:51 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.06.03 10:23:10 | 000,000,041 | -H-- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2010.04.07 19:05:53 | 000,010,660 | -H-- | C] () -- C:\WINDOWS\hpdj3500.ini
[2009.12.22 20:33:55 | 000,007,168 | -H-- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.10.07 01:46:36 | 000,025,752 | -H-- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | -H-- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009.08.06 15:32:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.11.29 13:49:57 | 000,001,725 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\MStereoExpanderpresets.xml
[2008.11.22 11:53:53 | 000,002,892 | -H-- | C] () -- C:\WINDOWS\System32\audcon.sys
[2008.11.22 11:53:41 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\Synsopos.exe
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibytr.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibsfh.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibrty.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibpop.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\ssliblww.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\solejttd.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\slibdd.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\slhpt.dll
[2008.05.05 14:39:49 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2008.05.05 14:39:49 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2008.01.20 13:34:12 | 000,000,522 | -H-- | C] () -- C:\WINDOWS\AN1xEdit.INI
[2007.12.12 19:54:43 | 000,000,035 | -H-- | C] () -- C:\WINDOWS\A4W.INI
[2007.12.12 19:54:13 | 000,001,279 | -H-- | C] () -- C:\WINDOWS\pstudio.ini
[2007.12.12 19:54:13 | 000,000,011 | -H-- | C] () -- C:\WINDOWS\album.ini
[2007.11.25 15:17:30 | 000,000,697 | -H-- | C] () -- C:\WINDOWS\Sam9_D.INI
[2007.11.25 15:07:03 | 000,120,200 | -H-- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2007.11.25 15:06:17 | 000,006,768 | -H-- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007.11.19 20:15:27 | 000,000,305 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.05.19 14:23:12 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007.05.19 14:23:12 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007.05.19 14:23:12 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007.05.19 14:23:12 | 000,000,342 | -H-- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007.05.19 14:23:12 | 000,000,073 | -H-- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007.05.18 17:38:30 | 000,000,167 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2007.04.19 14:12:07 | 000,000,187 | -H-- | C] () -- C:\WINDOWS\OPHC.INI
[2006.09.12 09:42:28 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\Missing.ini
[2006.08.04 13:10:22 | 000,000,253 | -H-- | C] () -- C:\WINDOWS\tm.ini
[2006.08.01 16:18:53 | 000,000,409 | -H-- | C] () -- C:\WINDOWS\cmbtll.ini
[2006.08.01 16:18:53 | 000,000,185 | -H-- | C] () -- C:\WINDOWS\cmbtctl.ini
[2006.08.01 16:18:43 | 000,000,124 | -H-- | C] () -- C:\WINDOWS\combit.ini
[2006.08.01 16:18:43 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\VISKARTE.INI
[2006.07.18 12:47:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2006.07.18 12:47:34 | 000,003,020 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2006.07.11 09:11:48 | 000,236,032 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.07.05 17:40:08 | 000,000,914 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.06.28 11:19:56 | 000,210,944 | -H-- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006.06.27 13:11:59 | 000,000,052 | -H-- | C] () -- C:\WINDOWS\Relax.ini
[2006.06.26 16:47:12 | 000,000,155 | -H-- | C] () -- C:\WINDOWS\imagewiz.ini
[2006.06.22 11:24:01 | 000,073,216 | -H-- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2006.06.01 12:38:02 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006.06.01 12:04:53 | 000,005,038 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\wklnhst.dat
[2006.06.01 11:46:29 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2006.05.17 22:28:14 | 000,016,031 | -H-- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2006.01.05 20:23:29 | 000,104,373 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005.11.02 17:40:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.11.02 17:40:38 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2005.11.02 17:25:14 | 000,235,960 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.11.02 17:00:04 | 000,464,256 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2005.11.02 17:00:04 | 000,445,792 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005.11.02 17:00:04 | 000,086,638 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2005.11.02 17:00:04 | 000,072,998 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005.11.02 16:54:52 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005.11.02 16:41:20 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.11.02 16:40:12 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005.10.19 16:12:06 | 000,000,083 | -H-- | C] () -- C:\WINDOWS\ALaunch.ini
[2005.07.15 09:48:00 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005.07.13 03:05:38 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005.07.12 14:44:42 | 000,015,872 | -H-- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005.02.03 11:11:40 | 000,008,073 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004.09.07 07:23:00 | 000,156,672 | -H-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004.08.04 05:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 05:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 05:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 05:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 05:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 05:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 05:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 05:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 05:00:00 | 000,003,776 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.04 05:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.04 05:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.03.23 16:38:00 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003.11.26 16:10:18 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis741.bin
[2003.11.26 16:10:12 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis760.bin
[2003.03.14 12:24:00 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2003.02.20 17:53:42 | 000,005,702 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.09.18 00:45:00 | 000,119,808 | -H-- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002.05.24 17:34:46 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\AMove.exe
[2001.12.26 16:12:30 | 000,065,536 | RH-- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | RH-- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.08.26 17:04:08 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.26 17:02:42 | 000,004,524 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.07.30 16:33:56 | 000,118,784 | RH-- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | RH-- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2000.08.22 23:58:54 | 000,058,928 | -H-- | C] () -- C:\WINDOWS\System32\crnsnmp.dll

< End of report >
Zitat:
OTL Extras logfile created on: 16.11.2011 21:08:19 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

511,48 Mb Total Physical Memory | 261,03 Mb Available Physical Memory | 51,03% Memory free
2,47 Gb Paging File | 2,18 Gb Available in Paging File | 88,13% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 90,45 Gb Total Space | 26,55 Gb Free Space | 29,35% Space Free | Partition Type: FAT32
Drive D: | 90,94 Gb Total Space | 77,15 Gb Free Space | 84,84% Space Free | Partition Type: FAT32
Drive F: | 7,45 Gb Total Space | 7,25 Gb Free Space | 97,22% Space Free | Partition Type: FAT32

Computer Name: ACER-59DE6FF88D | User Name: CSCH1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Steinberg\WaveLab Lite\WaveLab Lite.exe" = C:\Programme\Steinberg\WaveLab Lite\WaveLab Lite.exe:*:Enabled:WaveLab Lite -- (Steinberg Media Technologies)
"C:\WINDOWS\System32\dpvsetup.exe" = C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\MAGIX\Samplitude_SE_No9\Sam9_D.exe" = C:\Programme\MAGIX\Samplitude_SE_No9\Sam9_D.exe:*:Enabled:Samplitude
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
"E:\EasySetupAssistant\wr841n\EasySetupAssistant.exe" = E:\EasySetupAssistant\wr841n\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{060D5B35-5C21-406A-9EAD-370999618F86}" = KORG Legacy Collection VST
"{18D03DE2-D142-4A6C-B346-2FA7C8D76A57}" = BassStation
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = MA_CMIDI
"{38F48AED-66D8-464C-993E-C7296C7A199B}" = Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D729200-F340-4A74-A1E9-32387CDC63EF}" = OKI Colour Correct Utility
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4810699-E859-43A6-8F40-1743873E72AB}" = Delta
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}" = MIDI-OX
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7EC0699-D82C-4451-B701-C98C330D43AF}" = hp deskjet 3500
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB091860-8C2B-4E49-A543-666373C39E6F}" = microKORG SoundEditor
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.65
"Acoustica_is1" = Acoustica 3.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"eLicenser Control" = eLicenser Control
"Eraser" = Eraser
"Euro-Rechnungsdruckerei" = Euro-Rechnungsdruckerei
"FileZilla Client" = FileZilla Client 3.2.0
"FL Studio 10" = FL Studio 10
"FL Studio 8" = FL Studio 8
"FL Studio 9" = FL Studio 9
"FLV Player" = FLV Player 2.0 (build 25)
"FreeAlpha 3" = FreeAlpha 3
"FreePDF_XP" = FreePDF XP (Remove only)
"Genesis Vst" = Genesis Vst
"Glitch One MB VSTi V1.0b_is1" = Glitch One MB VSTi Version 1.0b
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"iZotope Vinyl_is1" = iZotope Vinyl
"KEYS Alpha" = KEYS Alpha
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"MeldaProduction MStereoExpander" = MeldaProduction MStereoExpander
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"PDF Reader 2" = PDF Reader 2
"PoiZone" = PoiZone
"Prophet '08 Sound Editor_is1" = Prophet '08 Sound Editor Ver. 2.0.1a
"RADVideo" = RAD Video Tools
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Rock V1.06_is1" = Rock
"Sawer" = Sawer
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"StormGate1 1.0c_is1" = StormGate1 1.0c
"Synth1" = Synth1
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WaveLabLite" = WaveLab Lite
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WWAYM - NWBass V1.1" = WWAYM - NWBass V1.1
"WWAYM - NWEQ V1.21" = WWAYM - NWEQ V1.21

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25.06.2011 09:34:14 | Computer Name = ACER-59DE6FF88D | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 03.08.2011 11:09:02 | Computer Name = ACER-59DE6FF88D | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .

Error - 03.08.2011 11:09:02 | Computer Name = ACER-59DE6FF88D | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .

Error - 05.08.2011 12:22:37 | Computer Name = ACER-59DE6FF88D | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 07.09.2011 21:17:50 | Computer Name = ACER-59DE6FF88D | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .

Error - 13.10.2011 21:01:28 | Computer Name = ACER-59DE6FF88D | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{EFCE7BE0-510E-4932-9475-F44CD90DE16A}"
konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
der Protokolldatei C:\WINDOWS\TEMP\NDP1.1sp1-KB2572067-X86\NDP1.1sp1-KB2572067-X86-msi.0.log
enthalten.

Error - 13.10.2011 21:01:29 | Computer Name = ACER-59DE6FF88D | Source = NativeWrapper | ID = 5000
Description =

Error - 17.10.2011 13:35:08 | Computer Name = ACER-59DE6FF88D | Source = ESENT | ID = 490
Description = svchost (888) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 25.10.2011 05:44:31 | Computer Name = ACER-59DE6FF88D | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 0.8.6.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 25.10.2011 05:44:32 | Computer Name = ACER-59DE6FF88D | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 0.8.6.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

[ System Events ]
Error - 16.11.2011 15:07:33 | Computer Name = ACER-59DE6FF88D | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService.

Error - 16.11.2011 15:30:16 | Computer Name = ACER-59DE6FF88D | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 16.11.2011 15:30:28 | Computer Name = ACER-59DE6FF88D | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16.11.2011 15:31:19 | Computer Name = ACER-59DE6FF88D | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31

Error - 16.11.2011 15:31:19 | Computer Name = ACER-59DE6FF88D | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31

Error - 16.11.2011 15:31:19 | Computer Name = ACER-59DE6FF88D | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31

Error - 16.11.2011 15:31:19 | Computer Name = ACER-59DE6FF88D | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31

Error - 16.11.2011 15:31:19 | Computer Name = ACER-59DE6FF88D | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip

Error - 16.11.2011 15:37:56 | Computer Name = ACER-59DE6FF88D | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16.11.2011 15:53:13 | Computer Name = ACER-59DE6FF88D | Source = Service Control Manager | ID = 7034
Description = Dienst "Process Monitor" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.


< End of report >
Besten Dank im Voraus

cosinus 17.11.2011 11:21
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


sid77 17.11.2011 17:36
hier die logs:

MWB
Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8183

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

17.11.2011 16:12:40
mbam-log-2011-11-17 (16-12-40).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 173244
Laufzeit: 1 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\dokumente und einstellungen\all users\anwendungsdaten\iowwdnqsypu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
ESET
Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=21d1aa7495520b4d87acc338c75f4377
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-17 04:32:45
# local_time=2011-11-17 05:32:45 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775126 100 100 520482 97055742 86521 0
# compatibility_mode=8192 67108863 100 0 3874 3874 0 0
# scanned=160206
# found=2
# cleaned=0
# scan_time=3533
C:\Programme\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll probably a variant of Win32/Delf.LQXDKYX trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6A64D557-BC92-46F9-A643-A8B63C17348B}\RP1499\A0202559.exe Win32/TrojanDownloader.Prodatect.BK trojan (unable to clean) 00000000000000000000000000000000 I
danke & gruß

cosinus 17.11.2011 20:11
Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

sid77 17.11.2011 20:55
Sry, war das falsche. Hier der Vollscan

Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8183

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

17.11.2011 18:04:33
mbam-log-2011-11-17 (18-04-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 328437
Laufzeit: 19 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\system volume information\_restore{6a64d557-bc92-46f9-a643-a8b63c17348b}\RP1499\A0202559.exe (Trojan.FakeAlert) -> No action taken.

cosinus 17.11.2011 21:18
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

sid77 17.11.2011 22:10
Hier der OTL.txt
OTL Logfile:
Code:
OTL logfile created on: 17.11.2011 22:00:07 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,48 Mb Total Physical Memory | 358,72 Mb Available Physical Memory | 70,13% Memory free
2,47 Gb Paging File | 2,38 Gb Available in Paging File | 96,24% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 90,45 Gb Total Space | 27,02 Gb Free Space | 29,87% Space Free | Partition Type: FAT32
Drive D: | 90,94 Gb Total Space | 77,15 Gb Free Space | 84,84% Space Free | Partition Type: FAT32
Drive F: | 7,45 Gb Total Space | 7,24 Gb Free Space | 97,10% Space Free | Partition Type: FAT32
 
Computer Name: ACER-59DE6FF88D | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) --  File not found
SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (MA_CMIDI_InstallerService) -- C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech Webcam 200(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NvnUsbAudio) -- C:\WINDOWS\system32\drivers\nvnusbaudio.sys (Novation DMS Ltd.)
DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (BCMIDI) -- C:\WINDOWS\system32\drivers\bcmidi2.sys (Behringer Spezielle Studiotechnik GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (MA_CMIDI) -- C:\WINDOWS\system32\drivers\ma_cmidi.sys (M-Audio)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (BCR2000) B-Control Rotary/Fader 2000 (12/23/2004,1.1.1.1) -- C:\WINDOWS\system32\drivers\bcr2000.sys (Behringer Spezielle Studiotechnik GmbH)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DELTA) Service for Delta Driver (WDM) -- C:\WINDOWS\system32\drivers\delta.sys (Midiman/M-Audio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Acer.com Worldwide - Select your local country or region
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2008.07.02 19:52:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008.07.02 19:52:38 | 000,000,000 | ---D | M]
 
[2011.11.17 16:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2008.07.02 19:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.03.30 20:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.11.11 21:23:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.09.01 22:14:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.05 18:44:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2011.10.05 18:44:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.05 18:44:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.05 18:44:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.05 18:44:32 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.05 18:44:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
 
O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{118ED3F5-82A9-46D3-9F95-B90632F6892E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.11.02 16:54:30 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006.06.22 10:03:46 | 000,000,100 | -H-- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^CSCH1^Startmenü^Programme^Autostart^Logitech . Produktregistrierung.lnk - C:\Programme\Logitech\Logitech WebCam Software\eReg.exe - (Leader Technologies/Logitech)
MsConfig - StartUpReg: Eraser - hkey= - key= - C:\Programme\Eraser\Eraser.exe (The Eraser Project)
MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Programme\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= -  File not found
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: midi1 - C:\WINDOWS\System32\ma_cmidn.dll (M-Audio)
Drivers32: midi2 - C:\WINDOWS\System32\ma_cmidn.dll (M-Audio)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.17 21:59:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.11.17 16:29:21 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.11.17 16:26:06 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe
[2011.11.17 16:26:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
[2011.11.17 16:24:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
[2011.11.17 16:03:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2011.11.17 16:03:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.11.17 16:03:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.11.17 16:03:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.11.17 16:03:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.11.17 16:01:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2011.11.17 16:01:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2011.11.16 20:21:04 | 000,000,000 | -HSD | C] -- C:\FOUND.008
[2011.11.16 19:56:34 | 000,000,000 | -HSD | C] -- C:\FOUND.007
[2011.11.16 19:08:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Adobe
[2011.11.16 19:08:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
[2011.11.16 19:02:56 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2011.11.16 19:02:56 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Cookies
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Zubehör
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\SendTo
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Favoriten
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
[2011.11.16 19:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Vorlagen
[2011.11.16 19:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Symantec
[2011.11.16 19:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
[2011.11.16 19:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities
[2011.11.16 19:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
[2011.11.16 19:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop
[2011.11.16 19:02:55 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Musik
[2011.11.16 19:02:55 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
[2011.11.16 19:02:55 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Bilder
[2011.11.16 19:02:55 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2011.11.16 19:02:55 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.17 20:51:40 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.17 20:51:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.17 16:26:16 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe
[2011.11.17 16:03:40 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.17 15:30:08 | 000,000,684 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011.11.16 20:37:20 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011.11.16 20:02:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.11.16 15:30:44 | 000,001,324 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.11.15 19:43:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011.11.15 19:43:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011.10.30 08:20:00 | 000,235,960 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.17 16:03:38 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.16 20:08:26 | 000,000,684 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2011.11.16 19:02:57 | 000,001,507 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk
[2011.11.16 19:02:57 | 000,000,655 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Internet Explorer.lnk
[2011.11.16 19:02:57 | 000,000,626 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Outlook Express.lnk
[2011.08.18 15:42:28 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\InstFunc.exe
[2010.11.05 18:31:28 | 000,082,289 | RH-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010.09.22 12:34:51 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.06.03 10:23:10 | 000,000,041 | -H-- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2010.04.07 19:05:53 | 000,010,660 | -H-- | C] () -- C:\WINDOWS\hpdj3500.ini
[2009.12.22 20:33:55 | 000,007,168 | -H-- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.10.07 01:46:36 | 000,025,752 | -H-- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | -H-- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009.08.06 15:32:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.11.22 11:53:53 | 000,002,892 | -H-- | C] () -- C:\WINDOWS\System32\audcon.sys
[2008.11.22 11:53:41 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\Synsopos.exe
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibytr.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibsfh.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibrty.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibpop.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\ssliblww.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\solejttd.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\slibdd.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\slhpt.dll
[2008.05.05 14:39:49 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2008.05.05 14:39:49 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2008.01.20 13:34:12 | 000,000,522 | -H-- | C] () -- C:\WINDOWS\AN1xEdit.INI
[2007.12.12 19:54:43 | 000,000,035 | -H-- | C] () -- C:\WINDOWS\A4W.INI
[2007.12.12 19:54:13 | 000,001,279 | -H-- | C] () -- C:\WINDOWS\pstudio.ini
[2007.12.12 19:54:13 | 000,000,011 | -H-- | C] () -- C:\WINDOWS\album.ini
[2007.11.25 15:17:30 | 000,000,697 | -H-- | C] () -- C:\WINDOWS\Sam9_D.INI
[2007.11.25 15:07:03 | 000,120,200 | -H-- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2007.11.25 15:06:17 | 000,006,768 | -H-- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007.11.19 20:15:27 | 000,000,305 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.05.19 14:23:12 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007.05.19 14:23:12 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007.05.19 14:23:12 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007.05.19 14:23:12 | 000,000,342 | -H-- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007.05.19 14:23:12 | 000,000,073 | -H-- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007.05.18 17:38:30 | 000,000,167 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2007.04.19 14:12:07 | 000,000,187 | -H-- | C] () -- C:\WINDOWS\OPHC.INI
[2006.09.12 09:42:28 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\Missing.ini
[2006.08.04 13:10:22 | 000,000,253 | -H-- | C] () -- C:\WINDOWS\tm.ini
[2006.08.01 16:18:53 | 000,000,409 | -H-- | C] () -- C:\WINDOWS\cmbtll.ini
[2006.08.01 16:18:53 | 000,000,185 | -H-- | C] () -- C:\WINDOWS\cmbtctl.ini
[2006.08.01 16:18:43 | 000,000,124 | -H-- | C] () -- C:\WINDOWS\combit.ini
[2006.08.01 16:18:43 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\VISKARTE.INI
[2006.07.18 12:47:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2006.07.18 12:47:34 | 000,003,020 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2006.07.05 17:40:08 | 000,000,914 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.06.28 11:19:56 | 000,210,944 | -H-- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006.06.27 13:11:59 | 000,000,052 | -H-- | C] () -- C:\WINDOWS\Relax.ini
[2006.06.26 16:47:12 | 000,000,155 | -H-- | C] () -- C:\WINDOWS\imagewiz.ini
[2006.06.22 11:24:01 | 000,073,216 | -H-- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2006.06.01 12:38:02 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006.06.01 11:46:29 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2006.05.17 22:28:14 | 000,016,031 | -H-- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2006.01.05 20:23:29 | 000,104,373 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005.11.02 17:40:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.11.02 17:40:38 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2005.11.02 17:25:14 | 000,235,960 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.11.02 17:00:04 | 000,464,256 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2005.11.02 17:00:04 | 000,445,792 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005.11.02 17:00:04 | 000,086,638 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2005.11.02 17:00:04 | 000,072,998 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005.11.02 16:54:52 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005.11.02 16:41:20 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.11.02 16:40:12 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005.10.19 16:12:06 | 000,000,083 | -H-- | C] () -- C:\WINDOWS\ALaunch.ini
[2005.07.15 09:48:00 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005.07.13 03:05:38 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005.07.12 14:44:42 | 000,015,872 | -H-- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005.02.03 11:11:40 | 000,008,073 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004.09.07 07:23:00 | 000,156,672 | -H-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004.08.04 05:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 05:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 05:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 05:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 05:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 05:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 05:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 05:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 05:00:00 | 000,003,776 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.04 05:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.04 05:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.03.23 16:38:00 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003.11.26 16:10:18 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis741.bin
[2003.11.26 16:10:12 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis760.bin
[2003.03.14 12:24:00 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2003.02.20 17:53:42 | 000,005,702 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.09.18 00:45:00 | 000,119,808 | -H-- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002.05.24 17:34:46 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\AMove.exe
[2001.12.26 16:12:30 | 000,065,536 | RH-- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | RH-- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.08.26 17:04:08 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.26 17:02:42 | 000,004,524 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.07.30 16:33:56 | 000,118,784 | RH-- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | RH-- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2000.08.22 23:58:54 | 000,058,928 | -H-- | C] () -- C:\WINDOWS\System32\crnsnmp.dll
 
========== LOP Check ==========
 
[2008.02.06 10:35:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
[2008.07.01 21:56:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2008.09.19 21:46:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ableton
[2008.11.22 11:53:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Syncrosoft
[2009.03.20 18:28:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AraldFX
[2009.12.22 20:34:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.06.03 10:23:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eLicenser
[2010.12.05 08:47:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Native Instruments
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2005.11.02 16:48:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities
[2005.11.02 16:56:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Symantec
[2005.11.02 16:35:48 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2011.11.16 19:08:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
[2011.11.17 16:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2011.11.17 16:03:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2011.11.17 16:24:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386_backup\sp2.cab:AGP440.sys
[2008.08.18 20:28:20 | 023,898,261 | ---- | M] () .cab file -- C:\i386_backup\sp3.cab:AGP440.sys
[2004.08.04 05:00:00 | 018,782,319 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.08.18 20:28:20 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386_backup\sp2.cab:atapi.sys
[2008.08.18 20:28:20 | 023,898,261 | ---- | M] () .cab file -- C:\i386_backup\sp3.cab:atapi.sys
[2004.08.04 05:00:00 | 018,782,319 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.08.18 20:28:20 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 05:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 05:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:20 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:20 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 05:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:24 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:24 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 05:00:00 | 000,186,880 | -H-- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.03.08 17:36:30 | 000,579,072 | -H-- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007.03.08 17:48:40 | 000,579,584 | -H-- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:04 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:04 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 05:00:00 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 05:00:00 | 000,507,392 | -H-- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 05:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 05:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2005.11.02 16:35:10 | 000,425,984 | -H-- | M] () -- C:\WINDOWS\System32\config\system.sav
[2005.11.02 16:35:10 | 000,638,976 | -H-- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005.11.02 16:35:10 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\config\default.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<          >

< End of report >
--- --- ---

sid77 17.11.2011 22:12
Hier der OTL.txt
OTL Logfile:
Code:
OTL logfile created on: 17.11.2011 22:00:07 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,48 Mb Total Physical Memory | 358,72 Mb Available Physical Memory | 70,13% Memory free
2,47 Gb Paging File | 2,38 Gb Available in Paging File | 96,24% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 90,45 Gb Total Space | 27,02 Gb Free Space | 29,87% Space Free | Partition Type: FAT32
Drive D: | 90,94 Gb Total Space | 77,15 Gb Free Space | 84,84% Space Free | Partition Type: FAT32
Drive F: | 7,45 Gb Total Space | 7,24 Gb Free Space | 97,10% Space Free | Partition Type: FAT32
 
Computer Name: ACER-59DE6FF88D | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) --  File not found
SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (MA_CMIDI_InstallerService) -- C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech Webcam 200(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NvnUsbAudio) -- C:\WINDOWS\system32\drivers\nvnusbaudio.sys (Novation DMS Ltd.)
DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (BCMIDI) -- C:\WINDOWS\system32\drivers\bcmidi2.sys (Behringer Spezielle Studiotechnik GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (MA_CMIDI) -- C:\WINDOWS\system32\drivers\ma_cmidi.sys (M-Audio)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (BCR2000) B-Control Rotary/Fader 2000 (12/23/2004,1.1.1.1) -- C:\WINDOWS\system32\drivers\bcr2000.sys (Behringer Spezielle Studiotechnik GmbH)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DELTA) Service for Delta Driver (WDM) -- C:\WINDOWS\system32\drivers\delta.sys (Midiman/M-Audio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Acer.com Worldwide - Select your local country or region
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2008.07.02 19:52:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008.07.02 19:52:38 | 000,000,000 | ---D | M]
 
[2011.11.17 16:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2008.07.02 19:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.03.30 20:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.11.11 21:23:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.09.01 22:14:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.05 18:44:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2011.10.05 18:44:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.05 18:44:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.05 18:44:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.05 18:44:32 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.05 18:44:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
 
O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{118ED3F5-82A9-46D3-9F95-B90632F6892E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.11.02 16:54:30 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006.06.22 10:03:46 | 000,000,100 | -H-- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^CSCH1^Startmenü^Programme^Autostart^Logitech . Produktregistrierung.lnk - C:\Programme\Logitech\Logitech WebCam Software\eReg.exe - (Leader Technologies/Logitech)
MsConfig - StartUpReg: Eraser - hkey= - key= - C:\Programme\Eraser\Eraser.exe (The Eraser Project)
MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Programme\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= -  File not found
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: midi1 - C:\WINDOWS\System32\ma_cmidn.dll (M-Audio)
Drivers32: midi2 - C:\WINDOWS\System32\ma_cmidn.dll (M-Audio)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.17 21:59:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.11.17 16:29:21 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.11.17 16:26:06 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe
[2011.11.17 16:26:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
[2011.11.17 16:24:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
[2011.11.17 16:03:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2011.11.17 16:03:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.11.17 16:03:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.11.17 16:03:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.11.17 16:03:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.11.17 16:01:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2011.11.17 16:01:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2011.11.16 20:21:04 | 000,000,000 | -HSD | C] -- C:\FOUND.008
[2011.11.16 19:56:34 | 000,000,000 | -HSD | C] -- C:\FOUND.007
[2011.11.16 19:08:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Adobe
[2011.11.16 19:08:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
[2011.11.16 19:02:56 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2011.11.16 19:02:56 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Cookies
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Zubehör
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\SendTo
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Favoriten
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
[2011.11.16 19:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Vorlagen
[2011.11.16 19:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Symantec
[2011.11.16 19:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
[2011.11.16 19:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities
[2011.11.16 19:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
[2011.11.16 19:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop
[2011.11.16 19:02:55 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Musik
[2011.11.16 19:02:55 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
[2011.11.16 19:02:55 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Bilder
[2011.11.16 19:02:55 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2011.11.16 19:02:55 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.17 20:51:40 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.17 20:51:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.17 16:26:16 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe
[2011.11.17 16:03:40 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.17 15:30:08 | 000,000,684 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011.11.16 20:37:20 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011.11.16 20:02:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.11.16 15:30:44 | 000,001,324 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.11.15 19:43:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011.11.15 19:43:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011.10.30 08:20:00 | 000,235,960 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.17 16:03:38 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.16 20:08:26 | 000,000,684 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2011.11.16 19:02:57 | 000,001,507 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk
[2011.11.16 19:02:57 | 000,000,655 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Internet Explorer.lnk
[2011.11.16 19:02:57 | 000,000,626 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Outlook Express.lnk
[2011.08.18 15:42:28 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\InstFunc.exe
[2010.11.05 18:31:28 | 000,082,289 | RH-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010.09.22 12:34:51 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.06.03 10:23:10 | 000,000,041 | -H-- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2010.04.07 19:05:53 | 000,010,660 | -H-- | C] () -- C:\WINDOWS\hpdj3500.ini
[2009.12.22 20:33:55 | 000,007,168 | -H-- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.10.07 01:46:36 | 000,025,752 | -H-- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | -H-- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009.08.06 15:32:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.11.22 11:53:53 | 000,002,892 | -H-- | C] () -- C:\WINDOWS\System32\audcon.sys
[2008.11.22 11:53:41 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\Synsopos.exe
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibytr.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibsfh.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibrty.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibpop.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\ssliblww.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\solejttd.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\slibdd.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\slhpt.dll
[2008.05.05 14:39:49 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2008.05.05 14:39:49 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2008.01.20 13:34:12 | 000,000,522 | -H-- | C] () -- C:\WINDOWS\AN1xEdit.INI
[2007.12.12 19:54:43 | 000,000,035 | -H-- | C] () -- C:\WINDOWS\A4W.INI
[2007.12.12 19:54:13 | 000,001,279 | -H-- | C] () -- C:\WINDOWS\pstudio.ini
[2007.12.12 19:54:13 | 000,000,011 | -H-- | C] () -- C:\WINDOWS\album.ini
[2007.11.25 15:17:30 | 000,000,697 | -H-- | C] () -- C:\WINDOWS\Sam9_D.INI
[2007.11.25 15:07:03 | 000,120,200 | -H-- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2007.11.25 15:06:17 | 000,006,768 | -H-- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007.11.19 20:15:27 | 000,000,305 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.05.19 14:23:12 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007.05.19 14:23:12 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007.05.19 14:23:12 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007.05.19 14:23:12 | 000,000,342 | -H-- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007.05.19 14:23:12 | 000,000,073 | -H-- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007.05.18 17:38:30 | 000,000,167 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2007.04.19 14:12:07 | 000,000,187 | -H-- | C] () -- C:\WINDOWS\OPHC.INI
[2006.09.12 09:42:28 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\Missing.ini
[2006.08.04 13:10:22 | 000,000,253 | -H-- | C] () -- C:\WINDOWS\tm.ini
[2006.08.01 16:18:53 | 000,000,409 | -H-- | C] () -- C:\WINDOWS\cmbtll.ini
[2006.08.01 16:18:53 | 000,000,185 | -H-- | C] () -- C:\WINDOWS\cmbtctl.ini
[2006.08.01 16:18:43 | 000,000,124 | -H-- | C] () -- C:\WINDOWS\combit.ini
[2006.08.01 16:18:43 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\VISKARTE.INI
[2006.07.18 12:47:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2006.07.18 12:47:34 | 000,003,020 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2006.07.05 17:40:08 | 000,000,914 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.06.28 11:19:56 | 000,210,944 | -H-- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006.06.27 13:11:59 | 000,000,052 | -H-- | C] () -- C:\WINDOWS\Relax.ini
[2006.06.26 16:47:12 | 000,000,155 | -H-- | C] () -- C:\WINDOWS\imagewiz.ini
[2006.06.22 11:24:01 | 000,073,216 | -H-- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2006.06.01 12:38:02 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006.06.01 11:46:29 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2006.05.17 22:28:14 | 000,016,031 | -H-- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2006.01.05 20:23:29 | 000,104,373 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005.11.02 17:40:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.11.02 17:40:38 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2005.11.02 17:25:14 | 000,235,960 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.11.02 17:00:04 | 000,464,256 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2005.11.02 17:00:04 | 000,445,792 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005.11.02 17:00:04 | 000,086,638 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2005.11.02 17:00:04 | 000,072,998 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005.11.02 16:54:52 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005.11.02 16:41:20 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.11.02 16:40:12 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005.10.19 16:12:06 | 000,000,083 | -H-- | C] () -- C:\WINDOWS\ALaunch.ini
[2005.07.15 09:48:00 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005.07.13 03:05:38 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005.07.12 14:44:42 | 000,015,872 | -H-- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005.02.03 11:11:40 | 000,008,073 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004.09.07 07:23:00 | 000,156,672 | -H-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004.08.04 05:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 05:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 05:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 05:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 05:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 05:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 05:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 05:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 05:00:00 | 000,003,776 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.04 05:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.04 05:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.03.23 16:38:00 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003.11.26 16:10:18 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis741.bin
[2003.11.26 16:10:12 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis760.bin
[2003.03.14 12:24:00 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2003.02.20 17:53:42 | 000,005,702 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.09.18 00:45:00 | 000,119,808 | -H-- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002.05.24 17:34:46 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\AMove.exe
[2001.12.26 16:12:30 | 000,065,536 | RH-- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | RH-- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.08.26 17:04:08 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.26 17:02:42 | 000,004,524 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.07.30 16:33:56 | 000,118,784 | RH-- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | RH-- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2000.08.22 23:58:54 | 000,058,928 | -H-- | C] () -- C:\WINDOWS\System32\crnsnmp.dll
 
========== LOP Check ==========
 
[2008.02.06 10:35:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
[2008.07.01 21:56:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2008.09.19 21:46:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ableton
[2008.11.22 11:53:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Syncrosoft
[2009.03.20 18:28:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AraldFX
[2009.12.22 20:34:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.06.03 10:23:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eLicenser
[2010.12.05 08:47:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Native Instruments
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2005.11.02 16:48:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities
[2005.11.02 16:56:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Symantec
[2005.11.02 16:35:48 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2011.11.16 19:08:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
[2011.11.17 16:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2011.11.17 16:03:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2011.11.17 16:24:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386_backup\sp2.cab:AGP440.sys
[2008.08.18 20:28:20 | 023,898,261 | ---- | M] () .cab file -- C:\i386_backup\sp3.cab:AGP440.sys
[2004.08.04 05:00:00 | 018,782,319 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.08.18 20:28:20 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386_backup\sp2.cab:atapi.sys
[2008.08.18 20:28:20 | 023,898,261 | ---- | M] () .cab file -- C:\i386_backup\sp3.cab:atapi.sys
[2004.08.04 05:00:00 | 018,782,319 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.08.18 20:28:20 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 05:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 05:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:20 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:20 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 05:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:24 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:24 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 05:00:00 | 000,186,880 | -H-- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.03.08 17:36:30 | 000,579,072 | -H-- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007.03.08 17:48:40 | 000,579,584 | -H-- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:04 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:04 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 05:00:00 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 05:00:00 | 000,507,392 | -H-- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 05:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 05:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2005.11.02 16:35:10 | 000,425,984 | -H-- | M] () -- C:\WINDOWS\System32\config\system.sav
[2005.11.02 16:35:10 | 000,638,976 | -H-- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005.11.02 16:35:10 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\config\default.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<          >

< End of report >
--- --- ---

cosinus 17.11.2011 22:28
Partitionen nach NTFS konvertieren:
1) Start, Ausführen, cmd eintippen und ok
2) Befehl convert d: /fs:ntfs eintippen bestätigen mit Return oder Enter
3) Die aktuelle Bezeichnung von D: eintippen (siehst Du im Arbeitsplatz auf D:, wenn "Lokaler Datenträger" da nur steht, hat D: keine Bezeichnung also nichts eintippen bei aktueller Laufwerksbezeichnung) - notfalls einen einfachen Namen für diese Partition vergeben im Arbeitsplatz über Rechtsklick=>Eigenschaften
4) Ggf. Bestätigen, dass das Laufwerk für den exklusiven Zugriff gesperrt werden muss mit J
5) Abwarten bis convert durch ist
Danach kommt C: dran
6) Befehl convert c: /fs:ntfs eintippen bestätigen mit Return oder Enter
7) Die aktuelle Bezeichnung von C: eintippen (siehst Du im Arbeitsplatz auf C:, wenn "Lokaler Datenträger" da nur steht, hat C: keine Bezeichnung also nichts eintippen bei aktueller Laufwerksbezeichnung)
8) Hinweis, dass das Laufwerk beim nächsten Windows-Start konvertiert werden soll mit J bestätigen und Windows neustarten lassen, geduldig sein!

sid77 18.11.2011 06:17
Soweit alles erledigt. Dateien sind allerdings nach wie vor versteckt.
Gruß

cosinus 18.11.2011 11:33
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

sid77 18.11.2011 17:12
MWB LogFile (aktuell):
Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8188

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

18.11.2011 16:58:41
mbam-log-2011-11-18 (16-58-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 328589
Laufzeit: 21 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Alte MWB LogFile:
Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8183

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

17.11.2011 18:04:33
mbam-log-2011-11-17 (18-04-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 328437
Laufzeit: 19 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\system volume information\_restore{6a64d557-bc92-46f9-a643-a8b63c17348b}\RP1499\A0202559.exe (Trojan.FakeAlert) -> No action taken.

OTL Logfile:
Code:
OTL logfile created on: 18.11.2011 17:02:24 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,48 Mb Total Physical Memory | 309,83 Mb Available Physical Memory | 60,57% Memory free
2,47 Gb Paging File | 2,39 Gb Available in Paging File | 96,91% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 90,47 Gb Total Space | 32,96 Gb Free Space | 36,43% Space Free | Partition Type: NTFS
Drive D: | 90,96 Gb Total Space | 77,13 Gb Free Space | 84,80% Space Free | Partition Type: NTFS
Drive F: | 7,45 Gb Total Space | 7,24 Gb Free Space | 97,10% Space Free | Partition Type: FAT32
 
Computer Name: ACER-59DE6FF88D | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) --  File not found
SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (MA_CMIDI_InstallerService) -- C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech Webcam 200(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NvnUsbAudio) -- C:\WINDOWS\system32\drivers\nvnusbaudio.sys (Novation DMS Ltd.)
DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (BCMIDI) -- C:\WINDOWS\system32\drivers\bcmidi2.sys (Behringer Spezielle Studiotechnik GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (MA_CMIDI) -- C:\WINDOWS\system32\drivers\ma_cmidi.sys (M-Audio)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (BCR2000) B-Control Rotary/Fader 2000 (12/23/2004,1.1.1.1) -- C:\WINDOWS\system32\drivers\bcr2000.sys (Behringer Spezielle Studiotechnik GmbH)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DELTA) Service for Delta Driver (WDM) -- C:\WINDOWS\system32\drivers\delta.sys (Midiman/M-Audio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Acer.com Worldwide - Select your local country or region
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2008.07.02 19:52:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008.07.02 19:52:38 | 000,000,000 | ---D | M]
 
[2011.11.17 16:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2008.07.02 19:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.03.30 20:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.11.11 21:23:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.09.01 22:14:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.05 18:44:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.05 18:44:32 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.05 18:44:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.05 18:44:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.05 18:44:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.05 18:44:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{118ED3F5-82A9-46D3-9F95-B90632F6892E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.11.02 16:54:30 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.06.22 10:03:46 | 000,000,100 | -H-- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^CSCH1^Startmenü^Programme^Autostart^Logitech . Produktregistrierung.lnk - C:\Programme\Logitech\Logitech WebCam Software\eReg.exe - (Leader Technologies/Logitech)
MsConfig - StartUpReg: Eraser - hkey= - key= - C:\Programme\Eraser\Eraser.exe (The Eraser Project)
MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Programme\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= -  File not found
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: midi1 - C:\WINDOWS\System32\ma_cmidn.dll (M-Audio)
Drivers32: midi2 - C:\WINDOWS\System32\ma_cmidn.dll (M-Audio)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.17 21:59:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.11.17 16:29:21 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.11.17 16:26:06 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe
[2011.11.17 16:26:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
[2011.11.17 16:24:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
[2011.11.17 16:03:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2011.11.17 16:03:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.11.17 16:03:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.11.17 16:03:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.11.17 16:03:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.11.17 16:01:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2011.11.17 16:01:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2011.11.16 20:21:04 | 000,000,000 | -HSD | C] -- C:\FOUND.008
[2011.11.16 19:56:34 | 000,000,000 | -HSD | C] -- C:\FOUND.007
[2011.11.16 19:08:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Adobe
[2011.11.16 19:08:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
[2011.11.16 19:02:56 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2011.11.16 19:02:56 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Cookies
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Zubehör
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\SendTo
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Favoriten
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart
[2011.11.16 19:02:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
[2011.11.16 19:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Vorlagen
[2011.11.16 19:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Symantec
[2011.11.16 19:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
[2011.11.16 19:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities
[2011.11.16 19:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
[2011.11.16 19:02:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop
[2011.11.16 19:02:55 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Musik
[2011.11.16 19:02:55 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
[2011.11.16 19:02:55 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Bilder
[2011.11.16 19:02:55 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2011.11.16 19:02:55 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.18 16:35:46 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.18 16:35:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.17 23:34:29 | 000,000,682 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011.11.17 16:26:16 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Administrator\Desktop\esetsmartinstaller_enu.exe
[2011.11.17 16:03:40 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.16 20:37:20 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011.11.16 20:02:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.11.16 15:30:44 | 000,001,324 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.11.15 19:43:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011.11.15 19:43:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011.10.30 08:20:00 | 000,235,960 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.17 16:03:38 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.16 20:08:26 | 000,000,682 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2011.11.16 19:02:57 | 000,001,507 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk
[2011.11.16 19:02:57 | 000,000,655 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Internet Explorer.lnk
[2011.11.16 19:02:57 | 000,000,626 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Outlook Express.lnk
[2011.08.18 15:42:28 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\InstFunc.exe
[2010.11.05 18:31:28 | 000,082,289 | RH-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010.09.22 12:34:51 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.06.03 10:23:10 | 000,000,041 | -H-- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2010.04.07 19:05:53 | 000,010,660 | -H-- | C] () -- C:\WINDOWS\hpdj3500.ini
[2009.12.22 20:33:55 | 000,007,168 | -H-- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.10.07 01:46:36 | 000,025,752 | -H-- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | -H-- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009.08.06 15:32:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.11.22 11:53:53 | 000,002,892 | -H-- | C] () -- C:\WINDOWS\System32\audcon.sys
[2008.11.22 11:53:41 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\Synsopos.exe
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibytr.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibsfh.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibrty.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibpop.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\ssliblww.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\solejttd.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\slibdd.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\slhpt.dll
[2008.05.05 14:39:49 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2008.05.05 14:39:49 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2008.01.20 13:34:12 | 000,000,522 | -H-- | C] () -- C:\WINDOWS\AN1xEdit.INI
[2007.12.12 19:54:43 | 000,000,035 | -H-- | C] () -- C:\WINDOWS\A4W.INI
[2007.12.12 19:54:13 | 000,001,279 | -H-- | C] () -- C:\WINDOWS\pstudio.ini
[2007.12.12 19:54:13 | 000,000,011 | -H-- | C] () -- C:\WINDOWS\album.ini
[2007.11.25 15:17:30 | 000,000,697 | -H-- | C] () -- C:\WINDOWS\Sam9_D.INI
[2007.11.25 15:07:03 | 000,120,200 | -H-- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2007.11.25 15:06:17 | 000,006,768 | -H-- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007.11.19 20:15:27 | 000,000,305 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.05.19 14:23:12 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007.05.19 14:23:12 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007.05.19 14:23:12 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007.05.19 14:23:12 | 000,000,342 | -H-- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007.05.19 14:23:12 | 000,000,073 | -H-- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007.05.18 17:38:30 | 000,000,167 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2007.04.19 14:12:07 | 000,000,187 | -H-- | C] () -- C:\WINDOWS\OPHC.INI
[2006.09.12 09:42:28 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\Missing.ini
[2006.08.04 13:10:22 | 000,000,253 | -H-- | C] () -- C:\WINDOWS\tm.ini
[2006.08.01 16:18:53 | 000,000,409 | -H-- | C] () -- C:\WINDOWS\cmbtll.ini
[2006.08.01 16:18:53 | 000,000,185 | -H-- | C] () -- C:\WINDOWS\cmbtctl.ini
[2006.08.01 16:18:43 | 000,000,124 | -H-- | C] () -- C:\WINDOWS\combit.ini
[2006.08.01 16:18:43 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\VISKARTE.INI
[2006.07.18 12:47:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2006.07.18 12:47:34 | 000,003,020 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2006.07.05 17:40:08 | 000,000,914 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.06.28 11:19:56 | 000,210,944 | -H-- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006.06.27 13:11:59 | 000,000,052 | -H-- | C] () -- C:\WINDOWS\Relax.ini
[2006.06.26 16:47:12 | 000,000,155 | -H-- | C] () -- C:\WINDOWS\imagewiz.ini
[2006.06.22 11:24:01 | 000,073,216 | -H-- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2006.06.01 12:38:02 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006.06.01 11:46:29 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2006.05.17 22:28:14 | 000,016,031 | -H-- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2006.01.05 20:23:29 | 000,104,373 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005.11.02 17:40:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.11.02 17:40:38 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2005.11.02 17:25:14 | 000,235,960 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.11.02 17:00:04 | 000,464,256 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2005.11.02 17:00:04 | 000,445,792 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005.11.02 17:00:04 | 000,086,638 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2005.11.02 17:00:04 | 000,072,998 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005.11.02 16:54:52 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005.11.02 16:41:20 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.11.02 16:40:12 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005.10.19 16:12:06 | 000,000,083 | -H-- | C] () -- C:\WINDOWS\ALaunch.ini
[2005.07.15 09:48:00 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005.07.13 03:05:38 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005.07.12 14:44:42 | 000,015,872 | -H-- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005.02.03 11:11:40 | 000,008,073 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004.09.07 07:23:00 | 000,156,672 | -H-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004.08.04 05:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 05:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 05:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 05:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 05:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 05:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 05:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 05:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 05:00:00 | 000,003,776 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.04 05:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.04 05:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.03.23 16:38:00 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003.11.26 16:10:18 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis741.bin
[2003.11.26 16:10:12 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis760.bin
[2003.03.14 12:24:00 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2003.02.20 17:53:42 | 000,005,702 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.09.18 00:45:00 | 000,119,808 | -H-- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002.05.24 17:34:46 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\AMove.exe
[2001.12.26 16:12:30 | 000,065,536 | RH-- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | RH-- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.08.26 17:04:08 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.26 17:02:42 | 000,004,524 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.07.30 16:33:56 | 000,118,784 | RH-- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | RH-- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2000.08.22 23:58:54 | 000,058,928 | -H-- | C] () -- C:\WINDOWS\System32\crnsnmp.dll
 
========== LOP Check ==========
 
[2008.09.19 21:46:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ableton
[2009.03.20 18:28:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AraldFX
[2009.12.22 20:34:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.06.03 10:23:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eLicenser
[2008.07.01 21:56:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010.12.05 08:47:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Native Instruments
[2008.11.22 11:53:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Syncrosoft
[2008.02.06 10:35:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.16 19:08:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
[2005.11.02 16:48:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities
[2011.11.17 16:24:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
[2011.11.17 16:03:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2005.11.02 16:35:48 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2011.11.17 16:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2005.11.02 16:56:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Symantec
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386_backup\sp2.cab:AGP440.sys
[2008.08.18 20:28:20 | 023,898,261 | ---- | M] () .cab file -- C:\i386_backup\sp3.cab:AGP440.sys
[2004.08.04 05:00:00 | 018,782,319 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.08.18 20:28:20 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386_backup\sp2.cab:atapi.sys
[2008.08.18 20:28:20 | 023,898,261 | ---- | M] () .cab file -- C:\i386_backup\sp3.cab:atapi.sys
[2004.08.04 05:00:00 | 018,782,319 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.08.18 20:28:20 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 05:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 05:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:20 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:20 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 05:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:24 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:24 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 05:00:00 | 000,186,880 | -H-- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.03.08 17:36:30 | 000,579,072 | -H-- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007.03.08 17:48:40 | 000,579,584 | -H-- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:04 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:04 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 05:00:00 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 05:00:00 | 000,507,392 | -H-- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 05:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 05:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2005.11.02 16:35:10 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005.11.02 16:35:10 | 000,638,976 | -H-- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005.11.02 16:35:10 | 000,425,984 | -H-- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >
--- --- ---


alles im abgesicherten Modus erstellt, falls das ne Rolle spielen sollte.
Danke & Gruß

cosinus 18.11.2011 18:19
Sry ich hab mich irgendwie mit meinem Anleitungsbaustein versehen :stirn:
Statt OTL solltest du erstmal ESET ausführen:



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


sid77 18.11.2011 18:36
alles klar, ESET-scan läuft :)
danke & gruß

sid77 18.11.2011 19:35
ESET LogFile:
Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=21d1aa7495520b4d87acc338c75f4377
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-17 04:32:45
# local_time=2011-11-17 05:32:45 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775126 100 100 520482 97055742 86521 0
# compatibility_mode=8192 67108863 100 0 3874 3874 0 0
# scanned=160206
# found=2
# cleaned=0
# scan_time=3533
C:\Programme\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll probably a variant of Win32/Delf.LQXDKYX trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6A64D557-BC92-46F9-A643-A8B63C17348B}\RP1499\A0202559.exe Win32/TrojanDownloader.Prodatect.BK trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=21d1aa7495520b4d87acc338c75f4377
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-18 06:27:01
# local_time=2011-11-18 07:27:01 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775126 100 100 613876 97149136 179915 0
# compatibility_mode=8192 67108863 100 0 97268 97268 0 0
# scanned=153313
# found=1
# cleaned=0
# scan_time=3394
C:\Programme\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll probably a variant of Win32/Delf.LQXDKYX trojan (unable to clean) 00000000000000000000000000000000 I

cosinus 18.11.2011 21:16
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.11.02 16:54:30 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.06.22 10:03:46 | 000,000,100 | -H-- | M] () - D:\AUTORUN.INF -- [ NTFS ]
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

sid77 18.11.2011 21:47
hier der OTL-Fix
Zitat:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
D:\AUTORUN.INF moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->FireFox cache emptied: 39471988 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: CSCH1
->Temp folder emptied: 27148 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39472709 bytes
->Flash cache emptied: 5790 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34702 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 76,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11182011_213920

Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\OPQZ4DEB\%253Dv8%2F3b47%2F3%2F0%2F%252a%2Fl%253B242303740%253B0-0%253B1%253B26441059%253B4-234%2F60%253B42239439%2F42257226%2F1%253B%253B%257Eaopt%253D2%2F1%2F22%2F2%253B%257Esscs%253D%253f not found!
File\Folder C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\D6Z443IY\%253Dv8%2F3b3c%2F3%2F0%2F%252a%2Fl%253B242303740%253B0-0%253B1%253B26441059%253B4-234%2F60%253B42239439%2F42257226%2F1%253B%253B%257Eaopt%253D2%2F1%2F22%2F2%253B%257Esscs%253D%253f not found!
File\Folder C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\9NRZIBHO\%253Dv8%2F3b41%2F3%2F0%2F%252a%2Fl%253B242303740%253B0-0%253B1%253B26441059%253B4-234%2F60%253B42239439%2F42257226%2F1%253B%253B%257Eaopt%253D2%2F1%2F22%2F2%253B%257Esscs%253D%253f not found!
File\Folder C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\60NWRJ9I\%253Dv8%2F3b41%2F3%2F0%2F%252a%2Fl%253B242303740%253B0-0%253B1%253B26441059%253B4-234%2F60%253B42239439%2F42257226%2F1%253B%253B%257Eaopt%253D2%2F1%2F22%2F2%253B%257Esscs%253D%253f not found!
File\Folder C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\4ZDNKRLH\%253Dv8%2F3b43%2F3%2F0%2F%252a%2Fl%253B242303740%253B0-0%253B1%253B26441059%253B4-234%2F60%253B42239439%2F42257226%2F1%253B%253B%257Eaopt%253D2%2F1%2F22%2F2%253B%257Esscs%253D%253f not found!
File\Folder C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\0TMF8JW3\%253Dv8%2F3b41%2F3%2F0%2F%252a%2Fl%253B242303740%253B0-0%253B1%253B26441059%253B4-234%2F60%253B42239439%2F42257226%2F1%253B%253B%257Eaopt%253D2%2F1%2F22%2F2%253B%257Esscs%253D%253f not found!
File\Folder C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\0P2JO52J\%253Dv8%2F3b3b%2F3%2F0%2F%252a%2Fl%253B242303740%253B0-0%253B1%253B26441059%253B4-234%2F60%253B42239439%2F42257226%2F1%253B%253B%257Eaopt%253D2%2F1%2F22%2F2%253B%257Esscs%253D%253f not found!

Registry entries deleted on Reboot...

sid77 20.11.2011 08:54
Ist der Rechner nun wieder sauber?
Danke & Gruß

cosinus 20.11.2011 12:57
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

sid77 20.11.2011 13:15
hier das log:
Zitat:
13:08:21.0734 1040 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
13:08:21.0968 1040 ============================================================
13:08:21.0968 1040 Current date / time: 2011/11/20 13:08:21.0968
13:08:21.0968 1040 SystemInfo:
13:08:21.0968 1040
13:08:21.0968 1040 OS Version: 5.1.2600 ServicePack: 3.0
13:08:21.0968 1040 Product type: Workstation
13:08:21.0968 1040 ComputerName: ACER-59DE6FF88D
13:08:21.0968 1040 UserName: Administrator
13:08:21.0968 1040 Windows directory: C:\WINDOWS
13:08:21.0968 1040 System windows directory: C:\WINDOWS
13:08:21.0968 1040 Processor architecture: Intel x86
13:08:21.0968 1040 Number of processors: 1
13:08:21.0968 1040 Page size: 0x1000
13:08:21.0968 1040 Boot type: Safe boot with network
13:08:21.0968 1040 ============================================================
13:08:26.0250 1040 Initialize success
13:09:38.0031 1176 ============================================================
13:09:38.0031 1176 Scan started
13:09:38.0031 1176 Mode: Manual; SigCheck; TDLFS;
13:09:38.0031 1176 ============================================================
13:09:39.0640 1176 Abiosdsk - ok
13:09:39.0718 1176 abp480n5 - ok
13:09:39.0781 1176 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:09:41.0468 1176 ACPI - ok
13:09:41.0593 1176 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:09:41.0765 1176 ACPIEC - ok
13:09:41.0812 1176 adpu160m - ok
13:09:41.0890 1176 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:09:42.0062 1176 aec - ok
13:09:42.0109 1176 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:09:42.0171 1176 AFD - ok
13:09:42.0218 1176 Aha154x - ok
13:09:42.0265 1176 aic78u2 - ok
13:09:42.0312 1176 aic78xx - ok
13:09:42.0484 1176 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:09:42.0781 1176 ALCXWDM - ok
13:09:42.0921 1176 AliIde - ok
13:09:42.0968 1176 amsint - ok
13:09:43.0093 1176 asc - ok
13:09:43.0156 1176 asc3350p - ok
13:09:43.0187 1176 asc3550 - ok
13:09:43.0343 1176 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:09:43.0500 1176 AsyncMac - ok
13:09:43.0593 1176 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:09:43.0750 1176 atapi - ok
13:09:43.0828 1176 Atdisk - ok
13:09:43.0921 1176 ati2mtag (1bc00580219007683339b3a78b8f2232) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:09:44.0031 1176 ati2mtag - ok
13:09:44.0187 1176 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:09:44.0359 1176 Atmarpc - ok
13:09:44.0437 1176 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:09:44.0609 1176 audstub - ok
13:09:44.0734 1176 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
13:09:44.0765 1176 avgio - ok
13:09:44.0906 1176 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:09:44.0953 1176 avgntflt - ok
13:09:45.0015 1176 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:09:45.0031 1176 avipbb - ok
13:09:45.0156 1176 BCMIDI (c2f56b680c4207521630c013e0ece002) C:\WINDOWS\system32\Drivers\bcmidi2.sys
13:09:45.0187 1176 BCMIDI ( UnsignedFile.Multi.Generic ) - warning
13:09:45.0187 1176 BCMIDI - detected UnsignedFile.Multi.Generic (1)
13:09:45.0312 1176 BCR2000 (1c2b385adebde32d5f7c13cb2c608817) C:\WINDOWS\system32\drivers\bcr2000.sys
13:09:45.0343 1176 BCR2000 ( UnsignedFile.Multi.Generic ) - warning
13:09:45.0343 1176 BCR2000 - detected UnsignedFile.Multi.Generic (1)
13:09:45.0406 1176 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:09:45.0578 1176 Beep - ok
13:09:45.0734 1176 BLKWGU(Belkin) (ed910b63a75863a89aab65f2763d5b71) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
13:09:45.0796 1176 BLKWGU(Belkin) - ok
13:09:45.0906 1176 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:09:46.0093 1176 cbidf2k - ok
13:09:46.0218 1176 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:09:46.0359 1176 CCDECODE - ok
13:09:46.0421 1176 cd20xrnt - ok
13:09:46.0484 1176 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:09:46.0656 1176 Cdaudio - ok
13:09:46.0750 1176 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:09:46.0906 1176 Cdfs - ok
13:09:46.0968 1176 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:09:47.0125 1176 Cdrom - ok
13:09:47.0171 1176 Changer - ok
13:09:47.0265 1176 CmdIde - ok
13:09:47.0359 1176 Cpqarray - ok
13:09:47.0421 1176 dac2w2k - ok
13:09:47.0468 1176 dac960nt - ok
13:09:47.0546 1176 DELTA (fff42aca78b2e6369f98c8c672375e0a) C:\WINDOWS\system32\DRIVERS\delta.sys
13:09:47.0593 1176 DELTA ( UnsignedFile.Multi.Generic ) - warning
13:09:47.0593 1176 DELTA - detected UnsignedFile.Multi.Generic (1)
13:09:47.0671 1176 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:09:47.0812 1176 Disk - ok
13:09:47.0906 1176 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:09:48.0109 1176 dmboot - ok
13:09:48.0171 1176 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:09:48.0328 1176 dmio - ok
13:09:48.0390 1176 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:09:48.0562 1176 dmload - ok
13:09:48.0625 1176 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:09:48.0781 1176 DMusic - ok
13:09:48.0937 1176 dpti2o - ok
13:09:49.0000 1176 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:09:49.0156 1176 drmkaud - ok
13:09:49.0359 1176 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:09:49.0500 1176 Fastfat - ok
13:09:49.0656 1176 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:09:49.0812 1176 Fdc - ok
13:09:49.0953 1176 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
13:09:49.0968 1176 FilterService - ok
13:09:50.0015 1176 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:09:50.0187 1176 Fips - ok
13:09:50.0265 1176 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:09:50.0421 1176 Flpydisk - ok
13:09:50.0484 1176 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:09:50.0656 1176 FltMgr - ok
13:09:50.0781 1176 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:09:50.0968 1176 Fs_Rec - ok
13:09:51.0015 1176 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:09:51.0218 1176 Ftdisk - ok
13:09:51.0328 1176 gbxavs - ok
13:09:51.0390 1176 gbxusb - ok
13:09:51.0453 1176 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:09:51.0593 1176 Gpc - ok
13:09:51.0703 1176 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:09:51.0859 1176 hidusb - ok
13:09:51.0984 1176 hpn - ok
13:09:52.0046 1176 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:09:52.0125 1176 HTTP - ok
13:09:52.0250 1176 i2omgmt - ok
13:09:52.0296 1176 i2omp - ok
13:09:52.0343 1176 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:09:52.0515 1176 i8042prt - ok
13:09:52.0640 1176 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:09:52.0812 1176 Imapi - ok
13:09:52.0890 1176 ini910u - ok
13:09:52.0953 1176 IntelIde - ok
13:09:53.0015 1176 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:09:53.0156 1176 intelppm - ok
13:09:53.0234 1176 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:09:53.0375 1176 Ip6Fw - ok
13:09:53.0484 1176 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:09:53.0656 1176 IpFilterDriver - ok
13:09:53.0765 1176 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:09:53.0906 1176 IpInIp - ok
13:09:53.0968 1176 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:09:54.0140 1176 IpNat - ok
13:09:54.0265 1176 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:09:54.0406 1176 IPSec - ok
13:09:54.0531 1176 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:09:54.0671 1176 IRENUM - ok
13:09:54.0812 1176 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:09:54.0953 1176 isapnp - ok
13:09:55.0109 1176 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:09:55.0250 1176 Kbdclass - ok
13:09:55.0328 1176 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:09:55.0468 1176 kbdhid - ok
13:09:55.0531 1176 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:09:55.0703 1176 kmixer - ok
13:09:55.0765 1176 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:09:55.0828 1176 KSecDD - ok
13:09:55.0906 1176 lbrtfdc - ok
13:09:56.0046 1176 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
13:09:56.0062 1176 lvpopflt - ok
13:09:56.0125 1176 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
13:09:56.0140 1176 LVPr2Mon - ok
13:09:56.0250 1176 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
13:09:56.0281 1176 LVRS - ok
13:09:56.0562 1176 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
13:09:56.0906 1176 LVUVC - ok
13:09:57.0015 1176 ma763008 - ok
13:09:57.0062 1176 MADFU008 - ok
13:09:57.0140 1176 MA_CMIDI (68226ac1f255711ef87c8d03418148d5) C:\WINDOWS\system32\drivers\ma_cmidi.sys
13:09:57.0156 1176 MA_CMIDI ( UnsignedFile.Multi.Generic ) - warning
13:09:57.0156 1176 MA_CMIDI - detected UnsignedFile.Multi.Generic (1)
13:09:57.0312 1176 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:09:57.0468 1176 mnmdd - ok
13:09:57.0578 1176 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:09:57.0718 1176 Modem - ok
13:09:57.0843 1176 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:09:57.0984 1176 Mouclass - ok
13:09:58.0078 1176 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:09:58.0250 1176 mouhid - ok
13:09:58.0375 1176 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:09:58.0515 1176 MountMgr - ok
13:09:58.0625 1176 mraid35x - ok
13:09:58.0703 1176 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:09:58.0843 1176 MRxDAV - ok
13:09:59.0000 1176 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:09:59.0078 1176 MRxSmb - ok
13:09:59.0250 1176 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:09:59.0390 1176 Msfs - ok
13:09:59.0546 1176 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:09:59.0687 1176 MSKSSRV - ok
13:09:59.0765 1176 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:09:59.0921 1176 MSPCLOCK - ok
13:09:59.0984 1176 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:10:00.0125 1176 MSPQM - ok
13:10:00.0187 1176 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:10:00.0328 1176 mssmbios - ok
13:10:00.0390 1176 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:10:00.0531 1176 MSTEE - ok
13:10:00.0609 1176 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:10:00.0671 1176 Mup - ok
13:10:00.0796 1176 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:10:00.0937 1176 NABTSFEC - ok
13:10:01.0093 1176 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:10:01.0265 1176 NDIS - ok
13:10:01.0406 1176 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:10:01.0531 1176 NdisIP - ok
13:10:01.0593 1176 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:10:01.0671 1176 NdisTapi - ok
13:10:01.0796 1176 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:10:01.0968 1176 Ndisuio - ok
13:10:02.0078 1176 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:10:02.0234 1176 NdisWan - ok
13:10:02.0359 1176 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:10:02.0437 1176 NDProxy - ok
13:10:02.0531 1176 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:10:02.0687 1176 NetBIOS - ok
13:10:02.0828 1176 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:10:02.0984 1176 NetBT - ok
13:10:03.0281 1176 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:10:03.0421 1176 Npfs - ok
13:10:03.0515 1176 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:10:03.0687 1176 Ntfs - ok
13:10:03.0812 1176 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
13:10:03.0843 1176 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
13:10:03.0843 1176 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
13:10:03.0937 1176 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:10:04.0140 1176 Null - ok
13:10:04.0203 1176 NvnUsbAudio (ad4f1fd6dc06ea3928a21d5d72c0761f) C:\WINDOWS\system32\drivers\nvnusbaudio.sys
13:10:04.0218 1176 NvnUsbAudio ( UnsignedFile.Multi.Generic ) - warning
13:10:04.0218 1176 NvnUsbAudio - detected UnsignedFile.Multi.Generic (1)
13:10:04.0281 1176 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:10:04.0468 1176 NwlnkFlt - ok
13:10:04.0531 1176 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:10:04.0718 1176 NwlnkFwd - ok
13:10:04.0890 1176 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:10:05.0031 1176 Parport - ok
13:10:05.0109 1176 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:10:05.0234 1176 PartMgr - ok
13:10:05.0296 1176 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:10:05.0484 1176 ParVdm - ok
13:10:05.0546 1176 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:10:05.0718 1176 PCI - ok
13:10:05.0750 1176 PCIDump - ok
13:10:05.0796 1176 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:10:05.0968 1176 PCIIde - ok
13:10:06.0031 1176 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:10:06.0203 1176 Pcmcia - ok
13:10:06.0250 1176 PDCOMP - ok
13:10:06.0281 1176 PDFRAME - ok
13:10:06.0328 1176 PDRELI - ok
13:10:06.0390 1176 PDRFRAME - ok
13:10:06.0421 1176 perc2 - ok
13:10:06.0468 1176 perc2hib - ok
13:10:06.0640 1176 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:10:06.0781 1176 PptpMiniport - ok
13:10:06.0843 1176 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:10:07.0000 1176 PSched - ok
13:10:07.0046 1176 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:10:07.0250 1176 Ptilink - ok
13:10:07.0296 1176 ql1080 - ok
13:10:07.0328 1176 Ql10wnt - ok
13:10:07.0375 1176 ql12160 - ok
13:10:07.0421 1176 ql1240 - ok
13:10:07.0484 1176 ql1280 - ok
13:10:07.0546 1176 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:10:07.0687 1176 RasAcd - ok
13:10:07.0781 1176 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:10:07.0921 1176 Rasl2tp - ok
13:10:08.0000 1176 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:10:08.0125 1176 RasPppoe - ok
13:10:08.0187 1176 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:10:08.0359 1176 Raspti - ok
13:10:08.0406 1176 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:10:08.0562 1176 Rdbss - ok
13:10:08.0625 1176 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:10:08.0812 1176 RDPCDD - ok
13:10:08.0890 1176 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:10:08.0937 1176 RDPWD - ok
13:10:09.0031 1176 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:10:09.0171 1176 redbook - ok
13:10:09.0328 1176 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
13:10:09.0484 1176 ROOTMODEM - ok
13:10:09.0687 1176 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:10:09.0843 1176 Secdrv - ok
13:10:09.0953 1176 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:10:10.0109 1176 serenum - ok
13:10:10.0171 1176 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:10:10.0312 1176 Serial - ok
13:10:10.0484 1176 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:10:10.0640 1176 Sfloppy - ok
13:10:10.0718 1176 Simbad - ok
13:10:10.0796 1176 SiS315 (e3cf27c168a97018c9f9c7ecc335a761) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
13:10:10.0890 1176 SiS315 - ok
13:10:11.0015 1176 SiSkp (e14435cf5d555bdc2f35097e403b79c5) C:\WINDOWS\system32\DRIVERS\srvkp.sys
13:10:11.0046 1176 SiSkp - ok
13:10:11.0109 1176 SISNIC (8204c49cde112f7b9c2f15707fe2cc5a) C:\WINDOWS\system32\DRIVERS\sisnic.sys
13:10:11.0171 1176 SISNIC - ok
13:10:11.0234 1176 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:10:11.0375 1176 SLIP - ok
13:10:11.0453 1176 Sparrow - ok
13:10:11.0515 1176 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:10:11.0656 1176 splitter - ok
13:10:11.0750 1176 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:10:11.0890 1176 sr - ok
13:10:11.0984 1176 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:10:12.0062 1176 Srv - ok
13:10:12.0187 1176 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:10:12.0203 1176 ssmdrv - ok
13:10:12.0265 1176 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
13:10:12.0281 1176 StarOpen ( UnsignedFile.Multi.Generic ) - warning
13:10:12.0281 1176 StarOpen - detected UnsignedFile.Multi.Generic (1)
13:10:12.0359 1176 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:10:12.0515 1176 streamip - ok
13:10:12.0578 1176 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:10:12.0718 1176 swenum - ok
13:10:12.0796 1176 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:10:12.0937 1176 swmidi - ok
13:10:13.0046 1176 symc810 - ok
13:10:13.0078 1176 symc8xx - ok
13:10:13.0125 1176 sym_hi - ok
13:10:13.0171 1176 sym_u3 - ok
13:10:13.0218 1176 SynasUSB - ok
13:10:13.0281 1176 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:10:13.0421 1176 sysaudio - ok
13:10:13.0531 1176 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:10:13.0609 1176 Tcpip - ok
13:10:13.0734 1176 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:10:13.0859 1176 TDPIPE - ok
13:10:13.0968 1176 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:10:14.0109 1176 TDTCP - ok
13:10:14.0203 1176 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:10:14.0328 1176 TermDD - ok
13:10:14.0484 1176 TosIde - ok
13:10:14.0562 1176 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
13:10:14.0703 1176 uagp35 - ok
13:10:14.0796 1176 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:10:14.0921 1176 Udfs - ok
13:10:15.0015 1176 ultra - ok
13:10:15.0093 1176 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:10:15.0250 1176 Update - ok
13:10:15.0421 1176 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:10:15.0562 1176 usbaudio - ok
13:10:15.0640 1176 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:10:15.0781 1176 usbccgp - ok
13:10:15.0859 1176 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:10:15.0984 1176 usbehci - ok
13:10:16.0046 1176 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:10:16.0203 1176 usbhub - ok
13:10:16.0296 1176 USBNZ1X1 - ok
13:10:16.0359 1176 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:10:16.0515 1176 usbohci - ok
13:10:16.0609 1176 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:10:16.0750 1176 usbprint - ok
13:10:16.0828 1176 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:10:16.0968 1176 usbscan - ok
13:10:17.0015 1176 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:10:17.0156 1176 USBSTOR - ok
13:10:17.0218 1176 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:10:17.0359 1176 usbvideo - ok
13:10:17.0453 1176 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:10:17.0609 1176 VgaSave - ok
13:10:17.0656 1176 ViaIde - ok
13:10:17.0734 1176 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:10:17.0875 1176 VolSnap - ok
13:10:18.0046 1176 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:10:18.0187 1176 Wanarp - ok
13:10:18.0250 1176 WDICA - ok
13:10:18.0312 1176 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:10:18.0453 1176 wdmaud - ok
13:10:18.0781 1176 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:10:18.0937 1176 WSTCODEC - ok
13:10:19.0031 1176 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
13:10:19.0062 1176 ZDPSp50 ( UnsignedFile.Multi.Generic ) - warning
13:10:19.0062 1176 ZDPSp50 - detected UnsignedFile.Multi.Generic (1)
13:10:19.0187 1176 MBR (0x1B8) (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
13:10:19.0218 1176 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
13:10:19.0218 1176 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
13:10:19.0250 1176 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:10:19.0250 1176 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:10:19.0312 1176 Boot (0x1200) (745563e5cbd175cd96eea5be20f73168) \Device\Harddisk0\DR0\Partition0
13:10:19.0312 1176 \Device\Harddisk0\DR0\Partition0 - ok
13:10:19.0359 1176 Boot (0x1200) (1fdb40ee53f72cb4f42c62196826ae1a) \Device\Harddisk0\DR0\Partition1
13:10:19.0359 1176 \Device\Harddisk0\DR0\Partition1 - ok
13:10:19.0375 1176 ============================================================
13:10:19.0375 1176 Scan finished
13:10:19.0375 1176 ============================================================
13:10:19.0531 1164 Detected object count: 10
13:10:19.0531 1164 Actual detected object count: 10
13:11:24.0328 1164 BCMIDI ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:24.0328 1164 BCMIDI ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:24.0343 1164 BCR2000 ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:24.0343 1164 BCR2000 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:24.0343 1164 DELTA ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:24.0343 1164 DELTA ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:24.0343 1164 MA_CMIDI ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:24.0343 1164 MA_CMIDI ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:24.0359 1164 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:24.0359 1164 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:24.0375 1164 NvnUsbAudio ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:24.0375 1164 NvnUsbAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:24.0390 1164 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:24.0390 1164 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:24.0406 1164 ZDPSp50 ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:24.0406 1164 ZDPSp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:11:24.0468 1164 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
13:11:24.0484 1164 \Device\Harddisk0\DR0 - ok
13:11:24.0484 1164 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
13:11:24.0500 1164 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:11:24.0500 1164 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

cosinus 20.11.2011 13:16
Zitat:
13:11:24.0468 1164 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
13:11:24.0484 1164 \Device\Harddisk0\DR0 - ok
13:11:24.0484 1164 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
13:11:24.0500 1164 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:11:24.0500 1164 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Ich hab extra geschrieben, dass du nichts auf eigene Faust mit dem TDSS-Killer löschen sollst!
Ist in diesem Falle aber richtig gewesen - Rookit.Boot.SST und das TDSS Filesystem müssen weg.
Starte Windows neu und mach ein neues Log mit dem TDSS-Killer.

sid77 20.11.2011 13:29
hmm, ich hab eigentlich nichts auf eigene Faust gelöscht. Stand alles auf 'skip'.
unhide.exe hab ich im abges. modus (wie alles andere auch) ausgeführt, hat allerdings nur die programme wieder sichtbar gemacht. desktop & dateien sind nach wie vor versteckt.

log folgt...

sid77 20.11.2011 13:43
hier das log:
Zitat:
13:39:49.0171 3352 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
13:39:49.0468 3352 ============================================================
13:39:49.0468 3352 Current date / time: 2011/11/20 13:39:49.0468
13:39:49.0468 3352 SystemInfo:
13:39:49.0468 3352
13:39:49.0468 3352 OS Version: 5.1.2600 ServicePack: 3.0
13:39:49.0468 3352 Product type: Workstation
13:39:49.0468 3352 ComputerName: ACER-59DE6FF88D
13:39:49.0468 3352 UserName: CSCH1
13:39:49.0468 3352 Windows directory: C:\WINDOWS
13:39:49.0468 3352 System windows directory: C:\WINDOWS
13:39:49.0468 3352 Processor architecture: Intel x86
13:39:49.0468 3352 Number of processors: 1
13:39:49.0468 3352 Page size: 0x1000
13:39:49.0468 3352 Boot type: Normal boot
13:39:49.0468 3352 ============================================================
13:39:50.0515 3352 Initialize success
13:40:09.0609 3392 ============================================================
13:40:09.0609 3392 Scan started
13:40:09.0609 3392 Mode: Manual; SigCheck; TDLFS;
13:40:09.0609 3392 ============================================================
13:40:10.0156 3392 Abiosdsk - ok
13:40:10.0171 3392 abp480n5 - ok
13:40:10.0234 3392 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:40:10.0984 3392 ACPI - ok
13:40:11.0093 3392 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:40:11.0281 3392 ACPIEC - ok
13:40:11.0296 3392 adpu160m - ok
13:40:11.0359 3392 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:40:11.0531 3392 aec - ok
13:40:11.0562 3392 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:40:11.0640 3392 AFD - ok
13:40:11.0687 3392 Aha154x - ok
13:40:11.0703 3392 aic78u2 - ok
13:40:11.0734 3392 aic78xx - ok
13:40:11.0890 3392 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:40:12.0296 3392 ALCXWDM - ok
13:40:12.0406 3392 AliIde - ok
13:40:12.0437 3392 amsint - ok
13:40:12.0468 3392 asc - ok
13:40:12.0500 3392 asc3350p - ok
13:40:12.0531 3392 asc3550 - ok
13:40:12.0609 3392 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:40:12.0765 3392 AsyncMac - ok
13:40:12.0796 3392 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:40:12.0953 3392 atapi - ok
13:40:13.0031 3392 Atdisk - ok
13:40:13.0109 3392 ati2mtag (1bc00580219007683339b3a78b8f2232) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:40:13.0250 3392 ati2mtag - ok
13:40:13.0406 3392 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:40:13.0562 3392 Atmarpc - ok
13:40:13.0656 3392 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:40:13.0828 3392 audstub - ok
13:40:13.0937 3392 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
13:40:13.0953 3392 avgio - ok
13:40:14.0078 3392 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:40:14.0125 3392 avgntflt - ok
13:40:14.0171 3392 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:40:14.0187 3392 avipbb - ok
13:40:14.0218 3392 BCMIDI (c2f56b680c4207521630c013e0ece002) C:\WINDOWS\system32\Drivers\bcmidi2.sys
13:40:14.0250 3392 BCMIDI ( UnsignedFile.Multi.Generic ) - warning
13:40:14.0250 3392 BCMIDI - detected UnsignedFile.Multi.Generic (1)
13:40:14.0296 3392 BCR2000 (1c2b385adebde32d5f7c13cb2c608817) C:\WINDOWS\system32\drivers\bcr2000.sys
13:40:14.0328 3392 BCR2000 ( UnsignedFile.Multi.Generic ) - warning
13:40:14.0328 3392 BCR2000 - detected UnsignedFile.Multi.Generic (1)
13:40:14.0390 3392 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:40:14.0562 3392 Beep - ok
13:40:14.0625 3392 BLKWGU(Belkin) (ed910b63a75863a89aab65f2763d5b71) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
13:40:14.0703 3392 BLKWGU(Belkin) - ok
13:40:14.0812 3392 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:40:15.0000 3392 cbidf2k - ok
13:40:15.0062 3392 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:40:15.0218 3392 CCDECODE - ok
13:40:15.0250 3392 cd20xrnt - ok
13:40:15.0296 3392 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:40:15.0500 3392 Cdaudio - ok
13:40:15.0546 3392 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:40:15.0703 3392 Cdfs - ok
13:40:15.0765 3392 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:40:15.0921 3392 Cdrom - ok
13:40:15.0953 3392 Changer - ok
13:40:16.0000 3392 CmdIde - ok
13:40:16.0046 3392 Cpqarray - ok
13:40:16.0078 3392 dac2w2k - ok
13:40:16.0093 3392 dac960nt - ok
13:40:16.0156 3392 DELTA (fff42aca78b2e6369f98c8c672375e0a) C:\WINDOWS\system32\DRIVERS\delta.sys
13:40:16.0187 3392 DELTA ( UnsignedFile.Multi.Generic ) - warning
13:40:16.0187 3392 DELTA - detected UnsignedFile.Multi.Generic (1)
13:40:16.0312 3392 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:40:16.0468 3392 Disk - ok
13:40:16.0546 3392 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:40:16.0718 3392 dmboot - ok
13:40:16.0828 3392 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:40:16.0984 3392 dmio - ok
13:40:17.0046 3392 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:40:17.0218 3392 dmload - ok
13:40:17.0281 3392 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:40:17.0437 3392 DMusic - ok
13:40:17.0546 3392 dpti2o - ok
13:40:17.0593 3392 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:40:17.0734 3392 drmkaud - ok
13:40:17.0875 3392 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:40:18.0046 3392 Fastfat - ok
13:40:18.0109 3392 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:40:18.0265 3392 Fdc - ok
13:40:18.0390 3392 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
13:40:18.0406 3392 FilterService - ok
13:40:18.0484 3392 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:40:18.0640 3392 Fips - ok
13:40:18.0703 3392 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:40:18.0859 3392 Flpydisk - ok
13:40:18.0937 3392 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:40:19.0109 3392 FltMgr - ok
13:40:19.0187 3392 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:40:19.0390 3392 Fs_Rec - ok
13:40:19.0421 3392 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:40:19.0625 3392 Ftdisk - ok
13:40:19.0703 3392 gbxavs - ok
13:40:19.0734 3392 gbxusb - ok
13:40:19.0765 3392 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:40:19.0937 3392 Gpc - ok
13:40:20.0031 3392 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:40:20.0187 3392 hidusb - ok
13:40:20.0281 3392 hpn - ok
13:40:20.0328 3392 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:40:20.0406 3392 HTTP - ok
13:40:20.0484 3392 i2omgmt - ok
13:40:20.0500 3392 i2omp - ok
13:40:20.0546 3392 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:40:20.0703 3392 i8042prt - ok
13:40:20.0781 3392 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:40:20.0937 3392 Imapi - ok
13:40:21.0015 3392 ini910u - ok
13:40:21.0078 3392 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
13:40:21.0109 3392 int15.sys ( UnsignedFile.Multi.Generic ) - warning
13:40:21.0109 3392 int15.sys - detected UnsignedFile.Multi.Generic (1)
13:40:21.0171 3392 IntelIde - ok
13:40:21.0218 3392 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:40:21.0375 3392 intelppm - ok
13:40:21.0406 3392 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:40:21.0578 3392 Ip6Fw - ok
13:40:21.0625 3392 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:40:21.0812 3392 IpFilterDriver - ok
13:40:21.0859 3392 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:40:22.0000 3392 IpInIp - ok
13:40:22.0046 3392 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:40:22.0187 3392 IpNat - ok
13:40:22.0234 3392 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:40:22.0390 3392 IPSec - ok
13:40:22.0437 3392 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:40:22.0593 3392 IRENUM - ok
13:40:22.0640 3392 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:40:22.0796 3392 isapnp - ok
13:40:22.0890 3392 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:40:23.0046 3392 Kbdclass - ok
13:40:23.0125 3392 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:40:23.0265 3392 kbdhid - ok
13:40:23.0328 3392 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:40:23.0484 3392 kmixer - ok
13:40:23.0562 3392 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:40:23.0625 3392 KSecDD - ok
13:40:23.0687 3392 lbrtfdc - ok
13:40:23.0750 3392 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
13:40:23.0765 3392 lvpopflt - ok
13:40:23.0812 3392 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
13:40:23.0812 3392 LVPr2Mon - ok
13:40:23.0875 3392 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
13:40:23.0906 3392 LVRS - ok
13:40:24.0109 3392 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
13:40:24.0546 3392 LVUVC - ok
13:40:24.0562 3392 ma763008 - ok
13:40:24.0593 3392 MADFU008 - ok
13:40:24.0625 3392 MA_CMIDI (68226ac1f255711ef87c8d03418148d5) C:\WINDOWS\system32\drivers\ma_cmidi.sys
13:40:24.0640 3392 MA_CMIDI ( UnsignedFile.Multi.Generic ) - warning
13:40:24.0640 3392 MA_CMIDI - detected UnsignedFile.Multi.Generic (1)
13:40:24.0687 3392 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:40:24.0859 3392 mnmdd - ok
13:40:24.0906 3392 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:40:25.0062 3392 Modem - ok
13:40:25.0078 3392 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:40:25.0218 3392 Mouclass - ok
13:40:25.0265 3392 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:40:25.0453 3392 mouhid - ok
13:40:25.0546 3392 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:40:25.0687 3392 MountMgr - ok
13:40:25.0765 3392 mraid35x - ok
13:40:25.0812 3392 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:40:25.0968 3392 MRxDAV - ok
13:40:26.0062 3392 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:40:26.0140 3392 MRxSmb - ok
13:40:26.0218 3392 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:40:26.0390 3392 Msfs - ok
13:40:26.0484 3392 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:40:26.0640 3392 MSKSSRV - ok
13:40:26.0718 3392 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:40:26.0875 3392 MSPCLOCK - ok
13:40:26.0968 3392 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:40:27.0109 3392 MSPQM - ok
13:40:27.0187 3392 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:40:27.0359 3392 mssmbios - ok
13:40:27.0437 3392 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:40:27.0593 3392 MSTEE - ok
13:40:27.0671 3392 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:40:27.0734 3392 Mup - ok
13:40:27.0812 3392 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:40:27.0968 3392 NABTSFEC - ok
13:40:28.0078 3392 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:40:28.0234 3392 NDIS - ok
13:40:28.0343 3392 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:40:28.0484 3392 NdisIP - ok
13:40:28.0515 3392 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:40:28.0578 3392 NdisTapi - ok
13:40:28.0656 3392 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:40:28.0812 3392 Ndisuio - ok
13:40:28.0906 3392 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:40:29.0046 3392 NdisWan - ok
13:40:29.0093 3392 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:40:29.0156 3392 NDProxy - ok
13:40:29.0234 3392 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:40:29.0390 3392 NetBIOS - ok
13:40:29.0421 3392 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:40:29.0578 3392 NetBT - ok
13:40:29.0718 3392 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:40:29.0875 3392 Npfs - ok
13:40:29.0921 3392 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:40:30.0109 3392 Ntfs - ok
13:40:30.0171 3392 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
13:40:30.0203 3392 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
13:40:30.0203 3392 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
13:40:30.0390 3392 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:40:30.0593 3392 Null - ok
13:40:30.0796 3392 NvnUsbAudio (ad4f1fd6dc06ea3928a21d5d72c0761f) C:\WINDOWS\system32\drivers\nvnusbaudio.sys
13:40:30.0828 3392 NvnUsbAudio ( UnsignedFile.Multi.Generic ) - warning
13:40:30.0828 3392 NvnUsbAudio - detected UnsignedFile.Multi.Generic (1)
13:40:31.0093 3392 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:40:31.0296 3392 NwlnkFlt - ok
13:40:31.0578 3392 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:40:31.0796 3392 NwlnkFwd - ok
13:40:32.0062 3392 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:40:32.0203 3392 Parport - ok
13:40:32.0531 3392 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:40:32.0671 3392 PartMgr - ok
13:40:32.0734 3392 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:40:32.0921 3392 ParVdm - ok
13:40:32.0984 3392 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:40:33.0140 3392 PCI - ok
13:40:33.0156 3392 PCIDump - ok
13:40:33.0187 3392 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:40:33.0343 3392 PCIIde - ok
13:40:33.0390 3392 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:40:33.0531 3392 Pcmcia - ok
13:40:33.0562 3392 PDCOMP - ok
13:40:33.0593 3392 PDFRAME - ok
13:40:33.0609 3392 PDRELI - ok
13:40:33.0640 3392 PDRFRAME - ok
13:40:33.0671 3392 perc2 - ok
13:40:33.0687 3392 perc2hib - ok
13:40:33.0781 3392 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:40:33.0921 3392 PptpMiniport - ok
13:40:33.0953 3392 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:40:34.0093 3392 PSched - ok
13:40:34.0125 3392 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:40:34.0312 3392 Ptilink - ok
13:40:34.0343 3392 ql1080 - ok
13:40:34.0359 3392 Ql10wnt - ok
13:40:34.0390 3392 ql12160 - ok
13:40:34.0406 3392 ql1240 - ok
13:40:34.0437 3392 ql1280 - ok
13:40:34.0468 3392 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:40:34.0656 3392 RasAcd - ok
13:40:34.0687 3392 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:40:34.0828 3392 Rasl2tp - ok
13:40:34.0875 3392 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:40:34.0984 3392 RasPppoe - ok
13:40:35.0031 3392 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:40:35.0234 3392 Raspti - ok
13:40:35.0281 3392 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:40:35.0406 3392 Rdbss - ok
13:40:35.0453 3392 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:40:35.0625 3392 RDPCDD - ok
13:40:35.0687 3392 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:40:35.0765 3392 RDPWD - ok
13:40:35.0875 3392 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:40:36.0015 3392 redbook - ok
13:40:36.0093 3392 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
13:40:36.0281 3392 ROOTMODEM - ok
13:40:36.0390 3392 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:40:36.0546 3392 Secdrv - ok
13:40:36.0593 3392 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:40:36.0734 3392 serenum - ok
13:40:36.0781 3392 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:40:36.0921 3392 Serial - ok
13:40:37.0062 3392 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:40:37.0203 3392 Sfloppy - ok
13:40:37.0234 3392 Simbad - ok
13:40:37.0281 3392 SiS315 (e3cf27c168a97018c9f9c7ecc335a761) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
13:40:37.0375 3392 SiS315 - ok
13:40:37.0421 3392 SiSkp (e14435cf5d555bdc2f35097e403b79c5) C:\WINDOWS\system32\DRIVERS\srvkp.sys
13:40:37.0453 3392 SiSkp - ok
13:40:37.0500 3392 SISNIC (8204c49cde112f7b9c2f15707fe2cc5a) C:\WINDOWS\system32\DRIVERS\sisnic.sys
13:40:37.0562 3392 SISNIC - ok
13:40:37.0593 3392 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:40:37.0734 3392 SLIP - ok
13:40:37.0765 3392 Sparrow - ok
13:40:37.0812 3392 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:40:37.0953 3392 splitter - ok
13:40:38.0000 3392 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:40:38.0156 3392 sr - ok
13:40:38.0187 3392 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:40:38.0250 3392 Srv - ok
13:40:38.0359 3392 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:40:38.0375 3392 ssmdrv - ok
13:40:38.0437 3392 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
13:40:38.0453 3392 StarOpen ( UnsignedFile.Multi.Generic ) - warning
13:40:38.0453 3392 StarOpen - detected UnsignedFile.Multi.Generic (1)
13:40:38.0500 3392 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:40:38.0656 3392 streamip - ok
13:40:38.0718 3392 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:40:38.0859 3392 swenum - ok
13:40:38.0890 3392 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:40:39.0031 3392 swmidi - ok
13:40:39.0125 3392 symc810 - ok
13:40:39.0156 3392 symc8xx - ok
13:40:39.0171 3392 sym_hi - ok
13:40:39.0203 3392 sym_u3 - ok
13:40:39.0218 3392 SynasUSB - ok
13:40:39.0281 3392 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:40:39.0421 3392 sysaudio - ok
13:40:39.0531 3392 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:40:39.0640 3392 Tcpip - ok
13:40:39.0718 3392 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:40:39.0859 3392 TDPIPE - ok
13:40:39.0890 3392 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:40:40.0015 3392 TDTCP - ok
13:40:40.0046 3392 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:40:40.0187 3392 TermDD - ok
13:40:40.0218 3392 TosIde - ok
13:40:40.0265 3392 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
13:40:40.0421 3392 uagp35 - ok
13:40:40.0468 3392 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:40:40.0625 3392 Udfs - ok
13:40:40.0640 3392 ultra - ok
13:40:40.0703 3392 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:40:40.0875 3392 Update - ok
13:40:40.0984 3392 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:40:41.0140 3392 usbaudio - ok
13:40:41.0171 3392 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:40:41.0312 3392 usbccgp - ok
13:40:41.0359 3392 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:40:41.0500 3392 usbehci - ok
13:40:41.0546 3392 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:40:41.0703 3392 usbhub - ok
13:40:41.0734 3392 USBNZ1X1 - ok
13:40:41.0781 3392 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:40:41.0921 3392 usbohci - ok
13:40:41.0968 3392 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:40:42.0109 3392 usbprint - ok
13:40:42.0125 3392 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:40:42.0265 3392 usbscan - ok
13:40:42.0296 3392 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:40:42.0453 3392 USBSTOR - ok
13:40:42.0484 3392 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:40:42.0625 3392 usbvideo - ok
13:40:42.0671 3392 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:40:42.0828 3392 VgaSave - ok
13:40:43.0125 3392 ViaIde - ok
13:40:43.0296 3392 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:40:43.0453 3392 VolSnap - ok
13:40:43.0625 3392 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:40:43.0765 3392 Wanarp - ok
13:40:43.0875 3392 WDICA - ok
13:40:43.0906 3392 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:40:44.0062 3392 wdmaud - ok
13:40:44.0203 3392 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:40:44.0343 3392 WSTCODEC - ok
13:40:44.0406 3392 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
13:40:44.0437 3392 ZDPSp50 ( UnsignedFile.Multi.Generic ) - warning
13:40:44.0437 3392 ZDPSp50 - detected UnsignedFile.Multi.Generic (1)
13:40:44.0484 3392 MBR (0x1B8) (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
13:40:45.0343 3392 \Device\Harddisk0\DR0 - ok
13:40:45.0375 3392 Boot (0x1200) (745563e5cbd175cd96eea5be20f73168) \Device\Harddisk0\DR0\Partition0
13:40:45.0375 3392 \Device\Harddisk0\DR0\Partition0 - ok
13:40:45.0406 3392 Boot (0x1200) (1fdb40ee53f72cb4f42c62196826ae1a) \Device\Harddisk0\DR0\Partition1
13:40:45.0421 3392 \Device\Harddisk0\DR0\Partition1 - ok
13:40:45.0421 3392 ============================================================
13:40:45.0421 3392 Scan finished
13:40:45.0421 3392 ============================================================
13:40:45.0546 3384 Detected object count: 9
13:40:45.0546 3384 Actual detected object count: 9
13:41:02.0906 3384 BCMIDI ( UnsignedFile.Multi.Generic ) - skipped by user
13:41:02.0906 3384 BCMIDI ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:41:02.0906 3384 BCR2000 ( UnsignedFile.Multi.Generic ) - skipped by user
13:41:02.0906 3384 BCR2000 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:41:02.0906 3384 DELTA ( UnsignedFile.Multi.Generic ) - skipped by user
13:41:02.0906 3384 DELTA ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:41:02.0906 3384 int15.sys ( UnsignedFile.Multi.Generic ) - skipped by user
13:41:02.0906 3384 int15.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:41:02.0921 3384 MA_CMIDI ( UnsignedFile.Multi.Generic ) - skipped by user
13:41:02.0921 3384 MA_CMIDI ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:41:02.0921 3384 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
13:41:02.0921 3384 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:41:02.0921 3384 NvnUsbAudio ( UnsignedFile.Multi.Generic ) - skipped by user
13:41:02.0921 3384 NvnUsbAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:41:02.0937 3384 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
13:41:02.0937 3384 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:41:02.0937 3384 ZDPSp50 ( UnsignedFile.Multi.Generic ) - skipped by user
13:41:02.0937 3384 ZDPSp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
unhide eben nochmal im normalen modus ausgeführt. desktop-dateien nun wieder sichtbar, allerdings nicht im startmenü.

cosinus 20.11.2011 14:06
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

sid77 20.11.2011 14:41
hier das log:
Combofix Logfile:
Code:
ComboFix 11-11-20.01 - CSCH1 20.11.2011  14:24:53.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.511.216 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\CSCH1\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\CSCH1\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\inf
c:\windows\system32\inf\MA_CMIDI.INF
c:\windows\system32\lsprst7.dll
c:\windows\system32\setup.ini
c:\windows\system32\ssprs.dll
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COMSYSAPP
-------\Service_COMSysApp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-10-20 bis 2011-11-20  ))))))))))))))))))))))))))))))
.
.
2011-11-18 20:39 . 2011-11-18 20:39        --------        d-----w-        C:\_OTL
2011-11-17 15:29 . 2011-11-17 15:29        --------        d-----w-        c:\programme\ESET
2011-11-17 15:19 . 2011-11-17 15:19        --------        d-----w-        c:\dokumente und einstellungen\CSCH1\Anwendungsdaten\Malwarebytes
2011-11-17 15:03 . 2011-11-17 15:03        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-11-17 15:03 . 2011-11-17 15:03        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2011-11-17 15:03 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-11-16 19:21 . 2011-11-16 19:21        --------        d-----w-        C:\FOUND.008
2011-11-16 18:56 . 2011-11-16 18:56        --------        d-----w-        C:\FOUND.007
2011-11-16 18:02 . 2011-11-16 18:02        --------        d-----w-        c:\dokumente und einstellungen\Administrator
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2004-08-04 04:00        692736        ----a-w-        c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 04:00        604160        ----a-w-        c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59        614912        ----a-w-        c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-04 04:00        23040        ----a-w-        c:\windows\system32\oleaccrc.dll
2011-09-26 10:41 . 2004-08-04 04:00        220160        ----a-w-        c:\windows\system32\oleacc.dll
2011-09-06 15:10 . 2005-03-02 18:06        1859072        ----a-w-        c:\windows\system32\win32k.sys
2011-09-05 14:55 . 2005-07-03 02:15        672768        ----a-w-        c:\windows\system32\wininet.dll
2011-09-05 14:55 . 2004-08-04 04:00        81920        ----a-w-        c:\windows\system32\ieencode.dll
2011-09-05 14:55 . 2004-08-04 04:00        61952        ----a-w-        c:\windows\system32\tdc.ocx
2011-09-05 14:54 . 2004-08-04 04:00        371200        ----a-w-        c:\windows\system32\html.iec
2011-11-11 20:23 . 2011-06-07 16:15        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-01-05 413696]
"SiSPower"="SiSPower.dll" [2005-07-13 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
"midi2"=ma_cmidn.dll
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^CSCH1^Startmenü^Programme^Autostart^Logitech . Produktregistrierung.lnk]
path=c:\dokumente und einstellungen\CSCH1\Startmenü\Programme\Autostart\Logitech . Produktregistrierung.lnk
backup=c:\windows\pss\Logitech . Produktregistrierung.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2007-12-22 23:03        916240        ----a-w-        c:\programme\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2007-06-26 19:27        312320        ----a-w-        c:\programme\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-10-23 18:51        233472        ----a-w-        c:\programme\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 10:24        49152        ----a-w-        c:\programme\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2005-07-23 03:33        176128        ----a-w-        c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36        2793304        ----a-w-        c:\programme\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18        413696        ----a-w-        c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Steinberg\\WaveLab Lite\\WaveLab Lite.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\ICQ7.4\\ICQ.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [19.11.2009 14:06 108289]
S3 BCMIDI;BCMIDI;c:\windows\system32\drivers\bcmidi2.sys [02.11.2007 12:05 22432]
S3 BCR2000;B-Control Rotary/Fader 2000 (12/23/2004,1.1.1.1);c:\windows\system32\drivers\bcr2000.sys [02.11.2007 12:07 20992]
S3 gbxavs;gbxavs;c:\windows\system32\Drivers\gbxavs.sys --> c:\windows\system32\Drivers\gbxavs.sys [?]
S3 gbxusb;gbxusb;c:\windows\system32\Drivers\gbxusb.sys --> c:\windows\system32\Drivers\gbxusb.sys [?]
S3 ma763008;M-Audio Ozone;c:\windows\system32\drivers\MA763008.sys --> c:\windows\system32\drivers\MA763008.sys [?]
S3 MADFU008;MADFU008;c:\windows\system32\DRIVERS\MADFU008.sys --> c:\windows\system32\DRIVERS\MADFU008.sys [?]
S3 NvnUsbAudio;NvnUsbAudio;c:\windows\system32\drivers\nvnusbaudio.sys [16.11.2007 15:02 25600]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 USBNZ1X1;M-Audio Ozone Midi;c:\windows\system32\drivers\usbnz1x1.sys --> c:\windows\system32\drivers\usbnz1x1.sys [?]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.wer-kennt-wen.de/start
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\programme\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\CSCH1\Anwendungsdaten\Mozilla\Firefox\Profiles\joa8o0hr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.sequencer.de/synthesizer/index.php
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Acoustica_is1 - c:\programme\VstPlugins\Acoustica\unins000.exe
AddRemove-Euro-Rechnungsdruckerei - c:\windows\IsUn0407.exe
AddRemove-FreeAlpha 3 - c:\programme\VstPlugins\UninstalFreeAlpha.exe
AddRemove-Glitch One MB VSTi V1.0b_is1 - c:\programme\VstPlugins\DashSignature.com\Glitch One MB\unins000.exe
AddRemove-KEYS Alpha - c:\programme\VstPlugins\UninstalAlpha.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-11-20 14:34
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(508)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5016)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-20  14:37:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-20 13:37
.
Vor Suchlauf: 19 Verzeichnis(se), 34.632.167.424 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 34.668.498.432 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1FCE54BA8C2A9715565D37B6A1FAB0BF
--- --- ---

cosinus 20.11.2011 15:26
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

sid77 20.11.2011 18:15
alter falter, war ne schwere geburt... gmer hat nicht funktioniert. dafür die anderen zwei

osam:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:28:06 on 20.11.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 6.00.2900.5512

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"alsndmgr.cpl" - ? - C:\WINDOWS\system32\alsndmgr.cpl  (File signed by Microsoft | File found, but it contains no detailed information)
"DeltaCPL.cpl" - "Midiman/M-Audio" - C:\WINDOWS\system32\DeltaCPL.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"speech.cpl" - "Microsoft" - C:\WINDOWS\system32\speech.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"%EVOL_USB.SvcDesc%" (MA_CMIDI) - "M-Audio" - C:\WINDOWS\System32\drivers\ma_cmidi.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"B-Control Rotary/Fader 2000 (12/23/2004,1.1.1.1)" (BCR2000) - "Behringer Spezielle Studiotechnik GmbH" - C:\WINDOWS\System32\drivers\bcr2000.sys
"BCMIDI" (BCMIDI) - "Behringer Spezielle Studiotechnik GmbH" - C:\WINDOWS\System32\Drivers\bcmidi2.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"gbxavs" (gbxavs) - ? - C:\WINDOWS\System32\Drivers\gbxavs.sys  (File not found)
"gbxusb" (gbxusb) - ? - C:\WINDOWS\System32\Drivers\gbxusb.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"int15.sys" (int15.sys) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"M-Audio Ozone" (ma763008) - ? - C:\WINDOWS\System32\drivers\MA763008.sys  (File not found)
"M-Audio Ozone Midi" (USBNZ1X1) - ? - C:\WINDOWS\System32\drivers\usbnz1x1.sys  (File not found)
"MADFU008" (MADFU008) - ? - C:\WINDOWS\System32\DRIVERS\MADFU008.sys  (File not found)
"NvnUsbAudio" (NvnUsbAudio) - "Novation DMS Ltd." - C:\WINDOWS\System32\drivers\nvnusbaudio.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"Service for Delta Driver (WDM)" (DELTA) - "Midiman/M-Audio" - C:\WINDOWS\System32\DRIVERS\delta.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"SynasUSB" (SynasUSB) - ? - C:\WINDOWS\System32\drivers\SynasUSB.sys  (File not found)
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"ZDPSp50 NDIS Protocol Driver" (ZDPSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\ZDPSp50.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{CF184AD3-CDCB-4168-A3F7-8E447D129300} "CZipHandler Object" - "Hewlett-Packard Company" - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{8BE13461-936F-11D1-A87D-444553540000} "Eraser Shell Extension" - "-" - C:\WINDOWS\system32\erasext.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -  (File not found | COM-object registry key not found)
{2BB59FC0-31E8-42DA-9D3C-E9A52953853B} "ImageResizer Shell Extension" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{4C39376E-FA9D-4349-BACC-D305C1750EF3} "EPUImageControl Class" - "eBay, Inc." - C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.5.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Programme\QuickTime\QTPlugin.ocx / hxxp://www.apple.com/qtactivex/qtplugin.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.4" - "ICQ, LLC." - C:\Programme\ICQ7.4\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\CSCH1\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"eRecoveryService" - "acer Inc." - C:\Acer\Empowering Technology\eRecovery\Monitor.exe
"LaunchApp" - "Acer Inc." - Alaunch
"MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC  (File signed by Microsoft | File found, but it contains no detailed information)
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SiSPower" - "Silicon Integrated Systems Corporation" - Rundll32.exe SiSPower.dll,ModeAgent
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"KM Language Monitor" - "KYOCERA MITA Corporation" - C:\WINDOWS\system32\KMPJLMN.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"QMSZJLanguageMonitor" - "Zenographics, Inc." - C:\WINDOWS\system32\ZLMQM2.DLL
"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"M-Audio CMIDI Installer" (MA_CMIDI_InstallerService) - ? - C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
"NMSAccessU" (NMSAccessU) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

aswmbr:
Zitat:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-20 17:31:02
-----------------------------
17:31:02.234 OS Version: Windows 5.1.2600 Service Pack 3
17:31:02.234 Number of processors: 1 586 0x409
17:31:02.234 ComputerName: ACER-59DE6FF88D UserName: CSCH1
17:31:03.578 Initialize success
17:35:36.250 AVAST engine defs: 11112000
17:36:54.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
17:36:54.578 Disk 0 Vendor: ST3200826AS 3.03 Size: 190782MB BusType: 3
17:36:56.593 Disk 0 MBR read successfully
17:36:56.593 Disk 0 MBR scan
17:36:56.656 Disk 0 unknown MBR code
17:36:56.656 Disk 0 scanning sectors +390716865
17:36:56.734 Disk 0 scanning C:\WINDOWS\system32\drivers
17:37:07.437 Service scanning
17:37:08.437 Modules scanning
17:37:11.656 Disk 0 trace - called modules:
17:37:11.671 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:37:11.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f87ab8]
17:37:11.687 3 CLASSPNP.SYS[f86b5fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x82fcdb00]
17:37:12.796 AVAST engine scan C:\WINDOWS
17:37:22.750 AVAST engine scan C:\WINDOWS\system32
17:39:53.875 AVAST engine scan C:\WINDOWS\system32\drivers
17:40:32.812 AVAST engine scan C:\Dokumente und Einstellungen\CSCH1
17:42:28.937 AVAST engine scan C:\Dokumente und Einstellungen\All Users
18:11:53.421 Scan finished successfully
18:12:50.812 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\CSCH1\Desktop\MBR.dat"
18:12:50.812 The log file has been saved successfully to "C:\Dokumente und Einstellungen\CSCH1\Desktop\aswMBR.txt"
btw sind jetzt auch alle versteckten dateien, ordner, programme wieder sichtbar - soweit so gut :)

cosinus 21.11.2011 10:04
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

sid77 21.11.2011 10:48
so, fix gemacht. beim neuscan zeigt er mir jetzt einen bluescreen an.

ein problem wurde festgestellt...
driver_trql_not_less_or_equal

...
speicherabbild des physischen speichers wird erstellt.

cosinus 21.11.2011 10:57
Zitat:
beim neuscan zeigt er mir jetzt einen bluescreen an.
Windows wurde aber schon neu gestartet?

sid77 21.11.2011 10:58
wird gerade neu gestrartet. bleibt aber vorerst in der boot-maske hängen...

sid77 21.11.2011 11:01
jetzt zeigt er an:
disk boot failure, insert system disk and press enter

cosinus 21.11.2011 11:43
Kannst du die Wiederherstellungskonsole starten? Die wurde von CF installiert.
Wenn nicht brauchst du eine Windows-XP-CD.

sid77 21.11.2011 12:08
über 'ausführen', im abges. modus, hab ich das system auf den combofixpunkt wiederhergestellt.

sid77 21.11.2011 12:12
jetzt fehlen allerdings wieder einige verweise im startmenü (ordner, laufwerke, arbeitsplatz, zubehör, etc.) soll ich den wiederherstellungspunkt später, also nach combofix, wählen?

cosinus 21.11.2011 12:13
Wieso machst du da was über irgendwelche Wiederherstellungspunkte!! Das hab ich nicht angewiesen!

sid77 21.11.2011 12:23
verdammt, sorry. ist noch was zu retten?

cosinus 21.11.2011 12:27
Startet Windows denn jetzt wieder im normalen Modus?

sid77 21.11.2011 12:28
ja, startet wieder

cosinus 21.11.2011 13:05
Dann mach bitte neue Logs mit GMER, OSAM und aswMBR

sid77 21.11.2011 17:36
hier die Logs. GMER wollte wieder nicht...

OSAM:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:53:07 on 21.11.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 8.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"alsndmgr.cpl" - ? - C:\WINDOWS\system32\alsndmgr.cpl  (File signed by Microsoft | File found, but it contains no detailed information)
"DeltaCPL.cpl" - "Midiman/M-Audio" - C:\WINDOWS\system32\DeltaCPL.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"speech.cpl" - "Microsoft" - C:\WINDOWS\system32\speech.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"%EVOL_USB.SvcDesc%" (MA_CMIDI) - "M-Audio" - C:\WINDOWS\System32\drivers\ma_cmidi.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"B-Control Rotary/Fader 2000 (12/23/2004,1.1.1.1)" (BCR2000) - "Behringer Spezielle Studiotechnik GmbH" - C:\WINDOWS\System32\drivers\bcr2000.sys
"BCMIDI" (BCMIDI) - "Behringer Spezielle Studiotechnik GmbH" - C:\WINDOWS\System32\Drivers\bcmidi2.sys
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"gbxavs" (gbxavs) - ? - C:\WINDOWS\System32\Drivers\gbxavs.sys  (File not found)
"gbxusb" (gbxusb) - ? - C:\WINDOWS\System32\Drivers\gbxusb.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"int15.sys" (int15.sys) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"M-Audio Ozone" (ma763008) - ? - C:\WINDOWS\System32\drivers\MA763008.sys  (File not found)
"M-Audio Ozone Midi" (USBNZ1X1) - ? - C:\WINDOWS\System32\drivers\usbnz1x1.sys  (File not found)
"MADFU008" (MADFU008) - ? - C:\WINDOWS\System32\DRIVERS\MADFU008.sys  (File not found)
"NvnUsbAudio" (NvnUsbAudio) - "Novation DMS Ltd." - C:\WINDOWS\System32\drivers\nvnusbaudio.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"Service for Delta Driver (WDM)" (DELTA) - "Midiman/M-Audio" - C:\WINDOWS\System32\DRIVERS\delta.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"SynasUSB" (SynasUSB) - ? - C:\WINDOWS\System32\drivers\SynasUSB.sys  (File not found)
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"ZDPSp50 NDIS Protocol Driver" (ZDPSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\ZDPSp50.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{CF184AD3-CDCB-4168-A3F7-8E447D129300} "CZipHandler Object" - "Hewlett-Packard Company" - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{8BE13461-936F-11D1-A87D-444553540000} "Eraser Shell Extension" - "-" - C:\WINDOWS\system32\erasext.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -  (File not found | COM-object registry key not found)
{2BB59FC0-31E8-42DA-9D3C-E9A52953853B} "ImageResizer Shell Extension" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{4C39376E-FA9D-4349-BACC-D305C1750EF3} "EPUImageControl Class" - "eBay, Inc." - C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.5.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Programme\QuickTime\QTPlugin.ocx / hxxp://www.apple.com/qtactivex/qtplugin.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.4" - "ICQ, LLC." - C:\Programme\ICQ7.4\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\CSCH1\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"eRecoveryService" - "acer Inc." - C:\Acer\Empowering Technology\eRecovery\Monitor.exe
"LaunchApp" - "Acer Inc." - Alaunch
"MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC  (File signed by Microsoft | File found, but it contains no detailed information)
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SiSPower" - "Silicon Integrated Systems Corporation" - Rundll32.exe SiSPower.dll,ModeAgent
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"KM Language Monitor" - "KYOCERA MITA Corporation" - C:\WINDOWS\system32\KMPJLMN.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"QMSZJLanguageMonitor" - "Zenographics, Inc." - C:\WINDOWS\system32\ZLMQM2.DLL
"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"M-Audio CMIDI Installer" (MA_CMIDI_InstallerService) - ? - C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
"NMSAccessU" (NMSAccessU) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

aswMBR:
Zitat:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-21 16:54:10
-----------------------------
16:54:10.171 OS Version: Windows 5.1.2600 Service Pack 3
16:54:10.171 Number of processors: 1 586 0x409
16:54:10.171 ComputerName: ACER-59DE6FF88D UserName: CSCH1
16:54:11.125 Initialize success
16:54:19.390 AVAST engine defs: 11112000
16:55:05.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
16:55:05.890 Disk 0 Vendor: ST3200826AS 3.03 Size: 190782MB BusType: 3
16:55:07.937 Disk 0 MBR read successfully
16:55:07.937 Disk 0 MBR scan
16:55:08.062 Disk 0 Windows XP default MBR code
16:55:08.093 Disk 0 scanning sectors +390716865
16:55:08.265 Disk 0 scanning C:\WINDOWS\system32\drivers
16:55:19.406 Service scanning
16:55:20.406 Modules scanning
16:55:24.609 Disk 0 trace - called modules:
16:55:24.625 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
16:55:24.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f3dab8]
16:55:24.625 3 CLASSPNP.SYS[f86b5fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x82f55b00]
16:55:25.734 AVAST engine scan C:\WINDOWS
16:55:36.046 AVAST engine scan C:\WINDOWS\system32
16:58:09.265 AVAST engine scan C:\WINDOWS\system32\drivers
16:58:48.953 AVAST engine scan C:\Dokumente und Einstellungen\CSCH1
17:00:43.531 AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:29:49.296 Scan finished successfully
17:34:18.250 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\CSCH1\Desktop\MBR.dat"
17:34:18.265 The log file has been saved successfully to "C:\Dokumente und Einstellungen\CSCH1\Desktop\aswMBR.txt"
Danke & Gruß

cosinus 21.11.2011 18:32
Zitat:
16:55:08.062 Disk 0 Windows XP default MBR code
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


sid77 21.11.2011 23:25
soo, hier die logs:


MWB:
Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8209

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

21.11.2011 19:48:09
mbam-log-2011-11-21 (19-47-59).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 331330
Time elapsed: 41 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
SAS:

Zitat:
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 11/21/2011 bei 07:58 PM

Version der Applikation : 5.0.1136

Version der Kern-Datenbank : 7967
Version der Spur-Datenbank : 5779

Scan Art : Schneller Scann
Totale Scann-Zeit : 00:00:11

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Gescannte Speicherelemente : 1
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 15523
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 148
Erfasste Datei-Elemente : 0
Zitat:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 11/21/2011 at 09:33 PM

Application Version : 5.0.1136

Core Rules Database Version : 7967
Trace Rules Database Version: 5779

Scan type : Complete Scan
Total Scan Time : 01:33:14

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 464
Memory threats detected : 0
Registry items scanned : 36643
Registry threats detected : 0
File items scanned : 161634
File threats detected : 15

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\CSCH1\Cookies\CAU7WLY5.txt [ /ww251.smartadserver.com ]
C:\Dokumente und Einstellungen\CSCH1\Cookies\CAL4Q9PB.txt [ /smartadserver.com ]
C:\Dokumente und Einstellungen\CSCH1\Cookies\CA0LEHX6.txt [ /atdmt.com ]
.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EN9IR2XV.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EN9IR2XV.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\EN9IR2XV.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-StartPage
C:\PROGRAMME\VSTPLUGINS\EFFEX\ELECTRI-Q\UNINSTALLELECTRI-Q.EXE

Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\SLHPT.DLL
C:\WINDOWS\SYSTEM32\SLIBDD.DLL
C:\WINDOWS\SYSTEM32\SOLEJTTD.DLL
C:\WINDOWS\SYSTEM32\SSLIBLWW.DLL
C:\WINDOWS\SYSTEM32\SSLIBPOP.DLL
C:\WINDOWS\SYSTEM32\SSLIBRTY.DLL
C:\WINDOWS\SYSTEM32\SSLIBSFH.DLL
C:\WINDOWS\SYSTEM32\SSLIBYTR.DLL
ESET:

Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=21d1aa7495520b4d87acc338c75f4377
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-17 04:32:45
# local_time=2011-11-17 05:32:45 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775126 100 100 520482 97055742 86521 0
# compatibility_mode=8192 67108863 100 0 3874 3874 0 0
# scanned=160206
# found=2
# cleaned=0
# scan_time=3533
C:\Programme\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll probably a variant of Win32/Delf.LQXDKYX trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{6A64D557-BC92-46F9-A643-A8B63C17348B}\RP1499\A0202559.exe Win32/TrojanDownloader.Prodatect.BK trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=21d1aa7495520b4d87acc338c75f4377
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-18 06:27:01
# local_time=2011-11-18 07:27:01 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775126 100 100 613876 97149136 179915 0
# compatibility_mode=8192 67108863 100 0 97268 97268 0 0
# scanned=153313
# found=1
# cleaned=0
# scan_time=3394
C:\Programme\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll probably a variant of Win32/Delf.LQXDKYX trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=21d1aa7495520b4d87acc338c75f4377
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-21 10:12:58
# local_time=2011-11-21 11:12:58 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 100 120582 97420788 113487 0
# compatibility_mode=8192 67108863 100 0 368920 368920 0 0
# scanned=161165
# found=1
# cleaned=0
# scan_time=4501
C:\Programme\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll probably a variant of Win32/Delf.LQXDKYX trojan (unable to clean) 00000000000000000000000000000000 I

cosinus 21.11.2011 23:35
Zitat:
Trojan.Agent/Gen-StartPage
C:\PROGRAMME\VSTPLUGINS\EFFEX\ELECTRI-Q\UNINSTALLELECTRI-Q.EXE
Das kennst du rein zufällig?

sid77 21.11.2011 23:36
jup, fx plugin. dürfte ok sein

cosinus 21.11.2011 23:43
Ok. Dann dürften das Fehalarme sein, die anderen Meldungen auch.
Rechner soweit wieder im Lot?

sid77 21.11.2011 23:45
soweit alles wieder im lot. bis auf das startmenü, da fehlen weiterhin die einträge (hab ich ja dummerweise durch die systemwiederherstellung verursacht). gibts da ne möglichkeit die wieder zurück zu holen?

auf jeden fall schonmal ein FETTES DANKE!!! ganz großer sport hier :)

sid77 22.11.2011 00:03
ok, nach neustart wieder alles da :party:

danke & weiter so !!!

cosinus 22.11.2011 00:07
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19