Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner: PSW.Generic9.RDX in services.exe (908) (https://www.trojaner-board.de/108454-trojaner-psw-generic9-rdx-services-exe-908-a.html)

Wurschtkopp 22.01.2012 17:40
Trojaner: PSW.Generic9.RDX in services.exe (908)
 
Hallo,

gestern wurde mein PC (Windows XP) plötzlich sehr langsam und hatte Probleme beim Booten. Der Bildschirm wurde beim hochfahren irgendwann schwarz und es war nur die Maus zu sehen. Danach passierte nichts mehr. Wenn ich dann über den Reset-Knopf nochmal neu gestartet habe, fuhr er (etwas langsamer) hoch. Habe daraufhin einen Virenscan mit AVG-Free gemacht. Der zeigte mir folgendes an:

C:\Windows\system32\services.exe (908) | Infektion: Trojaner: PSW.Generic9.RDX | Ergebnis: gelöscht

C:\Windows\system32\services.exe (908):\memory_00d10000 | Infektion: Trojaner: PSW.Generic9.RDX | Ergebnis: infiziert

Darüber hinaus noch folgende Information:

C:\Programme\Gemeinsame Dateien\DVDVideoSoft\TB\Conduitinstaller.exe | Die Datei wurde von einer beschädigten digitalen Signatur signiert.


Habe daraufhin auch schon Spybot und Malwarebytes drüber laufen lassen. Die haben das Problem nicht gefunden. Habe es dann nochmal im abgesicherten Modus mit dem AVG Scanner probiert. Da wurde aber nur die letzte Information angezeigt. Habe es dann noch über die AVG Rescue CD versucht, aber auch ohne Erfolg. Jetzt habe ich nochmal einen Test mit AVG Free gemacht und das Resultat war wieder genau dasselbe.
Heute habe ich auch nicht das Gefühl, dass der Computer viel langsamer ist.

Soviel zu den Symptomen. Ich hoffe ihr könnt mir helfen :)

Hier mein OTL-Log:

OTL Logfile:
Code:
OTL logfile created on: 22.01.2012 16:05:34 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = G:\Downloads\Virus
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 78,65% Memory free
4,34 Gb Paging File | 3,86 Gb Available in Paging File | 88,81% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34,47 Gb Total Space | 13,92 Gb Free Space | 40,39% Space Free | Partition Type: NTFS
Drive G: | 186,31 Gb Total Space | 78,46 Gb Free Space | 42,11% Space Free | Partition Type: NTFS
 
Computer Name: ICH-0112C52BCD8 | User Name: Ich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.22 16:04:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\Downloads\Virus\OTL.exe
PRC - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.09.10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe
PRC - [2011.09.09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgnsx.exe
PRC - [2011.08.18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe
PRC - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.05.23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe
PRC - [2011.03.16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgemcx.exe
PRC - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe
PRC - [2010.12.05 22:21:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- G:\Programme\Java\bin\jqs.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- G:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- g:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- G:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.09.22 20:18:18 | 000,040,960 | ---- | M] (Topdownloads Networks) -- G:\Programme\Wallpaper Juggler\WallPaperJugglerM.exe
PRC - [2003.10.06 07:57:32 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- G:\Programme\CDBurnerXP\NMSAccessU.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- G:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.04.01 19:10:57 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.12.05 22:21:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- G:\Programme\Java\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- G:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- g:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] --  -- (xcpip)
DRV - [2011.11.03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011.11.03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011.05.27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.02.10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.01.07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.08.18 18:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008.08.01 11:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008.08.01 11:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.04.13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.11.03 21:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004.08.13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003.11.19 03:13:54 | 000,366,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003.11.05 07:26:02 | 000,645,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003.10.21 10:26:08 | 000,904,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003.10.21 10:23:44 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003.10.14 04:17:56 | 000,332,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003.10.13 10:42:12 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003.10.08 03:09:10 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003.10.08 03:08:12 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003.10.08 03:06:50 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003.03.05 08:07:46 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfDetNT)
DRV - [2001.08.17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1416
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:3.4
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: G:\Programme\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: G:\Programme\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: G:\Programme\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: G:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: G:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: G:\Programme\Java\lib\deploy\jqs\ff [2010.12.05 22:21:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2011.12.22 18:55:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: G:\Programme\Mozilla Firefox\components [2011.12.23 14:13:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: G:\Programme\Mozilla Firefox\plugins [2012.01.13 11:20:59 | 000,000,000 | ---D | M]
 
[2010.10.24 21:55:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Extensions
[2012.01.15 17:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions
[2011.04.03 13:07:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.15 17:22:41 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011.09.25 10:28:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.24 14:37:43 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\fastdial@telega.phpnet.us
[2011.02.05 15:34:22 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\firefox@tvunetworks.com
[2010.11.11 10:01:55 | 000,002,057 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\searchplugins\youtube-videosuche.xml
[2011.12.22 18:55:38 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAMME\AVG\AVG10\FIREFOX4
[2010.12.05 22:21:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- G:\PROGRAMME\JAVA\LIB\DEPLOY\JQS\FF
 
O1 HOSTS File: ([2010.10.25 20:58:10 | 000,423,305 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 14591 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Programme\Java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Wallpaper Juggler Monitor] G:\Programme\Wallpaper Juggler\WallpaperJugglerM.exe (Topdownloads Networks)
O4 - HKCU..\Run: [SpybotSD TeaTimer] G:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A5EBAF6-9EB2-4AB4-B120-39D2E8040FE7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.24 13:48:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell\AutoRun\command - "" = D:\ASUSACPI.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E6C79398-8351-A195-39DA-98768D40FCB8} - Java (Sun)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Ich^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: FlashPlayerUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - G:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.22 12:50:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2012.01.22 12:42:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.01.22 12:36:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Simply Super Software
[2012.01.22 12:36:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Simply Super Software
[2012.01.21 23:21:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Malwarebytes
[2012.01.21 23:21:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.01.21 22:18:14 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Ich\Recent
[2012.01.13 12:18:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Desktop\Aktuell
[2012.01.06 12:04:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Exodus-Logs
[2012.01.06 11:52:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Exodus
[2012.01.06 11:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Exodus
[2012.01.06 11:50:52 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl70.dll
[2012.01.06 11:50:52 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2012.01.06 11:46:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.purple
[2012.01.04 10:22:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight
[2012.01.04 10:22:47 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2011.12.29 20:37:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Calibre Bibliothek
[2011.12.29 20:36:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\calibre
[2011.12.29 20:36:28 | 000,000,000 | ---D | C] -- C:\Programme\Calibre2
[2011.12.29 20:36:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\calibre - E-book Management
[2011.12.28 14:55:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Deluxe Ski Jump 4
[2011.12.24 11:32:53 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2011.12.24 11:32:53 | 000,369,152 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2011.12.24 11:32:53 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2011.12.24 11:32:53 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2011.12.24 11:32:53 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5
[2010.10.24 14:27:19 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2010.10.24 14:27:09 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.22 16:03:47 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\defogger_reenable
[2012.01.22 16:02:35 | 004,932,286 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000008-00001102-00000004-20021102}.CDF
[2012.01.22 16:01:07 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.22 15:59:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.22 14:40:37 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx
[2012.01.22 14:40:37 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx
[2012.01.22 14:40:37 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx
[2012.01.22 14:40:37 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx
[2012.01.22 14:40:37 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012.01.22 14:40:37 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012.01.22 14:40:37 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.dat
[2012.01.22 14:40:37 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000008-00001102-00000004-20021102}.dat
[2012.01.22 14:30:02 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.22 14:20:32 | 087,204,930 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012.01.21 09:43:49 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.18 11:29:45 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012.01.18 10:45:49 | 000,182,687 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\artikel_zahnersatz.pdf
[2012.01.18 10:42:54 | 001,371,215 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118104151.pdf
[2012.01.18 10:28:33 | 005,970,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_AlleProdukte_120118102759.pdf
[2012.01.18 10:28:22 | 000,680,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118102759.pdf
[2012.01.18 10:24:38 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.01.18 10:24:38 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.01.17 19:04:48 | 000,125,227 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012.01.16 22:42:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.01.06 11:52:44 | 000,000,552 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Exodus.lnk
[2012.01.01 21:09:23 | 000,515,730 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.01.01 21:09:23 | 000,492,614 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.01 21:09:23 | 000,100,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.01.01 21:09:23 | 000,083,262 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.01 21:09:23 | 000,064,045 | ---- | M] () -- C:\WINDOWS\System32\perfh009.gnq
[2011.12.29 20:36:37 | 000,000,699 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\calibre - E-book management.lnk
[2011.12.28 12:29:02 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.12.24 12:10:09 | 000,093,184 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.24 12:04:18 | 036,279,914 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6158.MOV.AVI
[2011.12.24 12:02:10 | 022,097,482 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6432.MOV.AVI
[2011.12.24 12:00:34 | 034,084,426 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6650.MOV.AVI
[2011.12.24 11:54:55 | 013,344,466 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6069.MOV.AVI
[2011.12.24 11:50:53 | 113,229,636 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6717.MOV.AVI
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.22 16:03:47 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\defogger_reenable
[2012.01.18 10:45:49 | 000,182,687 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\artikel_zahnersatz.pdf
[2012.01.18 10:42:54 | 001,371,215 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118104151.pdf
[2012.01.18 10:28:33 | 005,970,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_AlleProdukte_120118102759.pdf
[2012.01.18 10:28:22 | 000,680,464 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118102759.pdf
[2012.01.06 11:52:44 | 000,000,552 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Exodus.lnk
[2011.12.30 16:41:35 | 034,084,426 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6650.MOV.AVI
[2011.12.30 16:41:33 | 022,097,482 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6432.MOV.AVI
[2011.12.30 16:41:31 | 036,279,914 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6158.MOV.AVI
[2011.12.29 20:36:37 | 000,000,699 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\calibre - E-book management.lnk
[2011.12.24 11:54:06 | 013,344,466 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6069.MOV.AVI
[2011.12.24 11:45:06 | 113,229,636 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6717.MOV.AVI
[2011.12.24 11:32:53 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011.08.25 20:00:28 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2011.08.17 09:25:04 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.08.17 09:25:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.07.16 14:26:27 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\ShiftN.ini
[2011.07.13 18:58:34 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011.06.22 17:01:53 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2011.05.01 15:21:18 | 000,508,942 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1123561945-1708537768-1801674531-1004-0.dat
[2011.05.01 15:21:17 | 000,187,766 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.03.30 15:54:49 | 000,049,288 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.01.31 21:21:31 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011.01.31 20:59:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.12.14 17:07:00 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.11.23 21:13:31 | 000,240,848 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010.11.23 21:13:29 | 000,240,848 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010.11.23 21:13:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010.11.23 21:13:23 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.11.21 20:08:50 | 000,000,484 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010.11.06 11:54:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2010.10.25 21:30:08 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2010.10.25 21:30:08 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL
[2010.10.25 21:30:08 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2010.10.25 21:30:07 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2010.10.25 21:29:52 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\Ppiv20.dll
[2010.10.25 21:29:51 | 000,172,544 | ---- | C] () -- C:\WINDOWS\Mgxclean.exe
[2010.10.24 21:55:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.10.24 15:58:27 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.dat
[2010.10.24 15:58:27 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000008-00001102-00000004-20021102}.dat
[2010.10.24 15:41:16 | 000,093,184 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.24 14:40:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.10.24 14:38:05 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.24 14:28:14 | 000,000,075 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2010.10.24 14:28:09 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2010.10.24 14:28:08 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2010.10.24 14:27:34 | 000,043,517 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2010.10.24 14:27:34 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010.10.24 14:27:24 | 000,298,971 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010.10.24 14:27:23 | 000,264,466 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010.10.24 14:27:23 | 000,230,201 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010.10.24 14:27:23 | 000,217,272 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010.10.24 14:27:23 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010.10.24 14:27:22 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010.10.24 14:27:22 | 000,112,411 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010.10.24 14:27:20 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2010.10.24 14:27:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2010.10.24 14:27:19 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2010.10.24 14:27:19 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2010.10.24 14:27:02 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2010.10.24 14:05:17 | 000,000,269 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2010.10.24 14:05:10 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010.10.24 14:05:09 | 000,005,396 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.10.24 14:05:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010.10.24 13:49:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.10.24 13:46:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.08.02 23:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.08.02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.08.02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.04.14 07:06:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006.12.31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.11.02 17:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004.08.04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 13:00:00 | 000,515,730 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 13:00:00 | 000,492,614 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 13:00:00 | 000,100,120 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 13:00:00 | 000,083,262 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.11.24 17:45:54 | 000,000,000 | -H-D | M] -- C:\$AVG
[2010.11.06 11:54:57 | 000,000,000 | -H-D | M] -- C:\BJPrinter
[2012.01.22 13:06:10 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2012.01.22 12:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2010.10.25 21:02:07 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.01.31 21:18:04 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.01.22 13:00:08 | 000,000,000 | R--D | M] -- C:\Programme
[2010.10.24 22:02:01 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010.10.24 13:51:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.22 12:45:11 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: AFD.SYS  >
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.13 23:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: IPSEC.SYS  >
[2008.04.13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2008.04.13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
 
< MD5 for: REGEDIT.EXE  >
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-21 14:19:38
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2

< End of report >
--- --- ---




Gmer-Log und Extras.txt sind als zip im Anhang.

Ich bin heute noch den ganzen Abend am PC, dann bin ich erstmal die nächsten drei Tage im Urlaub. Wenn ich mich also dann nicht melde, ist es nicht aus Unhöflichkeit, sondern weil ich nicht da bin :)

Vielen Dank!

cosinus 23.01.2012 14:28
Zitat:
Habe daraufhin auch schon Spybot und Malwarebytes drüber laufen lassen. Die haben das Problem nicht gefunden.
Bitte trotzdem alle Logs von malwarebytes posten

Wurschtkopp 26.01.2012 20:25
Hallo,

ich habe jetzt Malwarebytes nochmal aktualisiert und einen vollständigen Scan gemacht. Dabei wurde noch "Trojan.FakeMS" in C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Sun\Java\Deployment\cache\.... gefunden. Der befindet sich jetzt in Quarantäne. Habe danach nochmal AVG drüber laufen lassen. Da hat sich nichts geändert. Danach habe ich nochmal alle Logfiles neu erstellt. Allerdings hat OTL mir keine Extras.txt mehr ausgespuckt.

Hier der OTL Log:
OTL Logfile:
Code:
OTL logfile created on: 26.01.2012 20:08:07 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = G:\Downloads\Virus
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 80,02% Memory free
4,34 Gb Paging File | 3,94 Gb Available in Paging File | 90,62% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34,47 Gb Total Space | 14,65 Gb Free Space | 42,49% Space Free | Partition Type: NTFS
Drive G: | 186,31 Gb Total Space | 79,74 Gb Free Space | 42,80% Space Free | Partition Type: NTFS
 
Computer Name: ICH-0112C52BCD8 | User Name: Ich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.22 16:04:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\Downloads\Virus\OTL.exe
PRC - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.09.10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe
PRC - [2011.09.09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgnsx.exe
PRC - [2011.08.18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe
PRC - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.05.23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe
PRC - [2011.03.28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgcsrvx.exe
PRC - [2011.03.16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgemcx.exe
PRC - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe
PRC - [2010.12.05 22:21:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- G:\Programme\Java\bin\jqs.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- G:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- g:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.09.22 20:18:18 | 000,040,960 | ---- | M] (Topdownloads Networks) -- G:\Programme\Wallpaper Juggler\WallPaperJugglerM.exe
PRC - [2003.10.06 07:57:32 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.03 14:10:46 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- G:\Programme\CDBurnerXP\NMSAccessU.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.04.01 19:10:57 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.12.05 22:21:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- G:\Programme\Java\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- G:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- g:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] --  -- (xcpip)
DRV - [2011.05.27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.02.10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.01.07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.08.18 18:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008.08.01 11:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008.08.01 11:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.04.13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.11.03 21:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004.08.13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003.11.19 03:13:54 | 000,366,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003.11.05 07:26:02 | 000,645,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003.10.21 10:26:08 | 000,904,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003.10.21 10:23:44 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003.10.14 04:17:56 | 000,332,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003.10.13 10:42:12 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003.10.08 03:09:10 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003.10.08 03:08:12 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003.10.08 03:06:50 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003.03.05 08:07:46 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfDetNT)
DRV - [2001.08.17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1416
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:3.4
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: G:\Programme\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: G:\Programme\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: G:\Programme\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: G:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: G:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: G:\Programme\Java\lib\deploy\jqs\ff [2010.12.05 22:21:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2011.12.22 18:55:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: G:\Programme\Mozilla Firefox\components [2011.12.23 14:13:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: G:\Programme\Mozilla Firefox\plugins [2012.01.13 11:20:59 | 000,000,000 | ---D | M]
 
[2010.10.24 21:55:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Extensions
[2012.01.26 13:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions
[2011.04.03 13:07:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.15 17:22:41 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011.11.24 14:37:43 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\fastdial@telega.phpnet.us
[2011.02.05 15:34:22 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\firefox@tvunetworks.com
[2010.11.11 10:01:55 | 000,002,057 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\searchplugins\youtube-videosuche.xml
[2011.12.22 18:55:38 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAMME\AVG\AVG10\FIREFOX4
[2010.12.05 22:21:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- G:\PROGRAMME\JAVA\LIB\DEPLOY\JQS\FF
 
O1 HOSTS File: ([2010.10.25 20:58:10 | 000,423,305 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 14591 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Programme\Java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Wallpaper Juggler Monitor] G:\Programme\Wallpaper Juggler\WallpaperJugglerM.exe (Topdownloads Networks)
O4 - HKCU..\Run: [SpybotSD TeaTimer] G:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A5EBAF6-9EB2-4AB4-B120-39D2E8040FE7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.24 13:48:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell\AutoRun\command - "" = D:\ASUSACPI.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E6C79398-8351-A195-39DA-98768D40FCB8} - Java (Sun)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Ich^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: FlashPlayerUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - G:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.26 13:32:06 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Ich\Recent
[2012.01.26 10:43:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.01.26 10:43:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.26 10:43:15 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.01.22 12:50:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2012.01.22 12:42:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.01.22 12:36:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Simply Super Software
[2012.01.22 12:36:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Simply Super Software
[2012.01.21 23:21:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Malwarebytes
[2012.01.21 23:21:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.01.13 12:18:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Desktop\Aktuell
[2012.01.06 12:04:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Exodus-Logs
[2012.01.06 11:52:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Exodus
[2012.01.06 11:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Exodus
[2012.01.06 11:46:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.purple
[2012.01.04 10:22:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight
[2012.01.04 10:22:47 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2011.12.29 20:37:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Calibre Bibliothek
[2011.12.29 20:36:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\calibre
[2011.12.29 20:36:28 | 000,000,000 | ---D | C] -- C:\Programme\Calibre2
[2011.12.29 20:36:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\calibre - E-book Management
[2011.12.28 14:55:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Deluxe Ski Jump 4
[2010.10.24 14:27:19 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2010.10.24 14:27:09 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.26 19:30:33 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.26 19:30:23 | 004,932,286 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000008-00001102-00000004-20021102}.CDF
[2012.01.26 19:29:40 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.26 19:29:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.26 14:59:30 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx
[2012.01.26 14:59:30 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx
[2012.01.26 14:59:30 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx
[2012.01.26 14:59:30 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx
[2012.01.26 14:59:30 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012.01.26 14:59:30 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012.01.26 14:59:30 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.dat
[2012.01.26 14:59:30 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000008-00001102-00000004-20021102}.dat
[2012.01.26 10:45:38 | 087,445,650 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012.01.26 10:43:20 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.26 10:38:44 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.22 16:03:47 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\defogger_reenable
[2012.01.18 11:29:45 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012.01.18 10:45:49 | 000,182,687 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\artikel_zahnersatz.pdf
[2012.01.18 10:42:54 | 001,371,215 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118104151.pdf
[2012.01.18 10:28:33 | 005,970,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_AlleProdukte_120118102759.pdf
[2012.01.18 10:28:22 | 000,680,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118102759.pdf
[2012.01.18 10:24:38 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.01.18 10:24:38 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.01.17 19:04:48 | 000,125,227 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012.01.16 22:42:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.01.06 11:52:44 | 000,000,552 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Exodus.lnk
[2012.01.01 21:09:23 | 000,515,730 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.01.01 21:09:23 | 000,492,614 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.01 21:09:23 | 000,100,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.01.01 21:09:23 | 000,083,262 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.01 21:09:23 | 000,064,045 | ---- | M] () -- C:\WINDOWS\System32\perfh009.gnq
[2011.12.29 20:36:37 | 000,000,699 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\calibre - E-book management.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.26 10:43:20 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.22 16:03:47 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\defogger_reenable
[2012.01.18 10:45:49 | 000,182,687 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\artikel_zahnersatz.pdf
[2012.01.18 10:42:54 | 001,371,215 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118104151.pdf
[2012.01.18 10:28:33 | 005,970,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_AlleProdukte_120118102759.pdf
[2012.01.18 10:28:22 | 000,680,464 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118102759.pdf
[2012.01.06 11:52:44 | 000,000,552 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Exodus.lnk
[2011.12.30 16:41:35 | 034,084,426 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6650.MOV.AVI
[2011.12.30 16:41:33 | 022,097,482 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6432.MOV.AVI
[2011.12.30 16:41:31 | 036,279,914 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\MVI_6158.MOV.AVI
[2011.12.29 20:36:37 | 000,000,699 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\calibre - E-book management.lnk
[2011.12.24 11:32:53 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011.08.25 20:00:28 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2011.08.17 09:25:04 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.08.17 09:25:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.07.16 14:26:27 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\ShiftN.ini
[2011.07.13 18:58:34 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011.06.22 17:01:53 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2011.05.01 15:21:18 | 000,508,942 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1123561945-1708537768-1801674531-1004-0.dat
[2011.05.01 15:21:17 | 000,187,766 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.03.30 15:54:49 | 000,049,288 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.01.31 21:21:31 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011.01.31 20:59:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.12.14 17:07:00 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.11.23 21:13:31 | 000,240,848 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010.11.23 21:13:29 | 000,240,848 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010.11.23 21:13:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010.11.23 21:13:23 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.11.21 20:08:50 | 000,000,484 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010.11.06 11:54:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2010.10.25 21:30:08 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2010.10.25 21:30:08 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL
[2010.10.25 21:30:08 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2010.10.25 21:30:07 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2010.10.25 21:29:52 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\Ppiv20.dll
[2010.10.25 21:29:51 | 000,172,544 | ---- | C] () -- C:\WINDOWS\Mgxclean.exe
[2010.10.24 21:55:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.10.24 15:58:27 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.dat
[2010.10.24 15:58:27 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000008-00001102-00000004-20021102}.dat
[2010.10.24 15:41:16 | 000,093,184 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.24 14:40:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.10.24 14:38:05 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.24 14:28:14 | 000,000,075 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2010.10.24 14:28:09 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2010.10.24 14:28:08 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2010.10.24 14:27:34 | 000,043,517 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2010.10.24 14:27:34 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010.10.24 14:27:24 | 000,298,971 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010.10.24 14:27:23 | 000,264,466 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010.10.24 14:27:23 | 000,230,201 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010.10.24 14:27:23 | 000,217,272 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010.10.24 14:27:23 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010.10.24 14:27:22 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010.10.24 14:27:22 | 000,112,411 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010.10.24 14:27:20 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2010.10.24 14:27:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2010.10.24 14:27:19 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2010.10.24 14:27:19 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2010.10.24 14:27:02 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2010.10.24 14:05:17 | 000,000,269 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2010.10.24 14:05:10 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010.10.24 14:05:09 | 000,005,396 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.10.24 14:05:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010.10.24 13:49:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.10.24 13:46:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.08.02 23:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.08.02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.08.02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.04.14 07:06:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006.12.31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.11.02 17:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004.08.04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 13:00:00 | 000,515,730 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 13:00:00 | 000,492,614 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 13:00:00 | 000,100,120 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 13:00:00 | 000,083,262 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2011.05.06 19:58:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10
[2011.04.05 14:57:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BMWiSoftware
[2010.12.14 17:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.05.14 09:23:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2011.11.24 13:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2010.12.04 12:24:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAXQDA10
[2011.05.06 19:57:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2011.07.02 16:48:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Phase One
[2012.01.22 12:58:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.05.22 13:16:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VirtualizedApplications
[2010.12.07 22:09:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.06.20 22:09:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.#
[2012.01.06 11:50:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.purple
[2011.08.08 19:12:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Acumen Business Systems Ltd
[2012.01.22 16:31:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Alpen 3D Online
[2010.10.24 22:02:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\AVG10
[2011.12.29 20:41:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\calibre
[2010.12.14 17:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Canneverbe Limited
[2011.03.31 20:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Canon
[2011.05.22 11:28:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Duden
[2011.09.25 10:28:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\DVDVideoSoft
[2011.09.25 10:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.01.06 12:59:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Exodus
[2011.12.17 14:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\FILEminimizerPictures
[2011.11.24 13:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Haufe
[2010.11.21 21:07:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Leadertech
[2010.11.05 17:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\MAXQDA10
[2011.06.21 12:39:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\PersBackup5
[2011.05.01 14:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\rooms-configurator
[2012.01.22 12:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Simply Super Software
[2011.05.29 17:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\SoftGrid Client
[2011.08.11 10:22:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\TP
[2011.08.25 18:46:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Unity
[2011.12.07 21:36:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\WordToPDF
[2012.01.18 11:29:45 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.11.24 17:45:54 | 000,000,000 | -H-D | M] -- C:\$AVG
[2010.11.06 11:54:57 | 000,000,000 | -H-D | M] -- C:\BJPrinter
[2012.01.22 16:38:51 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2012.01.22 12:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2010.10.25 21:02:07 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.01.31 21:18:04 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.01.26 19:17:11 | 000,000,000 | R--D | M] -- C:\Programme
[2010.10.24 22:02:01 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010.10.24 13:51:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.26 19:29:57 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: AFD.SYS  >
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.13 23:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: IPSEC.SYS  >
[2008.04.13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2008.04.13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
 
< MD5 for: REGEDIT.EXE  >
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-21 14:19:38
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2

< End of report >
--- --- ---


Und im Anhang Malwarebytes und die gmer.txt.


Vielen Dank schonmal!

cosinus 26.01.2012 21:17
Zitat:
und einen vollständigen Scan gemacht.
Dann auch bitte das Log mit den Funden posten und nicht eins ohne Funde.

Wurschtkopp 27.01.2012 10:36
Hallo,

im Anhang der Log mit dem Fund. Musste den Scan leider abbrechen, weil ich schnell weg musste.
Wie gesagt, oben ist dann nochmal der Log von einem vollständigen Scan danach.

cosinus 27.01.2012 11:07
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Wurschtkopp 28.01.2012 13:54
Hallo und danke für die schnelle Antwort!

Hier das neue Log:

Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=431649e9b6f012408bd5b5443eddc38c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-28 12:48:57
# local_time=2012-01-28 01:48:57 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777189 100 95 96524 70924879 0 0
# compatibility_mode=8192 67108863 100 0 3802 3802 0 0
# scanned=111350
# found=3
# cleaned=0
# scan_time=5023
C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\16\1eddb450-1b6c4d03 Java/Exploit.CVE-2011-3544.AC trojan (unable to clean) 00000000000000000000000000000000 I
G:\Downloads\cnet_gantt-chart_L_zip.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
G:\Downloads\PDFCreator-1_2_3_setup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I

cosinus 29.01.2012 18:37
Zitat:
G:\Downloads\cnet_gantt-chart_L_zip.exe
Was ist das genau und aus welcher Quelle stammt das?

Wurschtkopp 30.01.2012 10:33
Hallo,

die Datei ist ein Excel-Template zum Erstellen von Gantt-Charts. Ist schon lange her, dass ich das gebraucht habe. Habe es aber nochmal gegooglet und ich nehme an, dass ich es direkt von download.cnet.com runtergeladen habe (hxxp://download.cnet.com/Gantt-Chart-Template-for-Excel/3010-2076_4-75326607.html).

cosinus 30.01.2012 10:41
Dann ist es wohl ein Fehlalarm.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Wurschtkopp 30.01.2012 11:06
Das ging ja mal wieder schnell. Danke :)

Hier das neue Log:

OTL Logfile:
Code:
OTL logfile created on: 30.01.2012 10:56:46 - Run 5
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\Ich\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 76,77% Memory free
4,34 Gb Paging File | 3,81 Gb Available in Paging File | 87,65% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34,47 Gb Total Space | 14,45 Gb Free Space | 41,92% Space Free | Partition Type: NTFS
Drive G: | 186,31 Gb Total Space | 79,74 Gb Free Space | 42,80% Space Free | Partition Type: NTFS
 
Computer Name: ICH-0112C52BCD8 | User Name: Ich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.22 16:04:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ich\Desktop\OTL.exe
PRC - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.09.10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe
PRC - [2011.09.09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgnsx.exe
PRC - [2011.08.18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe
PRC - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.05.23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe
PRC - [2011.03.28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgcsrvx.exe
PRC - [2011.03.16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgemcx.exe
PRC - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe
PRC - [2010.12.05 22:21:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- G:\Programme\Java\bin\jqs.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- G:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- g:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- G:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.09.22 20:18:18 | 000,040,960 | ---- | M] (Topdownloads Networks) -- G:\Programme\Wallpaper Juggler\WallPaperJugglerM.exe
PRC - [2003.10.06 07:57:32 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- G:\Programme\CDBurnerXP\NMSAccessU.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.04.01 19:10:57 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.12.05 22:21:46 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- G:\Programme\Java\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- G:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- g:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] --  -- (xcpip)
DRV - [2011.05.27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.02.10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.01.07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.08.18 18:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008.08.01 11:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008.08.01 11:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.04.13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.11.03 21:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004.08.13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003.11.19 03:13:54 | 000,366,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003.11.05 07:26:02 | 000,645,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003.10.21 10:26:08 | 000,904,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003.10.21 10:23:44 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003.10.14 04:17:56 | 000,332,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003.10.13 10:42:12 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003.10.08 03:09:10 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003.10.08 03:08:12 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003.10.08 03:06:50 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003.03.05 08:07:46 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfDetNT)
DRV - [2001.08.17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1416
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:3.4
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: G:\Programme\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: G:\Programme\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: G:\Programme\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: G:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: G:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: G:\Programme\Java\lib\deploy\jqs\ff [2010.12.05 22:21:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2011.12.22 18:55:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: G:\Programme\Mozilla Firefox\components [2011.12.23 14:13:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: G:\Programme\Mozilla Firefox\plugins [2012.01.13 11:20:59 | 000,000,000 | ---D | M]
 
[2010.10.24 21:55:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Extensions
[2012.01.26 13:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions
[2011.04.03 13:07:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.15 17:22:41 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011.11.24 14:37:43 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\fastdial@telega.phpnet.us
[2011.02.05 15:34:22 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\extensions\firefox@tvunetworks.com
[2010.11.11 10:01:55 | 000,002,057 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\searchplugins\youtube-videosuche.xml
[2011.12.22 18:55:38 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAMME\AVG\AVG10\FIREFOX4
[2010.12.05 22:21:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- G:\PROGRAMME\JAVA\LIB\DEPLOY\JQS\FF
 
O1 HOSTS File: ([2010.10.25 20:58:10 | 000,423,305 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 14591 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Programme\Java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Wallpaper Juggler Monitor] G:\Programme\Wallpaper Juggler\WallpaperJugglerM.exe (Topdownloads Networks)
O4 - HKCU..\Run: [SpybotSD TeaTimer] G:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A5EBAF6-9EB2-4AB4-B120-39D2E8040FE7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.24 13:48:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell\AutoRun\command - "" = D:\ASUSACPI.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Ich^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: FlashPlayerUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - G:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E6C79398-8351-A195-39DA-98768D40FCB8} - Java (Sun)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.28 12:22:13 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.01.26 20:15:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ich\Desktop\OTL.exe
[2012.01.26 13:32:06 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Ich\Recent
[2012.01.26 10:43:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.01.26 10:43:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.26 10:43:15 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.01.22 12:50:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2012.01.22 12:42:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.01.22 12:36:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Simply Super Software
[2012.01.22 12:36:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Simply Super Software
[2012.01.21 23:21:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Malwarebytes
[2012.01.21 23:21:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.01.13 12:18:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Desktop\Aktuell
[2012.01.06 12:04:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Exodus-Logs
[2012.01.06 11:52:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Exodus
[2012.01.06 11:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Exodus
[2012.01.06 11:46:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.purple
[2012.01.04 10:22:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight
[2012.01.04 10:22:47 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2010.10.24 14:27:19 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2010.10.24 14:27:09 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.30 10:45:24 | 004,932,286 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000008-00001102-00000004-20021102}.CDF
[2012.01.30 10:45:08 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.30 10:44:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.29 17:48:20 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx
[2012.01.29 17:48:20 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx
[2012.01.29 17:48:20 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx
[2012.01.29 17:48:20 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000008-00001102-00000004-20021102}.rfx
[2012.01.29 17:48:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012.01.29 17:48:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012.01.29 17:48:20 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.dat
[2012.01.29 17:48:20 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000008-00001102-00000004-20021102}.dat
[2012.01.29 17:30:04 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.29 13:38:35 | 087,711,695 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012.01.26 10:43:20 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.26 10:38:44 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.22 16:04:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ich\Desktop\OTL.exe
[2012.01.22 16:03:47 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\defogger_reenable
[2012.01.18 11:29:45 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012.01.18 10:45:49 | 000,182,687 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\artikel_zahnersatz.pdf
[2012.01.18 10:42:54 | 001,371,215 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118104151.pdf
[2012.01.18 10:28:33 | 005,970,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_AlleProdukte_120118102759.pdf
[2012.01.18 10:28:22 | 000,680,464 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118102759.pdf
[2012.01.18 10:24:38 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.01.18 10:24:38 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.01.17 19:04:48 | 000,125,227 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012.01.16 22:42:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.01.06 11:52:44 | 000,000,552 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Exodus.lnk
[2012.01.01 21:09:23 | 000,515,730 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.01.01 21:09:23 | 000,492,614 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.01 21:09:23 | 000,100,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.01.01 21:09:23 | 000,083,262 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.01 21:09:23 | 000,064,045 | ---- | M] () -- C:\WINDOWS\System32\perfh009.gnq
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.26 10:43:20 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.22 16:03:47 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\defogger_reenable
[2012.01.18 10:45:49 | 000,182,687 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\artikel_zahnersatz.pdf
[2012.01.18 10:42:54 | 001,371,215 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118104151.pdf
[2012.01.18 10:28:33 | 005,970,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_AlleProdukte_120118102759.pdf
[2012.01.18 10:28:22 | 000,680,464 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\test_Krankenkassen_120118102759.pdf
[2012.01.06 11:52:44 | 000,000,552 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Desktop\Exodus.lnk
[2011.12.24 11:32:53 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011.08.25 20:00:28 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2011.08.17 09:25:04 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.08.17 09:25:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.07.16 14:26:27 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\ShiftN.ini
[2011.07.13 18:58:34 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011.06.22 17:01:53 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2011.05.01 15:21:18 | 000,508,942 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1123561945-1708537768-1801674531-1004-0.dat
[2011.05.01 15:21:17 | 000,187,766 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.03.30 15:54:49 | 000,049,288 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.01.31 21:21:31 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011.01.31 20:59:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.12.14 17:07:00 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.11.23 21:13:31 | 000,240,848 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010.11.23 21:13:29 | 000,240,848 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010.11.23 21:13:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010.11.23 21:13:23 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.11.21 20:08:50 | 000,000,484 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010.11.06 11:54:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2010.10.25 21:30:08 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2010.10.25 21:30:08 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL
[2010.10.25 21:30:08 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2010.10.25 21:30:07 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2010.10.25 21:29:52 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\Ppiv20.dll
[2010.10.25 21:29:51 | 000,172,544 | ---- | C] () -- C:\WINDOWS\Mgxclean.exe
[2010.10.24 21:55:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.10.24 15:58:27 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000008-00001102-00000004-20021102}.dat
[2010.10.24 15:58:27 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000008-00001102-00000004-20021102}.dat
[2010.10.24 15:41:16 | 000,093,184 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.24 14:40:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.10.24 14:38:05 | 000,224,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.24 14:28:14 | 000,000,075 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2010.10.24 14:28:09 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2010.10.24 14:28:08 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2010.10.24 14:27:34 | 000,043,517 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2010.10.24 14:27:34 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010.10.24 14:27:24 | 000,298,971 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010.10.24 14:27:23 | 000,264,466 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010.10.24 14:27:23 | 000,230,201 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010.10.24 14:27:23 | 000,217,272 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010.10.24 14:27:23 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010.10.24 14:27:22 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010.10.24 14:27:22 | 000,112,411 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010.10.24 14:27:20 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2010.10.24 14:27:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2010.10.24 14:27:19 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2010.10.24 14:27:19 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2010.10.24 14:27:02 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2010.10.24 14:05:17 | 000,000,269 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2010.10.24 14:05:10 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010.10.24 14:05:09 | 000,005,396 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.10.24 14:05:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010.10.24 13:49:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.10.24 13:46:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.08.02 23:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.08.02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.08.02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.04.14 07:06:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006.12.31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.11.02 17:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004.08.04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 13:00:00 | 000,515,730 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 13:00:00 | 000,492,614 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 13:00:00 | 000,100,120 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 13:00:00 | 000,083,262 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2011.05.06 19:58:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10
[2011.04.05 14:57:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BMWiSoftware
[2010.12.14 17:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.05.14 09:23:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2011.11.24 13:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2010.12.04 12:24:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAXQDA10
[2011.05.06 19:57:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2011.07.02 16:48:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Phase One
[2012.01.22 12:58:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.05.22 13:16:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VirtualizedApplications
[2010.12.07 22:09:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.06.20 22:09:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.#
[2012.01.06 11:50:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.purple
[2011.08.08 19:12:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Acumen Business Systems Ltd
[2012.01.22 16:31:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Alpen 3D Online
[2010.10.24 22:02:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\AVG10
[2011.12.29 20:41:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\calibre
[2010.12.14 17:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Canneverbe Limited
[2011.03.31 20:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Canon
[2011.05.22 11:28:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Duden
[2011.09.25 10:28:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\DVDVideoSoft
[2011.09.25 10:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.01.06 12:59:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Exodus
[2011.12.17 14:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\FILEminimizerPictures
[2011.11.24 13:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Haufe
[2010.11.21 21:07:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Leadertech
[2010.11.05 17:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\MAXQDA10
[2011.06.21 12:39:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\PersBackup5
[2011.05.01 14:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\rooms-configurator
[2012.01.22 12:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Simply Super Software
[2011.05.29 17:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\SoftGrid Client
[2011.08.11 10:22:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\TP
[2011.08.25 18:46:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Unity
[2011.12.07 21:36:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\WordToPDF
[2012.01.18 11:29:45 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.20 22:09:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.#
[2012.01.06 11:50:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.purple
[2011.08.08 19:12:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Acumen Business Systems Ltd
[2011.12.06 16:46:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Adobe
[2012.01.22 16:31:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Alpen 3D Online
[2011.11.07 11:59:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Apple Computer
[2010.10.24 22:02:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\AVG10
[2011.12.29 20:41:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\calibre
[2010.12.14 17:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Canneverbe Limited
[2011.03.31 20:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Canon
[2010.10.24 14:27:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Creative
[2010.11.04 15:57:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\DivX
[2011.05.22 11:28:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Duden
[2011.09.25 10:28:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\DVDVideoSoft
[2011.09.25 10:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.01.06 12:59:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Exodus
[2011.12.17 14:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\FILEminimizerPictures
[2011.04.09 12:58:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Google
[2011.11.24 13:15:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Haufe
[2010.10.31 13:52:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Help
[2010.10.24 13:51:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Identities
[2010.11.21 21:07:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Leadertech
[2011.04.12 12:00:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Macromedia
[2012.01.21 23:21:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Malwarebytes
[2010.11.05 17:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\MAXQDA10
[2011.12.06 16:46:23 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Microsoft
[2010.10.24 21:55:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Mozilla
[2011.06.21 12:39:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\PersBackup5
[2011.05.01 14:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\rooms-configurator
[2010.11.21 21:07:51 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\SecuROM
[2012.01.22 12:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Simply Super Software
[2011.11.26 12:48:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Skype
[2011.06.20 20:32:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\skypePM
[2011.05.29 17:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\SoftGrid Client
[2010.12.05 22:20:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Sun
[2011.08.11 10:22:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\TP
[2011.08.25 18:46:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Unity
[2011.08.22 10:19:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\vlc
[2012.01.21 22:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Winamp
[2010.10.31 13:31:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\WinRAR
[2011.12.07 21:36:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\WordToPDF
[2011.03.31 20:27:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
[2011.12.05 21:15:20 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.12.07 16:53:01 | 000,043,385 | R--- | M] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Microsoft\Installer\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}\_112D608FD02CD87FDC7735.exe
[2011.12.07 16:53:01 | 000,043,385 | R--- | M] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Microsoft\Installer\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}\_1A508631B9BA7A5663EE5C.exe
[2011.12.07 16:53:01 | 000,032,579 | R--- | M] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Microsoft\Installer\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}\_853F67D554F05449430E7E.exe
[2011.12.05 21:05:39 | 000,032,579 | R--- | M] () -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Microsoft\Installer\{B539E69D-DD59-457D-A926-CF01ACA6D04C}\_853F67D554F05449430E7E.exe
[2010.07.05 14:30:36 | 003,687,344 | ---- | M] (Simply Super Software) -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Simply Super Software\Trojan Remover\iaa6.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2004.11.03 21:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) MD5=C8DAA008F9E390B9DA504C1CD0DA1EE9 -- C:\WINDOWS\system32\drivers\nvatabus.sys
[2004.11.03 21:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) MD5=C8DAA008F9E390B9DA504C1CD0DA1EE9 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvatabus.sys
[2004.11.03 21:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) MD5=C8DAA008F9E390B9DA504C1CD0DA1EE9 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvatabus.sys
 
< MD5 for: NVGTS.SYS  >
[2008.08.18 18:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=37954CD1D0AFC11BECD149F7C3EC88C2 -- C:\NVIDIA\nForceWin2k\15.23\IS\IDE\WinXP\sataraid\nvgts.sys
[2008.08.18 18:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=EA98BFE4931BD13D747D647C1859796E -- C:\NVIDIA\nForceWin2k\15.23\IS\IDE\WinXP\sata_ide\nvgts.sys
[2008.08.18 18:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=EA98BFE4931BD13D747D647C1859796E -- C:\WINDOWS\system32\drivers\nvgts.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2010.10.24 15:37:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.10.24 15:37:06 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.10.24 15:37:06 | 000,454,656 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2

< End of report >
--- --- ---

[/code]

cosinus 30.01.2012 11:43
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
DRV - File not found [Kernel | On_Demand | Running] --  -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] --  -- (xcpip)
O4 - HKCU..\Run: [SpybotSD TeaTimer] G:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.24 13:48:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\Shell\AutoRun\command - "" = D:\ASUSACPI.exe
[2011.06.20 22:09:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.#
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Wurschtkopp 30.01.2012 12:59
Hier das neue Log:

Code:
All processes killed
========== OTL ==========
Error: Unable to stop service xpsec!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xpsec deleted successfully.
Error: Unable to stop service xcpip!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xcpip deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
G:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL deleted successfully.
C:\WINDOWS\system32\cmd.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33ac67f5-df7b-11df-a654-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33ac67f5-df7b-11df-a654-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33ac67f5-df7b-11df-a654-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33ac67f5-df7b-11df-a654-806d6172696f}\ not found.
File D:\ASUSACPI.exe not found.
C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\.# folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 721485 bytes
->Temporary Internet Files folder emptied: 12331512 bytes
->Flash cache emptied: 56475 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Ich
->Temp folder emptied: 5514486 bytes
->Temporary Internet Files folder emptied: 833504 bytes
->Java cache emptied: 5813044 bytes
->FireFox cache emptied: 50458148 bytes
->Flash cache emptied: 57485 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33664 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2512158 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 400464 bytes
RecycleBin emptied: 13017 bytes
 
Total Files Cleaned = 75,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01302012_125218

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\577beb9a scheduled to be moved on reboot.
C:\WINDOWS\temp\68055cd moved successfully.
File move failed. C:\WINDOWS\temp\9ac821d5 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\faa62aa scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 30.01.2012 13:08
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Wurschtkopp 30.01.2012 13:17
Und das nächste Log :)

Code:
13:13:48.0453 2120        TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
13:13:48.0656 2120        ============================================================
13:13:48.0656 2120        Current date / time: 2012/01/30 13:13:48.0656
13:13:48.0656 2120        SystemInfo:
13:13:48.0656 2120       
13:13:48.0656 2120        OS Version: 5.1.2600 ServicePack: 3.0
13:13:48.0656 2120        Product type: Workstation
13:13:48.0656 2120        ComputerName: ICH-0112C52BCD8
13:13:48.0656 2120        UserName: Ich
13:13:48.0656 2120        Windows directory: C:\WINDOWS
13:13:48.0656 2120        System windows directory: C:\WINDOWS
13:13:48.0656 2120        Processor architecture: Intel x86
13:13:48.0656 2120        Number of processors: 1
13:13:48.0656 2120        Page size: 0x1000
13:13:48.0656 2120        Boot type: Normal boot
13:13:48.0656 2120        ============================================================
13:13:49.0125 2120        Drive \Device\Harddisk0\DR0 - Size: 0x2E93D2DE00 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5EA22, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000058
13:13:49.0140 2120        Drive \Device\Harddisk1\DR1 - Size: 0x89E89C000 (34.48 Gb), SectorSize: 0x200, Cylinders: 0x1194, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
13:13:49.0234 2120        Initialize success
13:14:52.0484 4060        ============================================================
13:14:52.0484 4060        Scan started
13:14:52.0484 4060        Mode: Manual; SigCheck; TDLFS;
13:14:52.0484 4060        ============================================================
13:14:52.0968 4060        Abiosdsk - ok
13:14:52.0984 4060        abp480n5 - ok
13:14:53.0015 4060        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:14:53.0625 4060        ACPI - ok
13:14:53.0656 4060        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:14:53.0765 4060        ACPIEC - ok
13:14:53.0781 4060        adpu160m - ok
13:14:53.0812 4060        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:14:53.0906 4060        aec - ok
13:14:53.0921 4060        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:14:53.0968 4060        AFD - ok
13:14:53.0984 4060        Aha154x - ok
13:14:53.0984 4060        aic78u2 - ok
13:14:54.0000 4060        aic78xx - ok
13:14:54.0031 4060        AliIde - ok
13:14:54.0031 4060        amsint - ok
13:14:54.0078 4060        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:14:54.0187 4060        Arp1394 - ok
13:14:54.0187 4060        asc - ok
13:14:54.0203 4060        asc3350p - ok
13:14:54.0218 4060        asc3550 - ok
13:14:54.0250 4060        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:14:54.0375 4060        AsyncMac - ok
13:14:54.0406 4060        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:14:54.0531 4060        atapi - ok
13:14:54.0546 4060        Atdisk - ok
13:14:54.0578 4060        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:14:54.0687 4060        Atmarpc - ok
13:14:54.0718 4060        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:14:54.0828 4060        audstub - ok
13:14:54.0859 4060        AVGIDSDriver    (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
13:14:54.0875 4060        AVGIDSDriver - ok
13:14:54.0906 4060        AVGIDSEH        (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
13:14:54.0906 4060        AVGIDSEH - ok
13:14:54.0921 4060        AVGIDSFilter    (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
13:14:54.0937 4060        AVGIDSFilter - ok
13:14:54.0953 4060        AVGIDSShim      (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
13:14:54.0953 4060        AVGIDSShim - ok
13:14:55.0000 4060        Avgldx86        (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
13:14:55.0015 4060        Avgldx86 - ok
13:14:55.0015 4060        Avgmfx86        (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
13:14:55.0031 4060        Avgmfx86 - ok
13:14:55.0062 4060        Avgrkx86        (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
13:14:55.0062 4060        Avgrkx86 - ok
13:14:55.0093 4060        Avgtdix        (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
13:14:55.0109 4060        Avgtdix - ok
13:14:55.0140 4060        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:14:55.0234 4060        Beep - ok
13:14:55.0265 4060        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:14:55.0406 4060        cbidf2k - ok
13:14:55.0406 4060        cd20xrnt - ok
13:14:55.0421 4060        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:14:55.0531 4060        Cdaudio - ok
13:14:55.0562 4060        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:14:55.0671 4060        Cdfs - ok
13:14:55.0718 4060        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:14:55.0812 4060        Cdrom - ok
13:14:55.0828 4060        Changer - ok
13:14:55.0859 4060        CmdIde - ok
13:14:55.0875 4060        Cpqarray - ok
13:14:55.0921 4060        ctac32k        (39e4d8f8e627eca4a76d9843606bae0a) C:\WINDOWS\system32\drivers\ctac32k.sys
13:14:55.0937 4060        ctac32k - ok
13:14:55.0968 4060        ctaud2k        (de80bd73c255f8fecaf271c04a022a2f) C:\WINDOWS\system32\drivers\ctaud2k.sys
13:14:56.0000 4060        ctaud2k - ok
13:14:56.0031 4060        ctdvda2k        (18779d6877a2f4ff2f23193fee44b095) C:\WINDOWS\system32\drivers\ctdvda2k.sys
13:14:56.0046 4060        ctdvda2k - ok
13:14:56.0093 4060        ctprxy2k        (a07820a06bfdbffa1d207c7778205a4d) C:\WINDOWS\system32\drivers\ctprxy2k.sys
13:14:56.0093 4060        ctprxy2k - ok
13:14:56.0125 4060        ctsfm2k        (d29b3eeb5155a06b94f8d75c126a9c0c) C:\WINDOWS\system32\drivers\ctsfm2k.sys
13:14:56.0125 4060        ctsfm2k - ok
13:14:56.0140 4060        dac2w2k - ok
13:14:56.0156 4060        dac960nt - ok
13:14:56.0171 4060        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:14:56.0296 4060        Disk - ok
13:14:56.0343 4060        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:14:56.0468 4060        dmboot - ok
13:14:56.0500 4060        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:14:56.0609 4060        dmio - ok
13:14:56.0640 4060        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:14:56.0750 4060        dmload - ok
13:14:56.0781 4060        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:14:56.0890 4060        DMusic - ok
13:14:56.0906 4060        dpti2o - ok
13:14:56.0921 4060        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:14:57.0031 4060        drmkaud - ok
13:14:57.0062 4060        emupia          (39fbced3e762b85846b3da494fcd33fe) C:\WINDOWS\system32\drivers\emupia2k.sys
13:14:57.0078 4060        emupia - ok
13:14:57.0109 4060        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:14:57.0218 4060        Fastfat - ok
13:14:57.0234 4060        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:14:57.0359 4060        Fdc - ok
13:14:57.0375 4060        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:14:57.0484 4060        Fips - ok
13:14:57.0500 4060        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:14:57.0625 4060        Flpydisk - ok
13:14:57.0671 4060        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:14:57.0781 4060        FltMgr - ok
13:14:57.0796 4060        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:14:57.0921 4060        Fs_Rec - ok
13:14:57.0937 4060        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:14:58.0046 4060        Ftdisk - ok
13:14:58.0062 4060        gameenum        (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:14:58.0187 4060        gameenum - ok
13:14:58.0218 4060        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:14:58.0343 4060        Gpc - ok
13:14:58.0406 4060        ha10kx2k        (848f9033ad1c2c6f7ee7e65c2daf45f1) C:\WINDOWS\system32\drivers\ha10kx2k.sys
13:14:58.0453 4060        ha10kx2k - ok
13:14:58.0484 4060        hap16v2k        (d2fe992041527ef54e438a3fc82d3b23) C:\WINDOWS\system32\drivers\hap16v2k.sys
13:14:58.0515 4060        hap16v2k - ok
13:14:58.0562 4060        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:14:58.0687 4060        HidUsb - ok
13:14:58.0703 4060        hpn - ok
13:14:58.0765 4060        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:14:58.0781 4060        HTTP - ok
13:14:58.0796 4060        i2omgmt - ok
13:14:58.0812 4060        i2omp - ok
13:14:58.0828 4060        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:14:58.0937 4060        i8042prt - ok
13:14:58.0968 4060        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:14:59.0078 4060        Imapi - ok
13:14:59.0109 4060        ini910u - ok
13:14:59.0125 4060        IntelIde - ok
13:14:59.0140 4060        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:14:59.0250 4060        Ip6Fw - ok
13:14:59.0265 4060        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:14:59.0390 4060        IpFilterDriver - ok
13:14:59.0406 4060        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:14:59.0531 4060        IpInIp - ok
13:14:59.0562 4060        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:14:59.0671 4060        IpNat - ok
13:14:59.0687 4060        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:14:59.0812 4060        IPSec - ok
13:14:59.0828 4060        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:14:59.0875 4060        IRENUM - ok
13:14:59.0890 4060        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:15:00.0000 4060        isapnp - ok
13:15:00.0031 4060        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:15:00.0140 4060        Kbdclass - ok
13:15:00.0171 4060        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:15:00.0296 4060        kmixer - ok
13:15:00.0328 4060        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:15:00.0343 4060        KSecDD - ok
13:15:00.0421 4060        Lavasoft Kernexplorer - ok
13:15:00.0437 4060        lbrtfdc - ok
13:15:00.0468 4060        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:15:00.0593 4060        mnmdd - ok
13:15:00.0609 4060        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:15:00.0718 4060        Modem - ok
13:15:00.0750 4060        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:15:00.0859 4060        Mouclass - ok
13:15:00.0890 4060        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:15:01.0000 4060        mouhid - ok
13:15:01.0015 4060        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:15:01.0125 4060        MountMgr - ok
13:15:01.0140 4060        mraid35x - ok
13:15:01.0156 4060        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:15:01.0265 4060        MRxDAV - ok
13:15:01.0296 4060        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:15:01.0312 4060        MRxSmb - ok
13:15:01.0343 4060        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:15:01.0437 4060        Msfs - ok
13:15:01.0468 4060        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:15:01.0578 4060        MSKSSRV - ok
13:15:01.0593 4060        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:15:01.0703 4060        MSPCLOCK - ok
13:15:01.0718 4060        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:15:01.0843 4060        MSPQM - ok
13:15:01.0859 4060        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:15:01.0968 4060        mssmbios - ok
13:15:02.0000 4060        ms_mpu401      (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
13:15:02.0125 4060        ms_mpu401 - ok
13:15:02.0156 4060        MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
13:15:02.0171 4060        MTsensor - ok
13:15:02.0187 4060        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:15:02.0234 4060        Mup - ok
13:15:02.0265 4060        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:15:02.0390 4060        NDIS - ok
13:15:02.0421 4060        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:15:02.0453 4060        NdisTapi - ok
13:15:02.0468 4060        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:15:02.0593 4060        Ndisuio - ok
13:15:02.0609 4060        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:15:02.0718 4060        NdisWan - ok
13:15:02.0750 4060        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:15:02.0781 4060        NDProxy - ok
13:15:02.0796 4060        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:15:02.0906 4060        NetBIOS - ok
13:15:02.0921 4060        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:15:03.0031 4060        NetBT - ok
13:15:03.0062 4060        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:15:03.0171 4060        NIC1394 - ok
13:15:03.0203 4060        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:15:03.0312 4060        Npfs - ok
13:15:03.0343 4060        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:15:03.0453 4060        Ntfs - ok
13:15:03.0500 4060        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:15:03.0625 4060        Null - ok
13:15:03.0906 4060        nv              (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:15:04.0156 4060        nv - ok
13:15:04.0187 4060        nvatabus        (c8daa008f9e390b9da504c1cd0da1ee9) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
13:15:04.0203 4060        nvatabus ( UnsignedFile.Multi.Generic ) - warning
13:15:04.0203 4060        nvatabus - detected UnsignedFile.Multi.Generic (1)
13:15:04.0250 4060        NVENETFD        (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:15:04.0250 4060        NVENETFD - ok
13:15:04.0265 4060        nvgts          (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
13:15:04.0281 4060        nvgts - ok
13:15:04.0312 4060        nvnetbus        (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:15:04.0328 4060        nvnetbus - ok
13:15:04.0359 4060        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:15:04.0453 4060        NwlnkFlt - ok
13:15:04.0468 4060        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:15:04.0578 4060        NwlnkFwd - ok
13:15:04.0625 4060        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:15:04.0718 4060        ohci1394 - ok
13:15:04.0750 4060        ossrv          (64631723b13cbcc153294347535844be) C:\WINDOWS\system32\drivers\ctoss2k.sys
13:15:04.0765 4060        ossrv - ok
13:15:04.0796 4060        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:15:04.0906 4060        Parport - ok
13:15:04.0921 4060        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:15:05.0031 4060        PartMgr - ok
13:15:05.0062 4060        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:15:05.0171 4060        ParVdm - ok
13:15:05.0203 4060        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:15:05.0312 4060        PCI - ok
13:15:05.0312 4060        PCIDump - ok
13:15:05.0328 4060        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:15:05.0453 4060        PCIIde - ok
13:15:05.0484 4060        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:15:05.0593 4060        Pcmcia - ok
13:15:05.0593 4060        PDCOMP - ok
13:15:05.0609 4060        PDFRAME - ok
13:15:05.0625 4060        PDRELI - ok
13:15:05.0640 4060        PDRFRAME - ok
13:15:05.0656 4060        perc2 - ok
13:15:05.0671 4060        perc2hib - ok
13:15:05.0703 4060        PfDetNT        (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
13:15:05.0718 4060        PfDetNT - ok
13:15:05.0750 4060        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:15:05.0859 4060        PptpMiniport - ok
13:15:05.0875 4060        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
13:15:05.0984 4060        Processor - ok
13:15:06.0000 4060        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:15:06.0109 4060        PSched - ok
13:15:06.0140 4060        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:15:06.0281 4060        Ptilink - ok
13:15:06.0312 4060        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:15:06.0312 4060        PxHelp20 - ok
13:15:06.0328 4060        ql1080 - ok
13:15:06.0343 4060        Ql10wnt - ok
13:15:06.0359 4060        ql12160 - ok
13:15:06.0375 4060        ql1240 - ok
13:15:06.0390 4060        ql1280 - ok
13:15:06.0406 4060        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:15:06.0531 4060        RasAcd - ok
13:15:06.0546 4060        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:15:06.0656 4060        Rasl2tp - ok
13:15:06.0671 4060        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:15:06.0781 4060        RasPppoe - ok
13:15:06.0796 4060        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:15:06.0890 4060        Raspti - ok
13:15:06.0921 4060        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:15:07.0046 4060        Rdbss - ok
13:15:07.0062 4060        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:15:07.0140 4060        RDPCDD - ok
13:15:07.0187 4060        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:15:07.0203 4060        RDPWD - ok
13:15:07.0234 4060        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:15:07.0343 4060        redbook - ok
13:15:07.0390 4060        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:15:07.0437 4060        Secdrv - ok
13:15:07.0468 4060        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:15:07.0578 4060        serenum - ok
13:15:07.0609 4060        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:15:07.0703 4060        Serial - ok
13:15:07.0765 4060        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:15:07.0875 4060        Sfloppy - ok
13:15:07.0890 4060        Simbad - ok
13:15:07.0906 4060        Sparrow - ok
13:15:07.0937 4060        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:15:08.0031 4060        splitter - ok
13:15:08.0078 4060        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:15:08.0125 4060        sr - ok
13:15:08.0171 4060        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:15:08.0187 4060        Srv - ok
13:15:08.0234 4060        StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
13:15:08.0234 4060        StarOpen ( UnsignedFile.Multi.Generic ) - warning
13:15:08.0234 4060        StarOpen - detected UnsignedFile.Multi.Generic (1)
13:15:08.0265 4060        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:15:08.0375 4060        swenum - ok
13:15:08.0468 4060        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:15:08.0578 4060        swmidi - ok
13:15:08.0593 4060        symc810 - ok
13:15:08.0609 4060        symc8xx - ok
13:15:08.0625 4060        sym_hi - ok
13:15:08.0640 4060        sym_u3 - ok
13:15:08.0656 4060        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:15:08.0781 4060        sysaudio - ok
13:15:08.0828 4060        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:15:08.0843 4060        Tcpip - ok
13:15:08.0890 4060        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:15:09.0031 4060        TDPIPE - ok
13:15:09.0046 4060        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:15:09.0140 4060        TDTCP - ok
13:15:09.0171 4060        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:15:09.0281 4060        TermDD - ok
13:15:09.0296 4060        TosIde - ok
13:15:09.0343 4060        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:15:09.0437 4060        Udfs - ok
13:15:09.0453 4060        ultra - ok
13:15:09.0484 4060        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:15:09.0578 4060        Update - ok
13:15:09.0625 4060        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:15:09.0734 4060        usbccgp - ok
13:15:09.0781 4060        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:15:09.0890 4060        usbehci - ok
13:15:09.0906 4060        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:15:10.0000 4060        usbhub - ok
13:15:10.0015 4060        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:15:10.0140 4060        usbohci - ok
13:15:10.0156 4060        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:15:10.0265 4060        usbprint - ok
13:15:10.0281 4060        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:15:10.0375 4060        usbscan - ok
13:15:10.0406 4060        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:15:10.0515 4060        USBSTOR - ok
13:15:10.0546 4060        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:15:10.0640 4060        VgaSave - ok
13:15:10.0656 4060        ViaIde - ok
13:15:10.0671 4060        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:15:10.0781 4060        VolSnap - ok
13:15:10.0812 4060        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:15:10.0921 4060        Wanarp - ok
13:15:10.0921 4060        WDICA - ok
13:15:10.0968 4060        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:15:11.0062 4060        wdmaud - ok
13:15:11.0140 4060        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:15:11.0234 4060        WS2IFSL - ok
13:15:11.0265 4060        xcpip - ok
13:15:11.0281 4060        xpsec - ok
13:15:11.0296 4060        yjlck5l8.sys - ok
13:15:11.0375 4060        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:15:11.0421 4060        \Device\Harddisk0\DR0 - ok
13:15:11.0437 4060        MBR (0x1B8)    (eeadaf356113e54427e990a5bcad82b5) \Device\Harddisk1\DR1
13:15:11.0437 4060        \Device\Harddisk1\DR1 ( Backdoor.Win32.Sinowal.knf ) - infected
13:15:11.0437 4060        \Device\Harddisk1\DR1 - detected Backdoor.Win32.Sinowal.knf (0)
13:15:11.0531 4060        Boot (0x1200)  (fb4d094934f7b17682ad395bfe5b8266) \Device\Harddisk0\DR0\Partition0
13:15:11.0531 4060        \Device\Harddisk0\DR0\Partition0 - ok
13:15:11.0562 4060        Boot (0x1200)  (4c273b1809c7eed5d127e27c1de43e37) \Device\Harddisk1\DR1\Partition0
13:15:11.0562 4060        \Device\Harddisk1\DR1\Partition0 - ok
13:15:11.0562 4060        ============================================================
13:15:11.0562 4060        Scan finished
13:15:11.0562 4060        ============================================================
13:15:11.0671 1220        Detected object count: 3
13:15:11.0671 1220        Actual detected object count: 3
13:15:30.0937 1220        nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:30.0937 1220        nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:30.0937 1220        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:30.0937 1220        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:15:30.0937 1220        \Device\Harddisk1\DR1 ( Backdoor.Win32.Sinowal.knf ) - skipped by user
13:15:30.0937 1220        \Device\Harddisk1\DR1 ( Backdoor.Win32.Sinowal.knf ) - User select action: Skip

cosinus 30.01.2012 13:19
Zitat:
13:15:30.0937 1220 \Device\Harddisk1\DR1 ( Backdoor.Win32.Sinowal.knf )
Den Sinowal (und auch nur diesen Eintrag!!) bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

Wurschtkopp 30.01.2012 13:26
Weiter gehts:

Code:
13:24:14.0984 2956        TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
13:24:15.0000 2956        ============================================================
13:24:15.0000 2956        Current date / time: 2012/01/30 13:24:15.0000
13:24:15.0000 2956        SystemInfo:
13:24:15.0000 2956       
13:24:15.0000 2956        OS Version: 5.1.2600 ServicePack: 3.0
13:24:15.0000 2956        Product type: Workstation
13:24:15.0000 2956        ComputerName: ICH-0112C52BCD8
13:24:15.0000 2956        UserName: Ich
13:24:15.0000 2956        Windows directory: C:\WINDOWS
13:24:15.0000 2956        System windows directory: C:\WINDOWS
13:24:15.0000 2956        Processor architecture: Intel x86
13:24:15.0000 2956        Number of processors: 1
13:24:15.0000 2956        Page size: 0x1000
13:24:15.0000 2956        Boot type: Normal boot
13:24:15.0000 2956        ============================================================
13:24:15.0937 2956        Drive \Device\Harddisk0\DR0 - Size: 0x2E93D2DE00 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5EA22, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000058
13:24:15.0937 2956        Drive \Device\Harddisk1\DR1 - Size: 0x89E89C000 (34.48 Gb), SectorSize: 0x200, Cylinders: 0x1194, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
13:24:16.0046 2956        Initialize success
13:24:19.0968 2312        ============================================================
13:24:19.0968 2312        Scan started
13:24:19.0968 2312        Mode: Manual; SigCheck; TDLFS;
13:24:19.0968 2312        ============================================================
13:24:20.0718 2312        Abiosdsk - ok
13:24:20.0765 2312        abp480n5 - ok
13:24:20.0875 2312        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:24:24.0312 2312        ACPI - ok
13:24:24.0531 2312        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:24:24.0781 2312        ACPIEC - ok
13:24:24.0812 2312        adpu160m - ok
13:24:24.0859 2312        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:24:25.0031 2312        aec - ok
13:24:25.0125 2312        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:24:25.0187 2312        AFD - ok
13:24:25.0234 2312        Aha154x - ok
13:24:25.0250 2312        aic78u2 - ok
13:24:25.0265 2312        aic78xx - ok
13:24:25.0312 2312        AliIde - ok
13:24:25.0343 2312        amsint - ok
13:24:25.0453 2312        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:24:25.0578 2312        Arp1394 - ok
13:24:25.0625 2312        asc - ok
13:24:25.0687 2312        asc3350p - ok
13:24:25.0750 2312        asc3550 - ok
13:24:25.0843 2312        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:24:25.0953 2312        AsyncMac - ok
13:24:26.0015 2312        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:24:26.0171 2312        atapi - ok
13:24:26.0234 2312        Atdisk - ok
13:24:26.0281 2312        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:24:26.0468 2312        Atmarpc - ok
13:24:26.0546 2312        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:24:26.0671 2312        audstub - ok
13:24:26.0734 2312        AVGIDSDriver    (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
13:24:26.0750 2312        AVGIDSDriver - ok
13:24:26.0812 2312        AVGIDSEH        (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
13:24:26.0875 2312        AVGIDSEH - ok
13:24:26.0906 2312        AVGIDSFilter    (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
13:24:26.0984 2312        AVGIDSFilter - ok
13:24:27.0000 2312        AVGIDSShim      (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
13:24:27.0078 2312        AVGIDSShim - ok
13:24:27.0125 2312        Avgldx86        (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
13:24:27.0140 2312        Avgldx86 - ok
13:24:27.0156 2312        Avgmfx86        (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
13:24:27.0218 2312        Avgmfx86 - ok
13:24:27.0265 2312        Avgrkx86        (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
13:24:27.0296 2312        Avgrkx86 - ok
13:24:27.0328 2312        Avgtdix        (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
13:24:27.0468 2312        Avgtdix - ok
13:24:27.0500 2312        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:24:27.0828 2312        Beep - ok
13:24:27.0890 2312        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:24:28.0046 2312        cbidf2k - ok
13:24:28.0093 2312        cd20xrnt - ok
13:24:28.0125 2312        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:24:28.0265 2312        Cdaudio - ok
13:24:28.0312 2312        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:24:28.0484 2312        Cdfs - ok
13:24:28.0515 2312        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:24:28.0656 2312        Cdrom - ok
13:24:28.0703 2312        Changer - ok
13:24:28.0765 2312        CmdIde - ok
13:24:28.0812 2312        Cpqarray - ok
13:24:28.0984 2312        ctac32k        (39e4d8f8e627eca4a76d9843606bae0a) C:\WINDOWS\system32\drivers\ctac32k.sys
13:24:29.0156 2312        ctac32k - ok
13:24:29.0250 2312        ctaud2k        (de80bd73c255f8fecaf271c04a022a2f) C:\WINDOWS\system32\drivers\ctaud2k.sys
13:24:29.0328 2312        ctaud2k - ok
13:24:29.0421 2312        ctdvda2k        (18779d6877a2f4ff2f23193fee44b095) C:\WINDOWS\system32\drivers\ctdvda2k.sys
13:24:29.0484 2312        ctdvda2k - ok
13:24:29.0531 2312        ctprxy2k        (a07820a06bfdbffa1d207c7778205a4d) C:\WINDOWS\system32\drivers\ctprxy2k.sys
13:24:29.0593 2312        ctprxy2k - ok
13:24:29.0656 2312        ctsfm2k        (d29b3eeb5155a06b94f8d75c126a9c0c) C:\WINDOWS\system32\drivers\ctsfm2k.sys
13:24:29.0703 2312        ctsfm2k - ok
13:24:29.0765 2312        dac2w2k - ok
13:24:29.0828 2312        dac960nt - ok
13:24:29.0921 2312        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:24:30.0062 2312        Disk - ok
13:24:30.0296 2312        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:24:30.0531 2312        dmboot - ok
13:24:30.0718 2312        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:24:30.0875 2312        dmio - ok
13:24:30.0921 2312        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:24:31.0078 2312        dmload - ok
13:24:31.0125 2312        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:24:31.0250 2312        DMusic - ok
13:24:31.0265 2312        dpti2o - ok
13:24:31.0296 2312        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:24:31.0390 2312        drmkaud - ok
13:24:31.0500 2312        emupia          (39fbced3e762b85846b3da494fcd33fe) C:\WINDOWS\system32\drivers\emupia2k.sys
13:24:31.0531 2312        emupia - ok
13:24:31.0656 2312        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:24:31.0781 2312        Fastfat - ok
13:24:31.0828 2312        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:24:31.0984 2312        Fdc - ok
13:24:32.0046 2312        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:24:32.0187 2312        Fips - ok
13:24:32.0234 2312        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:24:32.0359 2312        Flpydisk - ok
13:24:32.0406 2312        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:24:32.0546 2312        FltMgr - ok
13:24:32.0640 2312        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:24:32.0750 2312        Fs_Rec - ok
13:24:32.0781 2312        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:24:32.0921 2312        Ftdisk - ok
13:24:32.0937 2312        gameenum        (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:24:33.0062 2312        gameenum - ok
13:24:33.0140 2312        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:24:33.0281 2312        Gpc - ok
13:24:33.0484 2312        ha10kx2k        (848f9033ad1c2c6f7ee7e65c2daf45f1) C:\WINDOWS\system32\drivers\ha10kx2k.sys
13:24:33.0609 2312        ha10kx2k - ok
13:24:33.0671 2312        hap16v2k        (d2fe992041527ef54e438a3fc82d3b23) C:\WINDOWS\system32\drivers\hap16v2k.sys
13:24:33.0718 2312        hap16v2k - ok
13:24:33.0781 2312        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:24:33.0906 2312        HidUsb - ok
13:24:33.0937 2312        hpn - ok
13:24:34.0000 2312        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:24:34.0078 2312        HTTP - ok
13:24:34.0093 2312        i2omgmt - ok
13:24:34.0109 2312        i2omp - ok
13:24:34.0156 2312        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:24:34.0296 2312        i8042prt - ok
13:24:34.0359 2312        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:24:34.0484 2312        Imapi - ok
13:24:34.0515 2312        ini910u - ok
13:24:34.0546 2312        IntelIde - ok
13:24:34.0593 2312        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:24:34.0734 2312        Ip6Fw - ok
13:24:34.0843 2312        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:24:34.0984 2312        IpFilterDriver - ok
13:24:35.0031 2312        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:24:35.0171 2312        IpInIp - ok
13:24:35.0203 2312        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:24:35.0343 2312        IpNat - ok
13:24:35.0421 2312        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:24:35.0562 2312        IPSec - ok
13:24:35.0625 2312        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:24:35.0687 2312        IRENUM - ok
13:24:35.0734 2312        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:24:35.0859 2312        isapnp - ok
13:24:35.0906 2312        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:24:36.0046 2312        Kbdclass - ok
13:24:36.0093 2312        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:24:36.0218 2312        kmixer - ok
13:24:36.0265 2312        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:24:36.0359 2312        KSecDD - ok
13:24:36.0421 2312        Lavasoft Kernexplorer - ok
13:24:36.0453 2312        lbrtfdc - ok
13:24:36.0531 2312        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:24:36.0640 2312        mnmdd - ok
13:24:36.0687 2312        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:24:36.0828 2312        Modem - ok
13:24:36.0875 2312        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:24:37.0015 2312        Mouclass - ok
13:24:37.0078 2312        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:24:37.0218 2312        mouhid - ok
13:24:37.0328 2312        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:24:37.0453 2312        MountMgr - ok
13:24:37.0484 2312        mraid35x - ok
13:24:37.0531 2312        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:24:37.0656 2312        MRxDAV - ok
13:24:37.0765 2312        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:24:37.0859 2312        MRxSmb - ok
13:24:37.0921 2312        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:24:38.0062 2312        Msfs - ok
13:24:38.0187 2312        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:24:38.0328 2312        MSKSSRV - ok
13:24:38.0406 2312        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:24:38.0531 2312        MSPCLOCK - ok
13:24:38.0578 2312        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:24:38.0734 2312        MSPQM - ok
13:24:38.0796 2312        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:24:38.0921 2312        mssmbios - ok
13:24:38.0953 2312        ms_mpu401      (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
13:24:39.0093 2312        ms_mpu401 - ok
13:24:39.0156 2312        MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
13:24:39.0203 2312        MTsensor - ok
13:24:39.0265 2312        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:24:39.0296 2312        Mup - ok
13:24:39.0359 2312        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:24:39.0500 2312        NDIS - ok
13:24:39.0546 2312        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:24:39.0593 2312        NdisTapi - ok
13:24:39.0671 2312        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:24:39.0812 2312        Ndisuio - ok
13:24:39.0875 2312        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:24:40.0000 2312        NdisWan - ok
13:24:40.0078 2312        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:24:40.0140 2312        NDProxy - ok
13:24:40.0187 2312        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:24:40.0328 2312        NetBIOS - ok
13:24:40.0406 2312        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:24:40.0515 2312        NetBT - ok
13:24:40.0593 2312        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:24:40.0718 2312        NIC1394 - ok
13:24:40.0781 2312        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:24:40.0890 2312        Npfs - ok
13:24:40.0984 2312        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:24:41.0171 2312        Ntfs - ok
13:24:41.0218 2312        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:24:41.0343 2312        Null - ok
13:24:42.0406 2312        nv              (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:24:44.0468 2312        nv - ok
13:24:44.0625 2312        nvatabus        (c8daa008f9e390b9da504c1cd0da1ee9) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
13:24:44.0640 2312        nvatabus ( UnsignedFile.Multi.Generic ) - warning
13:24:44.0640 2312        nvatabus - detected UnsignedFile.Multi.Generic (1)
13:24:44.0687 2312        NVENETFD        (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:24:44.0750 2312        NVENETFD - ok
13:24:44.0828 2312        nvgts          (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
13:24:44.0828 2312        nvgts - ok
13:24:44.0906 2312        nvnetbus        (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:24:44.0968 2312        nvnetbus - ok
13:24:45.0062 2312        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:24:45.0203 2312        NwlnkFlt - ok
13:24:45.0234 2312        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:24:45.0343 2312        NwlnkFwd - ok
13:24:45.0406 2312        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:24:45.0656 2312        ohci1394 - ok
13:24:45.0718 2312        ossrv          (64631723b13cbcc153294347535844be) C:\WINDOWS\system32\drivers\ctoss2k.sys
13:24:45.0781 2312        ossrv - ok
13:24:45.0828 2312        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:24:46.0000 2312        Parport - ok
13:24:46.0046 2312        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:24:46.0156 2312        PartMgr - ok
13:24:46.0187 2312        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:24:46.0296 2312        ParVdm - ok
13:24:46.0328 2312        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:24:46.0437 2312        PCI - ok
13:24:46.0453 2312        PCIDump - ok
13:24:46.0484 2312        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:24:46.0593 2312        PCIIde - ok
13:24:46.0625 2312        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:24:46.0734 2312        Pcmcia - ok
13:24:46.0750 2312        PDCOMP - ok
13:24:46.0750 2312        PDFRAME - ok
13:24:46.0765 2312        PDRELI - ok
13:24:46.0781 2312        PDRFRAME - ok
13:24:46.0796 2312        perc2 - ok
13:24:46.0812 2312        perc2hib - ok
13:24:46.0875 2312        PfDetNT        (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
13:24:46.0875 2312        PfDetNT - ok
13:24:46.0906 2312        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:24:47.0015 2312        PptpMiniport - ok
13:24:47.0046 2312        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
13:24:47.0156 2312        Processor - ok
13:24:47.0187 2312        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:24:47.0296 2312        PSched - ok
13:24:47.0312 2312        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:24:47.0406 2312        Ptilink - ok
13:24:47.0437 2312        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:24:47.0437 2312        PxHelp20 - ok
13:24:47.0453 2312        ql1080 - ok
13:24:47.0484 2312        Ql10wnt - ok
13:24:47.0500 2312        ql12160 - ok
13:24:47.0500 2312        ql1240 - ok
13:24:47.0515 2312        ql1280 - ok
13:24:47.0546 2312        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:24:47.0671 2312        RasAcd - ok
13:24:47.0687 2312        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:24:47.0796 2312        Rasl2tp - ok
13:24:47.0812 2312        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:24:47.0906 2312        RasPppoe - ok
13:24:47.0921 2312        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:24:48.0046 2312        Raspti - ok
13:24:48.0062 2312        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:24:48.0156 2312        Rdbss - ok
13:24:48.0171 2312        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:24:48.0281 2312        RDPCDD - ok
13:24:48.0312 2312        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:24:48.0343 2312        RDPWD - ok
13:24:48.0375 2312        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:24:48.0484 2312        redbook - ok
13:24:48.0531 2312        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:24:48.0578 2312        Secdrv - ok
13:24:48.0609 2312        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:24:48.0718 2312        serenum - ok
13:24:48.0750 2312        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:24:48.0859 2312        Serial - ok
13:24:48.0890 2312        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:24:48.0984 2312        Sfloppy - ok
13:24:49.0000 2312        Simbad - ok
13:24:49.0015 2312        Sparrow - ok
13:24:49.0046 2312        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:24:49.0171 2312        splitter - ok
13:24:49.0203 2312        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:24:49.0250 2312        sr - ok
13:24:49.0281 2312        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:24:49.0343 2312        Srv - ok
13:24:49.0390 2312        StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
13:24:49.0390 2312        StarOpen ( UnsignedFile.Multi.Generic ) - warning
13:24:49.0390 2312        StarOpen - detected UnsignedFile.Multi.Generic (1)
13:24:49.0406 2312        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:24:49.0500 2312        swenum - ok
13:24:49.0531 2312        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:24:49.0656 2312        swmidi - ok
13:24:49.0671 2312        symc810 - ok
13:24:49.0687 2312        symc8xx - ok
13:24:49.0703 2312        sym_hi - ok
13:24:49.0718 2312        sym_u3 - ok
13:24:49.0734 2312        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:24:49.0828 2312        sysaudio - ok
13:24:49.0890 2312        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:24:49.0937 2312        Tcpip - ok
13:24:49.0953 2312        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:24:50.0046 2312        TDPIPE - ok
13:24:50.0062 2312        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:24:50.0171 2312        TDTCP - ok
13:24:50.0203 2312        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:24:50.0312 2312        TermDD - ok
13:24:50.0328 2312        TosIde - ok
13:24:50.0375 2312        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:24:50.0468 2312        Udfs - ok
13:24:50.0484 2312        ultra - ok
13:24:50.0515 2312        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:24:50.0625 2312        Update - ok
13:24:50.0656 2312        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:24:50.0765 2312        usbccgp - ok
13:24:50.0812 2312        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:24:50.0906 2312        usbehci - ok
13:24:50.0921 2312        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:24:51.0031 2312        usbhub - ok
13:24:51.0046 2312        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:24:51.0156 2312        usbohci - ok
13:24:51.0187 2312        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:24:51.0296 2312        usbprint - ok
13:24:51.0312 2312        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:24:51.0421 2312        usbscan - ok
13:24:51.0453 2312        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:24:51.0546 2312        USBSTOR - ok
13:24:51.0578 2312        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:24:51.0687 2312        VgaSave - ok
13:24:51.0687 2312        ViaIde - ok
13:24:51.0718 2312        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:24:51.0828 2312        VolSnap - ok
13:24:51.0875 2312        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:24:51.0968 2312        Wanarp - ok
13:24:51.0984 2312        WDICA - ok
13:24:52.0031 2312        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:24:52.0156 2312        wdmaud - ok
13:24:52.0234 2312        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:24:52.0328 2312        WS2IFSL - ok
13:24:52.0359 2312        xcpip - ok
13:24:52.0375 2312        xpsec - ok
13:24:52.0390 2312        yjlck5l8.sys - ok
13:24:52.0468 2312        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:24:52.0515 2312        \Device\Harddisk0\DR0 - ok
13:24:52.0546 2312        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
13:24:52.0671 2312        \Device\Harddisk1\DR1 - ok
13:24:52.0750 2312        Boot (0x1200)  (fb4d094934f7b17682ad395bfe5b8266) \Device\Harddisk0\DR0\Partition0
13:24:52.0750 2312        \Device\Harddisk0\DR0\Partition0 - ok
13:24:52.0750 2312        Boot (0x1200)  (4c273b1809c7eed5d127e27c1de43e37) \Device\Harddisk1\DR1\Partition0
13:24:52.0750 2312        \Device\Harddisk1\DR1\Partition0 - ok
13:24:52.0750 2312        ============================================================
13:24:52.0750 2312        Scan finished
13:24:52.0750 2312        ============================================================
13:24:52.0859 2980        Detected object count: 2
13:24:52.0859 2980        Actual detected object count: 2
13:24:56.0078 2980        nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:56.0078 2980        nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:56.0078 2980        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:56.0078 2980        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 30.01.2012 13:40
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Wurschtkopp 30.01.2012 14:11
Und hier das Combofix-Log:

[code]
Combofix Logfile:
Code:
ComboFix 12-01-30.01 - Ich 30.01.2012  13:58:52.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.3071.2503 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Ich\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Ich\WINDOWS
c:\windows\desktop
c:\windows\desktop\Teststs\gantt.xls
c:\windows\system32\AVSredirect.dll
c:\windows\unin0407.exe
G:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-28 bis 2012-01-30  ))))))))))))))))))))))))))))))
.
.
2012-01-30 11:52 . 2012-01-30 11:52        --------        d-----w-        C:\_OTL
2012-01-28 11:22 . 2012-01-28 11:22        --------        d-----w-        c:\programme\ESET
2012-01-26 09:43 . 2012-01-26 09:43        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-01-26 09:43 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-22 11:50 . 2012-01-22 11:50        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2012-01-22 11:45 . 2012-01-22 11:46        --------        d-----w-        c:\dokumente und einstellungen\Administrator
2012-01-22 11:36 . 2012-01-22 11:36        --------        d-----w-        c:\dokumente und einstellungen\Ich\Anwendungsdaten\Simply Super Software
2012-01-21 22:21 . 2012-01-21 22:21        --------        d-----w-        c:\dokumente und einstellungen\Ich\Anwendungsdaten\Malwarebytes
2012-01-21 22:21 . 2012-01-21 22:21        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-06 10:52 . 2012-01-06 11:59        --------        d-----w-        c:\dokumente und einstellungen\Ich\Anwendungsdaten\Exodus
2012-01-06 10:50 . 2002-12-05 13:16        84992        ----a-w-        c:\windows\system32\atl70.dll
2012-01-06 10:50 . 2001-03-08 17:30        24064        ----a-w-        c:\windows\system32\msxml3a.dll
2012-01-06 10:46 . 2012-01-06 10:50        --------        d-----w-        c:\dokumente und einstellungen\Ich\Anwendungsdaten\.purple
2012-01-04 09:22 . 2012-01-04 09:22        --------        d-----w-        c:\programme\Microsoft Silverlight
2012-01-03 13:10 . 2012-01-03 13:10        182672        ----a-w-        c:\programme\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 11:29 . 2011-08-25 19:00        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2008-04-14 05:52        293888        ----a-w-        c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-04-14 05:23        1859712        ----a-w-        c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2008-04-14 05:52        61952        ----a-w-        c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 05:52        354816        ----a-w-        c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 05:52        152064        ----a-w-        c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2008-04-14 05:52        916992        ----a-w-        c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-14 05:53        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2008-04-14 05:52        43520        ------w-        c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2008-04-14 05:25        385024        ----a-w-        c:\windows\system32\html.iec
2011-11-03 15:28 . 2008-04-14 05:52        387072        ----a-w-        c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-14 05:52        1297920        ----a-w-        c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-14 05:52        1288704        ----a-w-        c:\windows\system32\ole32.dll
2006-05-03 10:06        163328        --sh--r-        c:\windows\system32\flvDX.dll
2007-02-21 11:47        31232        --sh--r-        c:\windows\system32\msfDX.dll
2008-03-16 13:30        216064        --sh--r-        c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"SBDrvDet"="c:\programme\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Wallpaper Juggler Monitor"="g:\programme\Wallpaper Juggler\WallpaperJugglerM.exe" [2004-09-22 40960]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"AVG_TRAY"="c:\programme\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Ich^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\dokumente und einstellungen\Ich\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37        843712        ----a-w-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45        1164584        ----a-w-        c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36        421888        ----a-w-        c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44        248552        ----a-w-        c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32        74752        ----a-w-        g:\programme\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"g:\\Programme\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"g:\\Programme\\SopCast\\SopCast.exe"=
"g:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"g:\\Programme\\TVUPlayer\\TVUPlayer.exe"=
"g:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Programme\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Programme\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.02.2011 07:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19.01.2011 03:32 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07.01.2011 05:41 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.02.2011 06:54 297168]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;g:\programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09.10.2009 04:45 169312]
R2 AVGIDSAgent;AVGIDSAgent;c:\programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.08.2011 00:33 7390560]
R2 avgwd;AVG WatchDog;c:\programme\AVG\AVG10\avgwdsvc.exe [08.02.2011 04:33 269520]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [24.10.2010 14:23 15840]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30.03.2011 16:17 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.02.2011 06:53 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.02.2011 06:53 27216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [09.04.2011 12:57 136176]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [09.04.2011 12:57 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\g:\programme\Lavasoft\Ad-Aware\KernExplorer.sys --> g:\programme\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S3 yjlck5l8.sys;yjlck5l8.sys;\??\c:\windows\system32\drivers\yjlck5l8.sys --> c:\windows\system32\drivers\yjlck5l8.sys [?]
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-04-09 11:57]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-04-09 11:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
MSConfigStartUp-iTunesHelper - g:\programme\iTunes\iTunesHelper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-30 14:04
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-1708537768-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:95,ed,15,74,f8,80,ec,6b,3e,84,02,83,2e,96,87,5f,7c,73,7f,b2,b7,
  f2,58,f5,7a,c9,58,e6,31,28,93,0d,4b,42,9e,9a,48,d8,98,30,6b,20,d6,1a,49,9d,\
"rkeysecu"=hex:9d,6e,f7,59,6d,f6,bf,21,f7,f5,28,f9,7c,7e,86,2f
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3364)
c:\windows\system32\ctagent.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
g:\programme\Java\bin\jqs.exe
g:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\wdfmgr.exe
c:\programme\AVG\AVG10\avgnsx.exe
c:\programme\AVG\AVG10\avgemcx.exe
c:\windows\system32\CTHELPER.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programme\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-30  14:08:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-30 13:08
.
Vor Suchlauf: 6 Verzeichnis(se), 15.424.954.368 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 15.603.273.728 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F078598992F5D2C14895B6771D54F3FD
--- --- ---


Kurzer Hinweis noch: Mein Virenprogramm AVG hatte ich für den Scan deaktiviert und nicht ganz geschlossen. Diese Möglichkeite konnte ich leider nicht finden.

cosinus 30.01.2012 14:15
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-

File::
c:\windows\system32\drivers\xpsec.sys

Driver::
xpsec
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Wurschtkopp 30.01.2012 14:48
Eine wichtige Frage vorneweg: Nach dem Neustart hat sich die "AVG Identity Protection" gemeldet und zwar hat sie in der Datei: C:\Combofix\NIRCMDB.exe die Bedrohung Tool-NirCmd gefunden. Ich habe jetzt die Möglichkeit die Datei in Quarantäne zu verschieben oder zuzulassen. Was soll ich da tun?

Hier das Log:

Combofix Logfile:
Code:
ComboFix 12-01-30.01 - Ich 30.01.2012  14:23:28.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.3071.2505 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Ich\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Ich\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\drivers\xpsec.sys"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xpsec
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-28 bis 2012-01-30  ))))))))))))))))))))))))))))))
.
.
2012-01-30 11:52 . 2012-01-30 11:52        --------        d-----w-        C:\_OTL
2012-01-28 11:22 . 2012-01-28 11:22        --------        d-----w-        c:\programme\ESET
2012-01-26 09:43 . 2012-01-26 09:43        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-01-26 09:43 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-22 11:50 . 2012-01-22 11:50        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2012-01-22 11:45 . 2012-01-22 11:46        --------        d-----w-        c:\dokumente und einstellungen\Administrator
2012-01-22 11:36 . 2012-01-22 11:36        --------        d-----w-        c:\dokumente und einstellungen\Ich\Anwendungsdaten\Simply Super Software
2012-01-21 22:21 . 2012-01-21 22:21        --------        d-----w-        c:\dokumente und einstellungen\Ich\Anwendungsdaten\Malwarebytes
2012-01-21 22:21 . 2012-01-21 22:21        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-06 10:52 . 2012-01-06 11:59        --------        d-----w-        c:\dokumente und einstellungen\Ich\Anwendungsdaten\Exodus
2012-01-06 10:50 . 2002-12-05 13:16        84992        ----a-w-        c:\windows\system32\atl70.dll
2012-01-06 10:50 . 2001-03-08 17:30        24064        ----a-w-        c:\windows\system32\msxml3a.dll
2012-01-06 10:46 . 2012-01-06 10:50        --------        d-----w-        c:\dokumente und einstellungen\Ich\Anwendungsdaten\.purple
2012-01-04 09:22 . 2012-01-04 09:22        --------        d-----w-        c:\programme\Microsoft Silverlight
2012-01-03 13:10 . 2012-01-03 13:10        182672        ----a-w-        c:\programme\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 11:29 . 2011-08-25 19:00        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2008-04-14 05:52        293888        ----a-w-        c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-04-14 05:23        1859712        ----a-w-        c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2008-04-14 05:52        61952        ----a-w-        c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 05:52        354816        ----a-w-        c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 05:52        152064        ----a-w-        c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2008-04-14 05:52        916992        ----a-w-        c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-14 05:53        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2008-04-14 05:52        43520        ------w-        c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2008-04-14 05:25        385024        ----a-w-        c:\windows\system32\html.iec
2011-11-03 15:28 . 2008-04-14 05:52        387072        ----a-w-        c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-14 05:52        1297920        ----a-w-        c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-14 05:52        1288704        ----a-w-        c:\windows\system32\ole32.dll
2006-05-03 10:06        163328        --sh--r-        c:\windows\system32\flvDX.dll
2007-02-21 11:47        31232        --sh--r-        c:\windows\system32\msfDX.dll
2008-03-16 13:30        216064        --sh--r-        c:\windows\system32\nbDX.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-01-30_13.04.17  )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-30 13:28 . 2012-01-30 13:28        16384              c:\windows\Temp\Perflib_Perfdata_75c.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"SBDrvDet"="c:\programme\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Wallpaper Juggler Monitor"="g:\programme\Wallpaper Juggler\WallpaperJugglerM.exe" [2004-09-22 40960]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"AVG_TRAY"="c:\programme\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Ich^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\dokumente und einstellungen\Ich\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37        843712        ----a-w-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45        1164584        ----a-w-        c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36        421888        ----a-w-        c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44        248552        ----a-w-        c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32        74752        ----a-w-        g:\programme\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"g:\\Programme\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"g:\\Programme\\SopCast\\SopCast.exe"=
"g:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"g:\\Programme\\TVUPlayer\\TVUPlayer.exe"=
"g:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Programme\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Programme\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.02.2011 07:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19.01.2011 03:32 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07.01.2011 05:41 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.02.2011 06:54 297168]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;g:\programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09.10.2009 04:45 169312]
R2 AVGIDSAgent;AVGIDSAgent;c:\programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.08.2011 00:33 7390560]
R2 avgwd;AVG WatchDog;c:\programme\AVG\AVG10\avgwdsvc.exe [08.02.2011 04:33 269520]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [24.10.2010 14:23 15840]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30.03.2011 16:17 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.02.2011 06:53 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.02.2011 06:53 27216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [09.04.2011 12:57 136176]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [09.04.2011 12:57 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\g:\programme\Lavasoft\Ad-Aware\KernExplorer.sys --> g:\programme\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
S3 yjlck5l8.sys;yjlck5l8.sys;\??\c:\windows\system32\drivers\yjlck5l8.sys --> c:\windows\system32\drivers\yjlck5l8.sys [?]
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-04-09 11:57]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-04-09 11:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-30 14:29
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-1708537768-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:95,ed,15,74,f8,80,ec,6b,3e,84,02,83,2e,96,87,5f,7c,73,7f,b2,b7,
  f2,58,f5,7a,c9,58,e6,31,28,93,0d,4b,42,9e,9a,48,d8,98,30,6b,20,d6,1a,49,9d,\
"rkeysecu"=hex:9d,6e,f7,59,6d,f6,bf,21,f7,f5,28,f9,7c,7e,86,2f
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(1576)
c:\windows\system32\ctagent.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
g:\programme\Java\bin\jqs.exe
g:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\wdfmgr.exe
c:\programme\AVG\AVG10\avgnsx.exe
c:\programme\AVG\AVG10\avgemcx.exe
c:\windows\system32\CTHELPER.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programme\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-30  14:32:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-30 13:32
ComboFix2.txt  2012-01-30 13:08
.
Vor Suchlauf: 10 Verzeichnis(se), 15.611.203.584 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 15.594.381.312 Bytes frei
.
- - End Of File - - 5ADB37BA2EF0CA7D939FF1D2AEC2B5D8
--- --- ---

cosinus 30.01.2012 14:59
Das ist ein Fehlalarm! Rate mal weswegen sonst der Virenscanner abgestellt werden muss wenn CF arbeiten soll!


Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Wurschtkopp 30.01.2012 15:11
Ok. Nur um sicherzugehen: Die Bedrohung TR/Crypt.XPACK.Gen in C:\Combofix\HANDLE.3XE ist auch ein Fehlalarm? Kam direkt nachdem ich die andere Datei zugelassen habe.

Sorry, will aber jetzt nicht irgendwas falsch machen und warte daher nochmal mit den anderen Logs, bis ich wegen der Meldung Bescheid weiß.

cosinus 30.01.2012 15:39
Ja das sind Fehlalarme! Wenn CF am wekreln ist muss der Virenscanner aus sein!

Wurschtkopp 30.01.2012 19:52
Hier die neuen Logs:

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-30 16:12:31
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Scsi\nvgts2Port2Path0Target0Lun0 WDC_WD36 rev.31.0
Running: k0lzty9v.exe; Driver: C:\DOKUME~1\Ich\LOKALE~1\Temp\uwgdqfow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0xB8391738]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0xB83917DC]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0xB8391878]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0xB8391914]

---- Kernel code sections - GMER 1.0.15 ----

?              Combo-Fix.sys                                                                                                              Das System kann die angegebene Datei nicht finden. !
.text          C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                    section is writeable [0xB72153A0, 0x5CC259, 0xE8000020]
?              C:\ComboFix\catchme.sys                                                                                                    Das System kann den angegebenen Pfad nicht finden. !
?              C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                                  Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                    fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                    AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----
--- --- ---



OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:37:55 on 30.01.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 9.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgrsx.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"AudioHQU.cpl" - "Creative Technology Ltd." - C:\WINDOWS\system32\AudioHQU.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgrkx86.sys
"AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgldx86.sys
"AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgmfx86.sys
"AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgtdix.sys
"AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSDriver.Sys
"AVGIDSEH" (AVGIDSEH) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSEH.Sys
"AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSFilter.Sys
"AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSShim.Sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - G:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"nvatabus" (nvatabus) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nvatabus.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"yjlck5l8.sys" (yjlck5l8.sys) - ? - C:\WINDOWS\system32\drivers\yjlck5l8.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgpp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - G:\Programme\7-Zip\7-zip.dll
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -  (File not found | COM-object registry key not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgse.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71} "Microsoft Image Composite Editor" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{D0FAC080-AE1A-11ce-8016-CE90976DC901} "Picture Publisher File Viewer" - ? - C:\WINDOWS\system32\ppiv20.dll  (File found, but it contains no detailed information)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - G:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - G:\Programme\Java\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - G:\Programme\Java\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - G:\Programme\Java\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{74DBCB52-F298-4110-951D-AD2FF67BC8AB} "NVIDIA Smart Scan" - "NVIDIA" - C:\WINDOWS\DOWNLO~1\NVIDIA~1.OCX / hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgssie.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - G:\Programme\Java\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - G:\Programme\Java\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"AVG_TRAY" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgtray.exe
"CTHelper" - "Creative Technology Ltd" - CTHELPER.EXE
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SBDrvDet" - "Creative Technology Ltd" - C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
"UpdReg" - "Creative Technology Ltd." - C:\WINDOWS\UpdReg.EXE
"Wallpaper Juggler Monitor" - "Topdownloads Networks" - "G:\Programme\Wallpaper Juggler\WallpaperJugglerM.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Active File Monitor V8" (AdobeActiveFileMonitor8.0) - "Adobe Systems Incorporated" - g:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgwdsvc.exe
"AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - G:\Programme\Java\bin\jqs.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"NMSAccess" (NMSAccess) - ? - G:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

aswMBR:

Code:
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-30 19:39:16
-----------------------------
19:39:16.000    OS Version: Windows 5.1.2600 Service Pack 3
19:39:16.000    Number of processors: 1 586 0x2701
19:39:16.000    ComputerName: ICH-0112C52BCD8  UserName: Ich
19:39:16.265    Initialize success
19:40:14.890    AVAST engine defs: 12013000
19:40:52.062    Disk 0  \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port1Path1Target1Lun0
19:40:52.062    Disk 0 Vendor: ST320082 3.03 Size: 190781MB BusType: 3
19:40:52.062    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\nvgts2Port2Path0Target0Lun0
19:40:52.062    Disk 1 Vendor: WDC_WD36 31.0 Size: 35304MB BusType: 3
19:40:52.062    Device \Driver\nvgts -> DriverStartIo SCSIPORT.SYS b7ee040e
19:40:52.078    Disk 1 MBR read successfully
19:40:52.093    Disk 1 MBR scan
19:40:52.171    Disk 1 Windows XP default MBR code
19:40:52.187    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS        35302 MB offset 2048
19:40:52.218    Disk 1 scanning sectors +72300544
19:40:52.281    Disk 1 scanning C:\WINDOWS\system32\drivers
19:40:57.296    Service scanning
19:40:58.171    Modules scanning
19:41:01.843    Disk 1 trace - called modules:
19:41:01.843    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
19:41:01.843    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8ac64030]
19:41:01.843    3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000074[0x8ac0a750]
19:41:01.843    5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Scsi\nvgts2Port2Path0Target0Lun0[0x8ac0a8e8]
19:41:02.078    AVAST engine scan C:\WINDOWS
19:41:04.906    AVAST engine scan C:\WINDOWS\system32
19:43:07.921    AVAST engine scan C:\WINDOWS\system32\drivers
19:43:15.328    AVAST engine scan C:\Dokumente und Einstellungen\Ich
19:45:46.031    AVAST engine scan C:\Dokumente und Einstellungen\All Users
19:47:53.750    Scan finished successfully
19:48:54.171    Disk 1 MBR has been saved successfully to "G:\Downloads\Virus\MBR.dat"
19:48:54.187    The log file has been saved successfully to "G:\Downloads\Virus\aswMBR.txt"

cosinus 30.01.2012 22:09
Zitat:
"yjlck5l8.sys" (yjlck5l8.sys) - ? - C:\WINDOWS\system32\drivers\yjlck5l8.sys (File not found)
Bitte mit OSAM deaktivieren und löschen (delete from storage) mach danach wieder ein neues Log mit OSAM

Wurschtkopp 31.01.2012 11:17
Hallo,
hier das neue Osam-Log:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:15:38 on 31.01.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 9.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgrsx.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"AudioHQU.cpl" - "Creative Technology Ltd." - C:\WINDOWS\system32\AudioHQU.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgrkx86.sys
"AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgldx86.sys
"AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgmfx86.sys
"AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgtdix.sys
"AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSDriver.Sys
"AVGIDSEH" (AVGIDSEH) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSEH.Sys
"AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSFilter.Sys
"AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSShim.Sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - G:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"nvatabus" (nvatabus) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nvatabus.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgpp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - G:\Programme\7-Zip\7-zip.dll
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -  (File not found | COM-object registry key not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgse.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71} "Microsoft Image Composite Editor" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{D0FAC080-AE1A-11ce-8016-CE90976DC901} "Picture Publisher File Viewer" - ? - C:\WINDOWS\system32\ppiv20.dll  (File found, but it contains no detailed information)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - G:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - G:\Programme\Java\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - G:\Programme\Java\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - G:\Programme\Java\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{74DBCB52-F298-4110-951D-AD2FF67BC8AB} "NVIDIA Smart Scan" - "NVIDIA" - C:\WINDOWS\DOWNLO~1\NVIDIA~1.OCX / hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgssie.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - G:\Programme\Java\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - G:\Programme\Java\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"AVG_TRAY" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgtray.exe
"CTHelper" - "Creative Technology Ltd" - CTHELPER.EXE
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SBDrvDet" - "Creative Technology Ltd" - C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
"UpdReg" - "Creative Technology Ltd." - C:\WINDOWS\UpdReg.EXE
"Wallpaper Juggler Monitor" - "Topdownloads Networks" - "G:\Programme\Wallpaper Juggler\WallpaperJugglerM.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Active File Monitor V8" (AdobeActiveFileMonitor8.0) - "Adobe Systems Incorporated" - g:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgwdsvc.exe
"AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - G:\Programme\Java\bin\jqs.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"NMSAccess" (NMSAccess) - ? - G:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

cosinus 31.01.2012 12:33
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Wurschtkopp 31.01.2012 17:56
Hallo,
habe jetzt alle Scans gemacht.

Malwarebytes hat was gefunden, das habe ich (wie in der Anleitung beschrieben) gelöscht. Auch Superantispyware hat was gefunden. Das habe ich noch nicht gelöscht.
Und ESET hat die beiden Sachen gefunden, die schon das erste mal gefunden wurden und die ich nicht löschen brauchte. (Habe mich allerdings verklickt und jetzt sind die in der Quarantäne gelandet.)

Aber hier einfach die Logs:

SUPERAntispyware:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/31/2012 at 03:14 PM

Application Version : 5.0.1142

Core Rules Database Version : 8183
Trace Rules Database Version: 5995

Scan type      : Complete Scan
Total Scan Time : 01:36:21

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 455
Memory threats detected  : 0
Registry items scanned    : 23358
Registry threats detected : 0
File items scanned        : 95000
File threats detected    : 5

Adware.Tracking Cookie
        C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\Cookies\GMDK29QA.txt [ Cookie:administrator@atdmt.com/ ]
        C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\Cookies\X356TFUV.txt [ Cookie:administrator@c.atdmt.com/ ]
        C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\Cookies\GN4AD8JH.txt [ Cookie:administrator@2o7.net/ ]
        C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\Cookies\9CPVIKQS.txt [ Cookie:administrator@interclick.com/ ]
        C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\Cookies\2XYV7OFV.txt [ Cookie:administrator@fastclick.net/ ]
Malwarebytes:

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.01.31.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ich :: ICH-0112C52BCD8 [Administrator]

31.01.2012 17:07:00
mbam-log-2012-01-31 (17-07-00).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 280870
Laufzeit: 40 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\System Volume Information\_restore{A5880384-B3AA-447F-90D1-11EC07673D7C}\RP246\A0081781.sys (Trojan.Agent.RKH) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=431649e9b6f012408bd5b5443eddc38c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-28 12:48:57
# local_time=2012-01-28 01:48:57 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777189 100 95 96524 70924879 0 0
# compatibility_mode=8192 67108863 100 0 3802 3802 0 0
# scanned=111350
# found=3
# cleaned=0
# scan_time=5023
C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\16\1eddb450-1b6c4d03        Java/Exploit.CVE-2011-3544.AC trojan (unable to clean)        00000000000000000000000000000000        I
G:\Downloads\cnet_gantt-chart_L_zip.exe        a variant of Win32/InstallCore.D application (unable to clean)        00000000000000000000000000000000        I
G:\Downloads\PDFCreator-1_2_3_setup.exe        Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=431649e9b6f012408bd5b5443eddc38c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-31 03:42:17
# local_time=2012-01-31 04:42:17 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777173 100 95 18872 71194406 0 0
# compatibility_mode=8192 67108863 100 0 273329 273329 0 0
# scanned=96405
# found=2
# cleaned=2
# scan_time=5096
G:\Downloads\cnet_gantt-chart_L_zip.exe        a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
G:\Downloads\PDFCreator-1_2_3_setup.exe        Win32/Adware.Toolbar.Dealio application (deleted - quarantined)        00000000000000000000000000000000        C

cosinus 31.01.2012 20:55
Sieht ok aus, da wurden nur Cookies gefunden. Die können weg, die Funde von ESET kannst du ignorieren.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist das System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Wurschtkopp 11.02.2012 16:36
Hallo,
sorry, dass ich mich jetzt erst wieder melde. Hatte die letzten Tage so viel um die Ohren, dass ich mich nicht auch noch um meinen Computer kümmern konnte.
Ich habe jetzt nochmal einen vollständigen Scan mit AVG gemacht und der zeigt mir jetzt noch eine Meldung an:

C:\System Volume Information\_restore{...}\RP241\A0078697.exe
Die Datei wurde von einer beschädigten digitalen Signatur signiert, die von Conduit Ltd. ausgestellt wurde.

Ist das problematisch?

Vielen Dank!

cosinus 12.02.2012 14:21
In System Volume Information sind die Dateien für Wiederherstellungspunkte gespeichert.

Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des Systems durch einen Wiederherstellungspunkt wahrscheinlich wieder eine Infektion nach sich ziehen würde.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:24 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131