Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ukash Bundespolizeivirus paysafecard (auf Windows XP) (https://www.trojaner-board.de/111531-ukash-bundespolizeivirus-paysafecard-windows-xp.html)

Regression 14.03.2012 23:48
Ukash Bundespolizeivirus paysafecard (auf Windows XP)
 
Guten Abend!
Wie zahlreiche Leute vor mir hat auch mich soeben der 100€ Ukash Virus erwischt. Und wie auch der Kollegen von vor einigen Minuten bin auch ich auf iLoad geraten und-zack! hier bin ich nun ;)

Ich hoffe sehr, hier finden sich an paar erfahrene Ukash-Killer, die mir weiterhelfen können :)

Danke schonmal im Voraus und hier Extras&OTL.Txt als Codes und Anhang - weiß nicht, wie ihr das lieber habt.


Liebe Grüße,
Regression

Extras.Txt:

Code:
OTL Extras logfile created on: 14.03.2012 23:23:03 - Run 1
OTL by OldTimer - Version 3.2.37.0    Folder = C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,73 Mb Total Physical Memory | 748,75 Mb Available Physical Memory | 73,21% Memory free
2,40 Gb Paging File | 2,31 Gb Available in Paging File | 96,09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 87,90 Gb Total Space | 16,36 Gb Free Space | 18,61% Space Free | Partition Type: NTFS
Drive D: | 87,90 Gb Total Space | 4,07 Gb Free Space | 4,63% Space Free | Partition Type: NTFS
Drive E: | 57,09 Gb Total Space | 48,85 Gb Free Space | 85,58% Space Free | Partition Type: NTFS
Drive G: | 149,04 Gb Total Space | 89,41 Gb Free Space | 59,99% Space Free | Partition Type: NTFS
 
Computer Name: DACHGESCHOSS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "D:\Programme\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe" = C:\Programme\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe:*:Enabled:EpsonNet Setup
"C:\Programme\Epson Software\Event Manager\EEventManager.exe" = C:\Programme\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth
"C:\Programme\Winamp\winamp.exe" = C:\Programme\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\Bianca\Anwendungsdaten\Spotify\spotify.exe" = C:\Dokumente und Einstellungen\Bianca\Anwendungsdaten\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"D:\Programme\jAlbum\jAlbum.exe" = D:\Programme\jAlbum\jAlbum.exe:*:Enabled:jAlbum
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"F:\Network\EpsonNetSetup\ENEasyApp.exe" = F:\Network\EpsonNetSetup\ENEasyApp.exe:*:Enabled:EpsonNet Setup
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05709317-05C6-BED8-3DE2-AB2D8EEAA485}" = twhirl
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{2B7E302B-9360-4A45-9A21-472D26A1EC47}" = DHP-302
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E15666-43C1-91A7-0281-498F9D383B2C}" = simfy
"{3A4FB885-E21E-48E9-9AFF-FF37D1ECB45F}" = Multimedia office keyboard
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B0E58BD-1F06-4A17-80FB-7C93C5FD039B}" = Lyrics Plugin for iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6091F327-2B13-4193-A6F1-4B2271613A74}_is1" = Feed Notifier 2.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{6E6F96BF-82BD-4EA7-96C9-CEF827A3B161}" = Collage Maker
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A556A5AD-2A0D-48ED-A8E8-EA524CA0D366}_is1" = LyricsFetcher v0.7
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 10.0.650.0
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"C-Media Audio" = C-Media 3D Audio
"conduitEngine" = Conduit Engine
"Corel Applications" = Corel(R) Applications
"de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1" = twhirl
"DesktopIconAmazon" = Desktop Icon für Amazon
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus Office BX310FN_TX510FN Benutzerhandbuch" = Epson Stylus Office BX310FN_TX510FN Handbuch
"EPSON SX235 Series" = EPSON SX235 Series Printer Uninstall
"ewidoantispyware4" = ewido anti-spyware 4.0
"facemoods" = Facemoods Toolbar
"foobar2000" = foobar2000 v1.0.3
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.3
"Free Studio_is1" = Free Studio version 5.1.4
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.0
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GSview 4.9" = GSview 4.9
"ie8" = Windows Internet Explorer 8
"Indeo® Software" = Indeo® Software
"InstallShield_{2B7E302B-9360-4A45-9A21-472D26A1EC47}" = DHP-302
"IrfanView" = IrfanView (remove only)
"iScrobbler" = iScrobbler
"LastFM_is1" = Last.fm 1.5.4.27091
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MP3 Remix for Winamp" = MP3 Remix for Winamp
"MP3 WAV Converter 2.65" = MP3 WAV Converter 2.65
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Neopets" = Neopets
"NVIDIA Display Driver" = NVIDIA Display Driver
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a
"PosteRazor_is1" = PosteRazor
"Q10" = Q10 Editor
"Screenshot Utility_is1" = Screenshot Utility version 1.0
"Simfy" = simfy
"Some PDF to Txt Converter_is1" = Some PDF to Txt Converter 1.5
"ST6UNST #1" = iPodLibrary v1.2b
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"TagScanner_is1" = TagScanner 5.1.597
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VisiPics_is1" = VisiPics V1.30
"VLC media player" = VLC media player 1.1.8
"Wallpaper Changer_is1" = Wallpaper Changer (Remove only)
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.02.2012 05:22:37 | Computer Name = DACHGESCHOSS | Source = .NET Runtime | ID = 1026
Description = Application: SciLors GrooveDownloader.vshost.exe Framework Version:
 v4.0.30319 Description: The process was terminated due to an unhandled exception.
Exception
 Info: System.IO.FileNotFoundException Stack:    at Microsoft.VisualStudio.HostingProcess.EntryPoint.Main()

 
Error - 22.02.2012 12:58:57 | Computer Name = DACHGESCHOSS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung finepixviewer.exe, Version 5.5.3.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 22.02.2012 13:02:33 | Computer Name = DACHGESCHOSS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung finepixviewer.exe, Version 5.5.3.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 26.02.2012 16:55:46 | Computer Name = DACHGESCHOSS | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AcroRd32.exe, Version 10.1.1.33, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 28.02.2012 06:22:23 | Computer Name = DACHGESCHOSS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iron.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul npswf32.dll, Version 11.0.1.152, Fehleradresse 0x001ac714.
 
Error - 01.03.2012 04:14:29 | Computer Name = DACHGESCHOSS | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung FinePixViewer.exe, Version 5.5.3.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 01.03.2012 12:09:24 | Computer Name = DACHGESCHOSS | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung gimp-2.6.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 05.03.2012 04:32:04 | Computer Name = DACHGESCHOSS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung winamp.exe, Version 5.6.1.3133, fehlgeschlagenes
 Modul dsp_pacemaker.dll, Version 1.3.2.0, Fehleradresse 0x00006f53.
 
Error - 08.03.2012 15:44:06 | Computer Name = DACHGESCHOSS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iron.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul npswf32.dll, Version 11.0.1.152, Fehleradresse 0x001ac714.
 
Error - 10.03.2012 04:07:35 | Computer Name = DACHGESCHOSS | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iTunes.exe, Version 10.6.0.40, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 14.03.2012 17:31:46 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google
 Update Service (gupdate).
 
Error - 14.03.2012 17:31:46 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 14.03.2012 17:31:46 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Machine
 Debug Manager.
 
Error - 14.03.2012 17:31:46 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Machine Debug Manager" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 14.03.2012 17:36:03 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google
 Update Service (gupdate).
 
Error - 14.03.2012 17:36:03 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 14.03.2012 18:02:17 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  ewido anti-spyware 4.0 driver  Fips  intelppm
 
Error - 14.03.2012 18:02:34 | Computer Name = DACHGESCHOSS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 14.03.2012 18:19:13 | Computer Name = DACHGESCHOSS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 14.03.2012 18:20:20 | Computer Name = DACHGESCHOSS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
 
< End of report >
Und OTL.Txt:

Code:
OTL logfile created on: 14.03.2012 23:23:03 - Run 1
OTL by OldTimer - Version 3.2.37.0    Folder = C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,73 Mb Total Physical Memory | 748,75 Mb Available Physical Memory | 73,21% Memory free
2,40 Gb Paging File | 2,31 Gb Available in Paging File | 96,09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 87,90 Gb Total Space | 16,36 Gb Free Space | 18,61% Space Free | Partition Type: NTFS
Drive D: | 87,90 Gb Total Space | 4,07 Gb Free Space | 4,63% Space Free | Partition Type: NTFS
Drive E: | 57,09 Gb Total Space | 48,85 Gb Free Space | 85,58% Space Free | Partition Type: NTFS
Drive G: | 149,04 Gb Total Space | 89,41 Gb Free Space | 59,99% Space Free | Partition Type: NTFS
 
Computer Name: DACHGESCHOSS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.14 23:20:15 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Desktop\OTL.exe
PRC - [2011.06.15 20:56:45 | 000,864,664 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.06.15 20:56:44 | 001,355,968 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.05 18:04:58 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.06.15 20:56:53 | 000,271,856 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.02.27 00:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.06.15 20:56:44 | 001,355,968 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.01.13 02:00:00 | 000,156,160 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV - [2011.01.13 02:00:00 | 000,125,440 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2006.06.16 15:38:44 | 000,172,032 | ---- | M] (Anti-Malware Development a.s.) [Auto | Stopped] -- C:\Programme\ewido anti-spyware 4.0\guard.exe -- (ewido anti-spyware 4.0 guard)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2010.06.09 20:56:48 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2008.04.13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006.06.16 15:38:54 | 000,003,968 | ---- | M] () [Kernel | System | Stopped] -- C:\Programme\ewido anti-spyware 4.0\guard.sys -- (ewido anti-spyware 4.0 driver)
DRV - [2004.08.03 23:38:56 | 000,327,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2003.07.02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Programme\BitDefender\BitDefender 2010\bdaphffext\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.08 20:44:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.03.08 20:44:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.03.08 20:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.03.08 20:44:19 | 000,000,000 | ---D | M]
 
[2012.02.12 15:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.14 09:41:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.26 11:52:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.13 10:58:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2010.03.16 10:55:22 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 10:55:22 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.07 16:54:59 | 000,002,048 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.03.16 10:55:22 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.16 10:55:22 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.16 10:55:22 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2001.08.18 20:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [facemoods] C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [FUFAXSTM] C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Wallpaper]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ExifLauncher2.lnk = D:\Programme\QuickDCF2.exe (FUJIFILM Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Mozilla Thunderbird (2).lnk = C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Multimedia office keyboard.lnk = C:\Programme\Multimedia office keyboard\driver\OEMDriver.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271189193484 (WUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D613512D-69CA-4093-BFAD-DEB17341F5EE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\x-mem1 {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\WowCtl2.dll (EzTools Software)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O27 - HKLM IFEO\chrome.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\opera.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\safari.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Programme\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.03 19:58:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: SSHNAS -  File not found
 
MsConfig - StartUpReg: Firefox - hkey= - key= - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.14 23:20:22 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Desktop\OTL.exe
[2012.03.14 23:19:05 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Eigene Dateien
[2012.03.14 23:12:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Anwendungsdaten\Adobe
[2012.03.14 23:03:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Lokale Einstellungen\Anwendungsdaten\Chromium
[2012.03.14 23:02:51 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\IETldCache
[2012.03.14 23:02:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2012.03.14 23:02:11 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Anwendungsdaten\Microsoft
[2012.03.14 23:02:11 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\SendTo
[2012.03.14 23:02:11 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Anwendungsdaten
[2012.03.14 23:02:11 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Startmenü\Programme\Zubehör
[2012.03.14 23:02:11 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Startmenü
[2012.03.14 23:02:11 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Startmenü\Programme\Autostart
[2012.03.14 23:02:11 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Cookies
[2012.03.14 23:02:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Vorlagen
[2012.03.14 23:02:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Recent
[2012.03.14 23:02:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Netzwerkumgebung
[2012.03.14 23:02:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Lokale Einstellungen
[2012.03.14 23:02:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Druckumgebung
[2012.03.14 23:02:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Anwendungsdaten\Macromedia
[2012.03.14 23:02:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Favoriten
[2012.03.14 23:02:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Desktop
[2012.03.08 21:18:19 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2012.03.08 20:43:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.14 23:20:15 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Desktop\OTL.exe
[2012.03.14 23:02:33 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012.03.14 23:01:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.14 21:05:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Epson Printer Software Downloader.job
[2012.03.11 12:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Datenträgerbereinigung.job
[2012.03.09 12:30:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.08 21:19:05 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012.03.08 20:21:04 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.14 23:02:12 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Startmenü\Programme\Remoteunterstützung.lnk
[2012.03.08 21:19:05 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2011.09.15 21:44:01 | 000,470,309 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1957994488-1417001333-839522115-1003-0.dat
[2011.09.04 23:14:21 | 000,378,634 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.04.07 14:55:32 | 020,586,196 | ---- | C] () -- C:\Programme\vlc-1.1.8-win32.exe
[2011.03.04 11:55:17 | 000,103,232 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.03.02 16:18:21 | 000,000,197 | ---- | C] () -- C:\WINDOWS\Assimil_d_fi.INI
[2011.03.02 16:18:08 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010.12.28 16:06:10 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\PDF2TXT.DAT
[2010.10.13 22:34:55 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.09.26 16:28:12 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010.09.26 16:28:12 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010.08.10 22:55:12 | 000,240,768 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.06.29 16:47:25 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010.06.27 13:06:59 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2010.06.14 17:51:24 | 000,001,528 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.05.18 21:08:33 | 001,133,418 | ---- | C] () -- C:\Programme\abcaudio_setup.exe
[2010.04.22 22:25:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010.04.22 07:45:17 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.04.21 19:20:28 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010.04.21 19:20:26 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010.04.21 19:20:26 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010.04.21 19:20:26 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010.04.21 19:20:25 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010.04.21 19:20:25 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010.04.21 19:20:25 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010.04.21 19:20:25 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010.04.21 19:20:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010.04.21 19:20:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010.04.21 19:20:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010.04.21 19:20:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010.04.21 19:20:23 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010.04.21 19:20:23 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010.04.21 19:20:23 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010.04.21 19:20:23 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010.04.21 19:20:22 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010.04.21 19:20:22 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010.04.21 19:20:22 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010.04.13 20:03:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2010.04.13 20:03:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
 
========== LOP Check ==========
 
[2010.04.13 20:20:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender
[2010.06.11 22:23:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2012.01.04 20:42:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2010.12.26 00:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm
[2010.10.06 17:07:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
[2010.09.25 22:34:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MP3 Remix
[2010.07.05 21:50:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PferdeHof
[2010.03.11 11:36:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\The Journal
[2010.04.21 20:05:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2011.03.21 14:20:45 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010.11.28 20:26:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.04.11 20:53:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.12.26 14:47:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012.03.14 23:02:33 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012.03.11 12:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\Datenträgerbereinigung.job
[2012.03.14 21:05:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Epson Printer Software Downloader.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012.03.08 21:19:51 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2012.03.14 23:02:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2010.06.12 11:15:22 | 000,000,000 | ---D | M] -- C:\Eigene Dateien
[2010.03.05 17:14:41 | 000,000,000 | -HSD | M] -- C:\found.000
[2010.08.31 09:28:27 | 000,000,000 | ---D | M] -- C:\My Music
[2011.03.10 20:46:33 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.03.08 21:18:19 | 000,000,000 | ---D | M] -- C:\Programme
[2010.06.12 12:46:43 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010.05.15 07:14:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.11 08:14:56 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2004.07.31 15:17:04 | 001,133,418 | ---- | M] () -- C:\Programme\abcaudio_setup.exe
[2011.04.07 14:56:03 | 020,586,196 | ---- | M] () -- C:\Programme\vlc-1.1.8-win32.exe
[2008.08.09 18:08:22 | 000,177,152 | ---- | M] () -- C:\Programme\WaveGain.exe
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.05.20 19:34:24 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010.05.20 19:34:24 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 02:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.05.20 19:34:24 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010.05.20 19:34:24 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.03 23:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.03 23:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.03 23:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.03 23:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.03 23:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.03 23:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2004.03.29 06:45:36 | 000,073,600 | R--- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\system32\drivers\viamraid.sys
 
< MD5 for: WINLOGON.EXE  >
[2004.08.03 23:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.18 20:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.18 20:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2010.03.03 20:43:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.03.03 20:43:31 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.03.03 20:43:31 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.03.14 23:19:21 | 000,786,432 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\NTUSER.DAT
[2012.03.14 23:20:22 | 000,397,312 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\NTUSER.DAT.LOG
[2012.03.14 23:02:13 | 000,000,020 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2010.12.31 15:03:39 | 001,855,104 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<          >

< End of report >

Chris4You 15.03.2012 08:50
Hi,

ist das OTL-Log vom verseuchten Konto?

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
O27 - HKLM IFEO\chrome.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\opera.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\safari.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

Regression 15.03.2012 09:49
Erstmal Vielen Dank für deine schnelle und kompetente Hilfe :daumenhoc

Ja, den OTL-Log habe ich über den abgesicherten Modus (den mit dem Netzwerk) von dem betroffenem Konto (das gleichzeitig Adminstrator ist) gemacht. Sonst gibt es nur noch ein weiteres Konto, was ich vor Jahren mal erstellt habe und seitdem nie wieder genutzt hab.

Ich habe also deine erste Anweisung ausgeführt: Nachdem ich auf Run Fixes geklickt habe und es eine Zeit dauerte, hab ich mich vom PC entfernt. Als ich dann zurück kam sah ich die Meldung, dass OTL einen Neustart bräuchte, dem ich dann zugestimmt habe. Der Computer ist dann im Normalmodus ordentlich hochgefahren und nachdem ich meine Genehmigung für OTL mit 'Ausführen' gegeben habe, öffnete sich folgende txt Datei betitelt mit "03152012_0856212 .

Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe\ deleted successfully.
C:\Programme\Internet Explorer\iexplore.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe\ deleted successfully.
File C:\Programme\Internet Explorer\iexplore.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe\ deleted successfully.
File C:\Programme\Internet Explorer\iexplore.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe\ deleted successfully.
File C:\Programme\Internet Explorer\iexplore.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 413019 bytes
 
User: Administrator.DACHGESCHOSS
->Temporary Internet Files folder emptied: 32768 bytes
 
User: Administrator.DACHGESCHOSS.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 276283 bytes
 
User: Administrator.DACHGESCHOSS.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57912 bytes
 
User: All Users
 
User: Bianca
->Temp folder emptied: 3215058772 bytes
->Temporary Internet Files folder emptied: 1542288127 bytes
->Java cache emptied: 53642820 bytes
->FireFox cache emptied: 315258845 bytes
->Flash cache emptied: 292974 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Gast
 
User: Hilfeassistent
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 154200457 bytes
 
User: SUPPORT_388945a0
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1335785 bytes
%systemroot%\System32 .tmp files removed: 5558695 bytes
%systemroot%\System32\dllcache .tmp files removed: 1180672 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53139073 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 5.095,00 mb
 
 
OTL by OldTimer - Version 3.2.37.0 log created on 03152012_085621

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
(Als Anhang kann ich die Datei hier komischerweise nicht anhängen, ich hoffe das geht auch so?)

Ist das nun das gleiche wie das Ergebnisfenster, von dem du gesprochen hast? Wenn nicht, müsstest du mir vielleicht erklären, wie ich jetzt noch da rankommen kann, da sich bei mir sonst nichts geöffnet hat :/


Und Malwarebytes ist gerade fleißig am arbeiten - sobald er fertig ist, werde ich die Ergebnisse hier nachtragen.

lg

Chris4You 15.03.2012 10:16
Hi,

ist das richtige log...

chris

Regression 15.03.2012 16:46
Hier wie versprochen der Log:

Code:
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.15.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bianca :: DACHGESCHOSS [administrator]

Protection: Enabled

15.03.2012 09:34:19
mbam-log-2012-03-15 (16-37-02).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 375867
Time elapsed: 2 hour(s), 7 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKCU\Software\WEK9EMDHI9 (Trojan.Agent) -> No action taken.
HKCU\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vasja (Trojan.RansomP.Gen) -> Data: C:\DOKUME~1\Bianca\LOKALE~1\Temp\mor.exe -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\Dokumente und Einstellungen\file.exe (Heuristics.Shuriken) -> No action taken.
C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads\refog_setup_free_kl_615.exe (Spyware.KGBSpy) -> No action taken.
C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads\SoftonicDownloader_for_collage-maker.exe (PUP.BundleOffer.Downloader.S) -> No action taken.
C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads\lyricsfetcher.exe (PUP.BundleOffer.Downloader.S) -> No action taken.
C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads\BflixInstaller.exe (Affiliate.Downloader) -> No action taken.
G:\Sicherung\Downloads\BflixInstaller.exe (Affiliate.Downloader) -> No action taken.
G:\Sicherung\Downloads\refog_setup_free_kl_615.exe (Spyware.KGBSpy) -> No action taken.
G:\Sicherung\Downloads\SoftonicDownloader_for_collage-maker.exe (PUP.BundleOffer.Downloader.S) -> No action taken.
G:\Sicherung 15.5.2011\Downloads\BflixInstaller.exe (Affiliate.Downloader) -> No action taken.
G:\Sicherung 15.5.2011\Downloads\refog_setup_free_kl_615.exe (Spyware.KGBSpy) -> No action taken.

(end)
War denn mein Virus schon dabei oder wird das noch eine längere Geschichte? :D

Chris4You 15.03.2012 20:32
Hi,

ooch, da waren noch ein paar andere dabei...

Alles gefundene von MAM löschen lassen!

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte gmer und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren!

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
  • Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste bitte den Inhalt des .txt Dokumentes

chris

Regression 15.03.2012 21:25
Gmer:
Zunächst habe ich versucht im Normalmodus zu scannen. Hat nicht geklappt, ich habe sofort blauen Bildschirm gehabt, der mir sagte, dass er zum Schutz des Pcs runterfährt oder sowas. Beim 2. Versuch das gleiche.

Dann hab ich es im abgesichterten Modus versucht. Hier schien der Scan auch zu starten und in der Liste links erschienen einige Einträge jedoch ging es dann plötzlich nicht mehr weiter. Die gerade gescannte Datei unten veränderte sich nicht mehr und egal wohin ich auf dem Bildschirm klickte, passierte nichts außer einem Windows-Pling-Ton und mir bliebt nichts anderes übrig, als abzuschalten :rolleyes:

Soll ich vielleicht nochmal scannen und die bis zum Festhängen aufgelisteten Dateien aufschreiben? Weiß ja nicht, ob das was hilft, ansonsten hast du ja vielleicht einen Rat, wie es doch noch klappt.

MBR-Check

Alles geklappt, hier der Log:

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows XP Professional
Windows Information:                Service Pack 3 (build 2600)
Logical Drives Mask:                0x0000007d

Kernel Drivers (total 121):
  0x804D7000 \WINDOWS\system32\ntoskrnl.exe
  0x806EF000 \WINDOWS\system32\hal.dll
  0xF7D63000 \WINDOWS\system32\KDCOM.DLL
  0xF7C73000 \WINDOWS\system32\BOOTVID.dll
  0xF7813000 ACPI.sys
  0xF7D65000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
  0xF7802000 pci.sys
  0xF7863000 isapnp.sys
  0xF7873000 ohci1394.sys
  0xF7883000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
  0xF7E2B000 pciide.sys
  0xF7AE3000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
  0xF7D67000 viaide.sys
  0xF7893000 MountMgr.sys
  0xF77E3000 ftdisk.sys
  0xF7D69000 dmload.sys
  0xF77BD000 dmio.sys
  0xF7AEB000 PartMgr.sys
  0xF78A3000 VolSnap.sys
  0xF77A5000 atapi.sys
  0xF7793000 viamraid.sys
  0xF777B000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
  0xF78B3000 disk.sys
  0xF78C3000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
  0xF775B000 fltmgr.sys
  0xF7749000 sr.sys
  0xF78D3000 Lbd.sys
  0xF78E3000 PxHelp20.sys
  0xF7732000 KSecDD.sys
  0xF76A5000 Ntfs.sys
  0xF7678000 NDIS.sys
  0xF7AF3000 viaagp1.sys
  0xF765E000 Mup.sys
  0xF6A86000 \SystemRoot\System32\DRIVERS\intelppm.sys
  0xF5E92000 \SystemRoot\system32\DRIVERS\ati2mtaa.sys
  0xF5E7E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF7C2B000 \SystemRoot\System32\DRIVERS\usbuhci.sys
  0xF5E5A000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
  0xF7C33000 \SystemRoot\System32\DRIVERS\usbehci.sys
  0xF6A76000 \SystemRoot\System32\DRIVERS\nic1394.sys
  0xF6A66000 \SystemRoot\System32\DRIVERS\cdrom.sys
  0xF6A26000 \SystemRoot\System32\DRIVERS\redbook.sys
  0xF5E37000 \SystemRoot\System32\DRIVERS\ks.sys
  0xF7C3B000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0xF7C43000 \SystemRoot\System32\DRIVERS\fdc.sys
  0xF5E23000 \SystemRoot\System32\DRIVERS\parport.sys
  0xF7CFB000 \SystemRoot\System32\DRIVERS\gameenum.sys
  0xF6A56000 \SystemRoot\System32\DRIVERS\i8042prt.sys
  0xF7C4B000 \SystemRoot\System32\DRIVERS\kbdclass.sys
  0xF6A46000 \SystemRoot\System32\DRIVERS\serial.sys
  0xF7CFF000 \SystemRoot\System32\DRIVERS\serenum.sys
  0xF5D5C000 \SystemRoot\system32\drivers\cmuda.sys
  0xF5D38000 \SystemRoot\system32\drivers\portcls.sys
  0xF6A36000 \SystemRoot\system32\drivers\drmk.sys
  0xF6A16000 \SystemRoot\System32\DRIVERS\fetnd5b.sys
  0xF7F4D000 \SystemRoot\System32\DRIVERS\audstub.sys
  0xF6A06000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
  0xF7D03000 \SystemRoot\System32\DRIVERS\ndistapi.sys
  0xF5D21000 \SystemRoot\System32\DRIVERS\ndiswan.sys
  0xF7A43000 \SystemRoot\System32\DRIVERS\raspppoe.sys
  0xF7A53000 \SystemRoot\System32\DRIVERS\raspptp.sys
  0xF7C53000 \SystemRoot\System32\DRIVERS\TDI.SYS
  0xF5D10000 \SystemRoot\System32\DRIVERS\psched.sys
  0xF7A63000 \SystemRoot\System32\DRIVERS\msgpc.sys
  0xF7C5B000 \SystemRoot\System32\DRIVERS\ptilink.sys
  0xF7C63000 \SystemRoot\System32\DRIVERS\raspti.sys
  0xF5CE0000 \SystemRoot\System32\DRIVERS\rdpdr.sys
  0xF7A73000 \SystemRoot\System32\DRIVERS\termdd.sys
  0xF7C6B000 \SystemRoot\System32\DRIVERS\mouclass.sys
  0xF7DA9000 \SystemRoot\System32\DRIVERS\swenum.sys
  0xF5C17000 \SystemRoot\System32\DRIVERS\update.sys
  0xF6420000 \SystemRoot\System32\DRIVERS\mssmbios.sys
  0xF7A93000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF5F12000 \SystemRoot\System32\DRIVERS\usbhub.sys
  0xF7DAF000 \SystemRoot\System32\DRIVERS\USBD.SYS
  0xF7BD3000 \SystemRoot\System32\DRIVERS\flpydisk.sys
  0xF7DED000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7F3D000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7DEF000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF7C13000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF7C0B000 \SystemRoot\System32\drivers\vga.sys
  0xF7DF1000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7DF3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF7BAB000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF7BB3000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF7616000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0xF04A0000 \SystemRoot\System32\DRIVERS\ipsec.sys
  0xF0447000 \SystemRoot\System32\DRIVERS\tcpip.sys
  0xF041F000 \SystemRoot\System32\DRIVERS\netbt.sys
  0xF03FD000 \SystemRoot\System32\drivers\afd.sys
  0xF79F3000 \SystemRoot\System32\DRIVERS\netbios.sys
  0xF03D2000 \SystemRoot\System32\DRIVERS\rdbss.sys
  0xF033A000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
  0xF247F000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF0314000 \SystemRoot\System32\DRIVERS\ipnat.sys
  0xF246F000 \SystemRoot\System32\DRIVERS\wanarp.sys
  0xF245F000 \SystemRoot\System32\DRIVERS\arp1394.sys
  0xF7F6E000 \??\C:\Programme\ewido anti-spyware 4.0\guard.sys
  0xF7D17000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xF243F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xF15FA000 \SystemRoot\System32\DRIVERS\mouhid.sys
  0xB3493000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xB3765000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0xB25BA000 \SystemRoot\System32\Drivers\dump_viamraid.sys
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xB363E000 \SystemRoot\System32\drivers\Dxapi.sys
  0xB3585000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF7E37000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\ati2dvaa.dll
  0xBF06F000 \SystemRoot\System32\ATMFD.DLL
  0xF7626000 \??\C:\WINDOWS\system32\drivers\mbam.sys
  0xEE264000 \SystemRoot\System32\DRIVERS\ndisuio.sys
  0xB2555000 \SystemRoot\system32\drivers\wdmaud.sys
  0xED8E0000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB22F8000 \SystemRoot\System32\DRIVERS\mrxdav.sys
  0xF7D9F000 \SystemRoot\System32\Drivers\ParVdm.SYS
  0xB2160000 \SystemRoot\System32\DRIVERS\srv.sys
  0xB1C47000 \SystemRoot\System32\Drivers\HTTP.sys
  0xB1E70000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 55):
      0 System Idle Process
      4 System
    664 C:\WINDOWS\system32\smss.exe
    724 csrss.exe
    748 C:\WINDOWS\system32\winlogon.exe
    792 C:\WINDOWS\system32\services.exe
    804 C:\WINDOWS\system32\lsass.exe
    960 C:\WINDOWS\system32\svchost.exe
    1080 svchost.exe
    1176 C:\WINDOWS\system32\svchost.exe
    1236 svchost.exe
    1364 svchost.exe
    1576 C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
    1648 C:\WINDOWS\explorer.exe
    1728 C:\WINDOWS\system32\spoolsv.exe
    1968 C:\WINDOWS\system32\rundll32.exe
    1980 C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe
    1988 C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    1996 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
    2004 C:\Programme\DivX\DivX Update\DivXUpdate.exe
    2012 C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
    180 C:\Programme\iTunes\iTunesHelper.exe
    196 C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
    216 C:\WINDOWS\system32\ctfmon.exe
    288 D:\Programme\QuickDCF2.exe
    296 C:\Programme\Mozilla Thunderbird\thunderbird.exe
    308 C:\Programme\Multimedia office keyboard\driver\OEMDriver.exe
    324 D:\Programme\Feed Notifier\notifier.exe
    1012 svchost.exe
    1132 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1204 C:\Programme\Bonjour\mDNSResponder.exe
    1476 C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50ST7.EXE
    1544 C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50RP7.EXE
    1768 C:\Programme\ewido anti-spyware 4.0\guard.exe
    1592 C:\Programme\Java\jre6\bin\jqs.exe
    652 C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
    1252 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
    500 C:\WINDOWS\system32\svchost.exe
    2296 C:\WINDOWS\system32\wuauclt.exe
    2512 C:\Programme\iPod\bin\iPodService.exe
    2548 unsecapp.exe
    3112 wmiprvse.exe
    3156 C:\WINDOWS\system32\wscntfy.exe
    3392 alg.exe
    3576 D:\Programme\SRWare Iron\iron.exe
    2992 C:\WINDOWS\system32\wbem\wmiapsrv.exe
    1860 D:\Programme\SRWare Iron\iron.exe
    3408 D:\Programme\SRWare Iron\iron.exe
    3492 D:\Programme\SRWare Iron\iron.exe
    3508 D:\Programme\SRWare Iron\iron.exe
    3512 D:\Programme\SRWare Iron\iron.exe
    3708 C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
    3028 D:\Programme\SRWare Iron\iron.exe
    2388 D:\Programme\SRWare Iron\iron.exe
    4072 C:\Dokumente und Einstellungen\Bianca\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000015`f94d2200  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000002b`f299c600  (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: ST3250318AS, Rev: CC38
PhysicalDrive1 Model Number: ST3160021AS, Rev: 3.05

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
    149 GB  \\.\PhysicalDrive1  Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

Chris4You 15.03.2012 21:44
Hi,

dann schauen wir mal per OSAM bzw. TDSS-Killer nach:

OSAM
OSAM
Prüft Programme/Treiber die gestartet werden online.
Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread.

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:
http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg
Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

Regression 15.03.2012 22:08
Na das hat jetzt aber Beides auf Anhieb geklappt!
OSAM:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:57:47 on 15.03.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: SRWare SRWare Iron 10.0.650.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"Epson Printer Software Downloader.job" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPAPDL\E_SAPDL2.EXE
"Ad-Aware Update (Weekly).job" - "Lavasoft                                                              " - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"ewido anti-spyware 4.0 driver" (ewido anti-spyware 4.0 driver) - ? - C:\Programme\ewido anti-spyware 4.0\guard.sys  (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"NTSIM" (NTSIM) - "VIA Networking Technologies, Inc.      " - C:\WINDOWS\System32\ntsim.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} "EzTools Wow2 Memory Map Asyncronous Pluggable Protocol Class" - "EzTools Software" - C:\WINDOWS\system32\WowCtl2.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "CShellExecuteHookImpl Object" - "Anti-Malware Development a.s." - C:\Programme\ewido anti-spyware 4.0\shellexecutehook.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "Winamp Toolbar" - "AOL LLC." - C:\Programme\Winamp Toolbar\winamptb.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
DirectAnimation Java Classes "DirectAnimation Java Classes" - ? -  (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\dajava.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? -  (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} "facemoods Toolbar" - "facemoods.com" - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" - "AOL LLC." - C:\Programme\Winamp Toolbar\winamptb.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{64182481-4F71-486b-A045-B233BD0DA8FC} "CescrtHlpr Object" - "facemoods.com BHO" - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar Loader" - "AOL LLC." - C:\Programme\Winamp Toolbar\winamptb.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"ExifLauncher2.lnk" - "FUJIFILM Corporation" - D:\Programme\QuickDCF2.exe  (Shortcut exists | File exists)
"Mozilla Thunderbird (2).lnk" - "Mozilla Messaging" - C:\Programme\Mozilla Thunderbird\thunderbird.exe  (Shortcut exists | File exists)
"Multimedia office keyboard.lnk" - ? - C:\Programme\Multimedia office keyboard\driver\OEMDriver.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Bianca\Startmenü\Programme\Autostart\desktop.ini
"Feed Notifier.lnk" - ? - D:\Programme\Feed Notifier\notifier.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"EEventManager" - "SEIKO EPSON CORPORATION" - C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
"facemoods" - "facemoods.com" - "C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
"FUFAXSTM" - "SEIKO EPSON CORPORATION" - "C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe"
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"EpsonNet Print Port" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\enppmon.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"ewido anti-spyware 4.0 guard" (ewido anti-spyware 4.0 guard) - "Anti-Malware Development a.s." - C:\Programme\ewido anti-spyware 4.0\guard.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Und TDSS-Killer

Code:
22:03:02.0437 2900        TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
22:03:02.0609 2900        ============================================================
22:03:02.0609 2900        Current date / time: 2012/03/15 22:03:02.0609
22:03:02.0609 2900        SystemInfo:
22:03:02.0609 2900       
22:03:02.0609 2900        OS Version: 5.1.2600 ServicePack: 3.0
22:03:02.0609 2900        Product type: Workstation
22:03:02.0609 2900        ComputerName: DACHGESCHOSS
22:03:02.0609 2900        UserName: Bianca
22:03:02.0609 2900        Windows directory: C:\WINDOWS
22:03:02.0609 2900        System windows directory: C:\WINDOWS
22:03:02.0609 2900        Processor architecture: Intel x86
22:03:02.0609 2900        Number of processors: 1
22:03:02.0609 2900        Page size: 0x1000
22:03:02.0609 2900        Boot type: Normal boot
22:03:02.0609 2900        ============================================================
22:03:03.0500 2900        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:03:03.0515 2900        Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:03:03.0515 2900        \Device\Harddisk0\DR0:
22:03:03.0515 2900        MBR used
22:03:03.0515 2900        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAFCA613
22:03:03.0531 2900        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xAFCA691, BlocksNum 0xAFCA613
22:03:03.0546 2900        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15F94CE3, BlocksNum 0x722B9DD
22:03:03.0546 2900        \Device\Harddisk1\DR1:
22:03:03.0546 2900        MBR used
22:03:03.0546 2900        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
22:03:03.0656 2900        Initialize success
22:03:03.0656 2900        ============================================================
22:03:47.0718 3420        ============================================================
22:03:47.0718 3420        Scan started
22:03:47.0718 3420        Mode: Manual; SigCheck; TDLFS;
22:03:47.0718 3420        ============================================================
22:03:47.0906 3420        Abiosdsk - ok
22:03:47.0953 3420        abp480n5 - ok
22:03:48.0000 3420        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:03:48.0296 3420        ACPI - ok
22:03:48.0375 3420        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:03:48.0531 3420        ACPIEC - ok
22:03:48.0578 3420        adpu160m - ok
22:03:48.0625 3420        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:03:48.0796 3420        aec - ok
22:03:48.0875 3420        AFD            (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
22:03:48.0906 3420        AFD - ok
22:03:48.0953 3420        Aha154x - ok
22:03:49.0000 3420        aic78u2 - ok
22:03:49.0046 3420        aic78xx - ok
22:03:49.0109 3420        AliIde - ok
22:03:49.0140 3420        amsint - ok
22:03:49.0218 3420        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:03:49.0390 3420        Arp1394 - ok
22:03:49.0421 3420        asc - ok
22:03:49.0468 3420        asc3350p - ok
22:03:49.0515 3420        asc3550 - ok
22:03:49.0609 3420        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:03:49.0765 3420        AsyncMac - ok
22:03:49.0812 3420        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:03:49.0984 3420        atapi - ok
22:03:50.0015 3420        Atdisk - ok
22:03:50.0093 3420        ati2mtaa        (effa0596bb3097f5dcb80096d0355b01) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
22:03:50.0281 3420        ati2mtaa - ok
22:03:50.0359 3420        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:03:50.0531 3420        Atmarpc - ok
22:03:50.0609 3420        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:03:50.0781 3420        audstub - ok
22:03:50.0828 3420        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:03:50.0984 3420        Beep - ok
22:03:51.0046 3420        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:03:51.0218 3420        cbidf2k - ok
22:03:51.0281 3420        cd20xrnt - ok
22:03:51.0328 3420        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:03:51.0515 3420        Cdaudio - ok
22:03:51.0546 3420        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:03:51.0765 3420        Cdfs - ok
22:03:51.0843 3420        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:03:52.0031 3420        Cdrom - ok
22:03:52.0062 3420        Changer - ok
22:03:52.0125 3420        CmdIde - ok
22:03:52.0218 3420        cmuda          (ddcde8ced6e753f9ebbd07659f808d9d) C:\WINDOWS\system32\drivers\cmuda.sys
22:03:52.0281 3420        cmuda - ok
22:03:52.0390 3420        Cpqarray - ok
22:03:52.0437 3420        dac2w2k - ok
22:03:52.0468 3420        dac960nt - ok
22:03:52.0546 3420        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:03:52.0734 3420        Disk - ok
22:03:52.0828 3420        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
22:03:53.0046 3420        dmboot - ok
22:03:53.0109 3420        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
22:03:53.0296 3420        dmio - ok
22:03:53.0343 3420        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:03:53.0515 3420        dmload - ok
22:03:53.0562 3420        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:03:53.0765 3420        DMusic - ok
22:03:53.0812 3420        dpti2o - ok
22:03:53.0859 3420        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:03:54.0046 3420        drmkaud - ok
22:03:54.0156 3420        ewido anti-spyware 4.0 driver (9b6b54865bd0ec9ed2532dad89554969) C:\Programme\ewido anti-spyware 4.0\guard.sys
22:03:54.0171 3420        ewido anti-spyware 4.0 driver ( UnsignedFile.Multi.Generic ) - warning
22:03:54.0171 3420        ewido anti-spyware 4.0 driver - detected UnsignedFile.Multi.Generic (1)
22:03:54.0265 3420        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:03:54.0453 3420        Fastfat - ok
22:03:54.0531 3420        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:03:54.0703 3420        Fdc - ok
22:03:54.0750 3420        FETNDIS        (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
22:03:54.0921 3420        FETNDIS - ok
22:03:55.0000 3420        FETNDISB        (b7186b33b6cf3a23841015531e6e7d68) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
22:03:55.0031 3420        FETNDISB - ok
22:03:55.0093 3420        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
22:03:55.0265 3420        Fips - ok
22:03:55.0296 3420        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:03:55.0484 3420        Flpydisk - ok
22:03:55.0546 3420        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:03:55.0718 3420        FltMgr - ok
22:03:55.0765 3420        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:03:55.0937 3420        Fs_Rec - ok
22:03:55.0968 3420        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:03:56.0156 3420        Ftdisk - ok
22:03:56.0234 3420        gameenum        (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:03:56.0406 3420        gameenum - ok
22:03:56.0437 3420        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:03:56.0453 3420        GEARAspiWDM - ok
22:03:56.0468 3420        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:03:56.0640 3420        Gpc - ok
22:03:56.0718 3420        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:03:56.0875 3420        HidUsb - ok
22:03:56.0906 3420        hpn - ok
22:03:56.0968 3420        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:03:56.0984 3420        HTTP - ok
22:03:57.0031 3420        i2omgmt - ok
22:03:57.0062 3420        i2omp - ok
22:03:57.0109 3420        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:03:57.0296 3420        i8042prt - ok
22:03:57.0359 3420        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:03:57.0515 3420        Imapi - ok
22:03:57.0546 3420        ini910u - ok
22:03:57.0593 3420        IntelIde - ok
22:03:57.0640 3420        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:03:57.0796 3420        intelppm - ok
22:03:57.0859 3420        ip6fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:03:58.0015 3420        ip6fw - ok
22:03:58.0093 3420        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:03:58.0265 3420        IpFilterDriver - ok
22:03:58.0312 3420        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:03:58.0468 3420        IpInIp - ok
22:03:58.0515 3420        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:03:58.0687 3420        IpNat - ok
22:03:58.0765 3420        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:03:58.0921 3420        IPSec - ok
22:03:59.0000 3420        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:03:59.0093 3420        IRENUM - ok
22:03:59.0156 3420        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:03:59.0328 3420        isapnp - ok
22:03:59.0390 3420        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:03:59.0562 3420        Kbdclass - ok
22:03:59.0593 3420        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:03:59.0750 3420        kbdhid - ok
22:03:59.0796 3420        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:03:59.0968 3420        kmixer - ok
22:04:00.0015 3420        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:04:00.0046 3420        KSecDD - ok
22:04:00.0156 3420        Lbd            (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
22:04:00.0671 3420        Lbd - ok
22:04:00.0703 3420        lbrtfdc - ok
22:04:00.0796 3420        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
22:04:00.0812 3420        MBAMProtector - ok
22:04:00.0875 3420        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:04:01.0046 3420        mnmdd - ok
22:04:01.0093 3420        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
22:04:01.0234 3420        Modem - ok
22:04:01.0265 3420        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:04:01.0421 3420        Mouclass - ok
22:04:01.0484 3420        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:04:01.0625 3420        mouhid - ok
22:04:01.0671 3420        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:04:01.0843 3420        MountMgr - ok
22:04:01.0890 3420        mraid35x - ok
22:04:01.0906 3420        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:04:02.0062 3420        MRxDAV - ok
22:04:02.0125 3420        MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:04:02.0171 3420        MRxSmb - ok
22:04:02.0250 3420        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:04:02.0406 3420        Msfs - ok
22:04:02.0437 3420        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:04:02.0593 3420        MSKSSRV - ok
22:04:02.0656 3420        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:04:02.0796 3420        MSPCLOCK - ok
22:04:02.0828 3420        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:04:02.0968 3420        MSPQM - ok
22:04:03.0031 3420        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:04:03.0187 3420        mssmbios - ok
22:04:03.0218 3420        Mup            (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:04:03.0343 3420        Mup - ok
22:04:03.0390 3420        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:04:03.0546 3420        NDIS - ok
22:04:03.0609 3420        NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:04:03.0765 3420        NdisTapi - ok
22:04:03.0796 3420        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:04:03.0968 3420        Ndisuio - ok
22:04:04.0031 3420        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:04:04.0187 3420        NdisWan - ok
22:04:04.0234 3420        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:04:04.0265 3420        NDProxy - ok
22:04:04.0328 3420        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:04:04.0484 3420        NetBIOS - ok
22:04:04.0562 3420        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:04:04.0718 3420        NetBT - ok
22:04:04.0828 3420        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:04:04.0984 3420        NIC1394 - ok
22:04:05.0031 3420        nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
22:04:05.0156 3420        nm - ok
22:04:05.0203 3420        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:04:05.0359 3420        Npfs - ok
22:04:05.0437 3420        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:04:05.0593 3420        Ntfs - ok
22:04:05.0671 3420        NTSIM          (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\System32\ntsim.sys
22:04:05.0703 3420        NTSIM ( UnsignedFile.Multi.Generic ) - warning
22:04:05.0703 3420        NTSIM - detected UnsignedFile.Multi.Generic (1)
22:04:05.0781 3420        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:04:05.0921 3420        Null - ok
22:04:06.0000 3420        nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:04:06.0218 3420        nv - ok
22:04:06.0296 3420        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:04:06.0437 3420        NwlnkFlt - ok
22:04:06.0484 3420        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:04:06.0625 3420        NwlnkFwd - ok
22:04:06.0671 3420        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:04:06.0812 3420        ohci1394 - ok
22:04:06.0859 3420        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
22:04:07.0000 3420        Parport - ok
22:04:07.0046 3420        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:04:07.0187 3420        PartMgr - ok
22:04:07.0250 3420        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:04:07.0406 3420        ParVdm - ok
22:04:07.0453 3420        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
22:04:07.0593 3420        PCI - ok
22:04:07.0625 3420        PCIDump - ok
22:04:07.0687 3420        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:04:07.0828 3420        PCIIde - ok
22:04:07.0890 3420        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:04:08.0015 3420        Pcmcia - ok
22:04:08.0062 3420        PDCOMP - ok
22:04:08.0093 3420        PDFRAME - ok
22:04:08.0140 3420        PDRELI - ok
22:04:08.0187 3420        PDRFRAME - ok
22:04:08.0218 3420        perc2 - ok
22:04:08.0250 3420        perc2hib - ok
22:04:08.0375 3420        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:04:08.0500 3420        PptpMiniport - ok
22:04:08.0562 3420        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
22:04:08.0703 3420        Processor - ok
22:04:08.0750 3420        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:04:08.0875 3420        PSched - ok
22:04:08.0937 3420        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:04:09.0078 3420        Ptilink - ok
22:04:09.0125 3420        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:04:09.0125 3420        PxHelp20 - ok
22:04:09.0156 3420        ql1080 - ok
22:04:09.0187 3420        Ql10wnt - ok
22:04:09.0218 3420        ql12160 - ok
22:04:09.0265 3420        ql1240 - ok
22:04:09.0312 3420        ql1280 - ok
22:04:09.0343 3420        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:04:09.0500 3420        RasAcd - ok
22:04:09.0546 3420        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:04:09.0671 3420        Rasl2tp - ok
22:04:09.0703 3420        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:04:09.0843 3420        RasPppoe - ok
22:04:09.0875 3420        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:04:10.0031 3420        Raspti - ok
22:04:10.0078 3420        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:04:10.0218 3420        Rdbss - ok
22:04:10.0281 3420        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:04:10.0421 3420        RDPCDD - ok
22:04:10.0484 3420        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:04:10.0625 3420        rdpdr - ok
22:04:10.0703 3420        RDPWD          (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:04:10.0843 3420        RDPWD - ok
22:04:10.0921 3420        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:04:11.0078 3420        redbook - ok
22:04:11.0187 3420        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:04:11.0281 3420        Secdrv - ok
22:04:11.0375 3420        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:04:11.0515 3420        serenum - ok
22:04:11.0546 3420        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
22:04:11.0671 3420        Serial - ok
22:04:11.0750 3420        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:04:11.0906 3420        Sfloppy - ok
22:04:11.0953 3420        Simbad - ok
22:04:12.0000 3420        Sparrow - ok
22:04:12.0062 3420        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:04:12.0187 3420        splitter - ok
22:04:12.0250 3420        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
22:04:12.0312 3420        sr - ok
22:04:12.0359 3420        Srv            (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
22:04:12.0375 3420        Srv - ok
22:04:12.0406 3420        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:04:12.0593 3420        swenum - ok
22:04:12.0640 3420        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:04:12.0765 3420        swmidi - ok
22:04:12.0796 3420        symc810 - ok
22:04:12.0828 3420        symc8xx - ok
22:04:12.0859 3420        sym_hi - ok
22:04:12.0875 3420        sym_u3 - ok
22:04:12.0921 3420        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:04:13.0046 3420        sysaudio - ok
22:04:13.0125 3420        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:04:13.0156 3420        Tcpip - ok
22:04:13.0218 3420        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:04:13.0359 3420        TDPIPE - ok
22:04:13.0390 3420        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:04:13.0515 3420        TDTCP - ok
22:04:13.0546 3420        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:04:13.0687 3420        TermDD - ok
22:04:13.0734 3420        TosIde - ok
22:04:13.0812 3420        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:04:13.0937 3420        Udfs - ok
22:04:13.0953 3420        ultra - ok
22:04:14.0031 3420        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:04:14.0187 3420        Update - ok
22:04:14.0265 3420        USBAAPL        (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:04:14.0281 3420        USBAAPL - ok
22:04:14.0328 3420        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:04:14.0453 3420        usbccgp - ok
22:04:14.0500 3420        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:04:14.0640 3420        usbehci - ok
22:04:14.0687 3420        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:04:14.0812 3420        usbhub - ok
22:04:14.0859 3420        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:04:14.0984 3420        usbscan - ok
22:04:15.0031 3420        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:04:15.0171 3420        USBSTOR - ok
22:04:15.0234 3420        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:04:15.0359 3420        usbuhci - ok
22:04:15.0375 3420        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:04:15.0515 3420        VgaSave - ok
22:04:15.0562 3420        viaagp1        (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
22:04:15.0562 3420        viaagp1 - ok
22:04:15.0609 3420        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:04:15.0734 3420        ViaIde - ok
22:04:15.0812 3420        viamraid        (65864aba65eee06ea586009301834e43) C:\WINDOWS\system32\DRIVERS\viamraid.sys
22:04:15.0828 3420        viamraid - ok
22:04:15.0875 3420        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
22:04:16.0015 3420        VolSnap - ok
22:04:16.0062 3420        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:04:16.0203 3420        Wanarp - ok
22:04:16.0218 3420        WDICA - ok
22:04:16.0265 3420        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:04:16.0406 3420        wdmaud - ok
22:04:16.0546 3420        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
22:04:16.0562 3420        WpdUsb - ok
22:04:16.0718 3420        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:04:16.0734 3420        WudfPf - ok
22:04:16.0921 3420        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:04:16.0937 3420        WudfRd - ok
22:04:17.0000 3420        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
22:04:17.0421 3420        \Device\Harddisk0\DR0 - ok
22:04:17.0453 3420        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
22:04:17.0828 3420        \Device\Harddisk1\DR1 ( TDSS File System ) - warning
22:04:17.0828 3420        \Device\Harddisk1\DR1 - detected TDSS File System (1)
22:04:17.0843 3420        Boot (0x1200)  (ac914bb143ad6195b31bb51f6b8a4c5d) \Device\Harddisk0\DR0\Partition0
22:04:17.0843 3420        \Device\Harddisk0\DR0\Partition0 - ok
22:04:17.0875 3420        Boot (0x1200)  (1f13dbf02700bbd348a65aef6cccd0a3) \Device\Harddisk0\DR0\Partition1
22:04:17.0875 3420        \Device\Harddisk0\DR0\Partition1 - ok
22:04:17.0906 3420        Boot (0x1200)  (f83c9920f2930d51cd81779d588e4a4b) \Device\Harddisk0\DR0\Partition2
22:04:17.0906 3420        \Device\Harddisk0\DR0\Partition2 - ok
22:04:17.0953 3420        Boot (0x1200)  (36d824b6768512f27198b260dcc71354) \Device\Harddisk1\DR1\Partition0
22:04:17.0953 3420        \Device\Harddisk1\DR1\Partition0 - ok
22:04:17.0953 3420        ============================================================
22:04:17.0953 3420        Scan finished
22:04:17.0953 3420        ============================================================
22:04:18.0093 1832        Detected object count: 3
22:04:18.0093 1832        Actual detected object count: 3
22:04:44.0890 1832        ewido anti-spyware 4.0 driver ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:44.0890 1832        ewido anti-spyware 4.0 driver ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:44.0890 1832        NTSIM ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:44.0890 1832        NTSIM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:44.0906 1832        \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
22:04:44.0906 1832        \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip

Chris4You 15.03.2012 22:25
Hi,

hmm....

Wieviele Partitionen habt Ihr auf Festplatte 1 bzw. 2?

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden...

chris

Regression 15.03.2012 22:49
Bin mir nicht ganz sicher, ob ich verstanden habe, was du mit der Partionierung gemeint hast.
Also ich habe 3 Festplatten (C,D,E) und zusätzlich noch eine (G mit Sicherheitskopien). Alle 4 Sind jedoch nicht noch weiter irgendwie unterteilt, wenn ich das richtig sehe.

Das mit Combofix werde ich dann Morgen in Ruhe machen und vorher wohl nochmal mein Zeugs sichern, wenn ich von dem Risiko bei der Sache lese.
Werde mich dann wieder melden :)

Chris4You 15.03.2012 22:59
Hi,

was mich etwas stutzig macht sind die beiden aktiven MBRs.... und die Meldung vom Killer bezüglich des TDSS-Filesysstems...

Habt Ihr Umleitungen in Google? Das wäre typisch für TDSS...

Normalerweise passiert nichts bei CF, allerdings hatte ich bisher einen Fall wo sich CF und die Malware so in die Haare bekommen haben, dass Windows zerschossen wurde...

Alternativ:
(Weniger gefährlich, läuft allerdings ca. 5-7h, daher jetzt installieren und über Nacht laufen lassen):
Cureit
Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris

Regression 16.03.2012 09:06
Wenn du mit Umleitungen meinst, dass ich, wenn ich auf einen Sucheintrag klicke ganz woanders rauskomme, dann nein. Benutze die Suche nicht so oft, daher habe ich es jetzt nur schnell mal mit einigen Suchbegriffen getestet. Läuft ganz genauso wie sonst auch immer.
EDIT: Oder könnten diese Umleitungen Browserabhängig sein? Benutze den SRWare Iron (Chromium). Ansonsten hätte ich noch FF und IE wenn sich solche Umleitungen da eher zeigen.

Gut also wenn du meinst, dass Cureit genauso effektiv arbeitet, dann würde ich das zuerst ausprobieren wollen (auch wenn ich die Nacht zum laufen lassen jetzt verschlafen hab :D). Wenn dabei nichts rauskommt, dann kann ich doch sicher immer noch Combofix machen.

Chris4You 16.03.2012 12:09
Hi,

TDDS fängt den gesamten Internetverkehr ab, daher ist es egal welcher Browser...

Lass Cureit los, CF ggf. dann später...

chris

Regression 16.03.2012 21:14
So hier nun das Ergebnis:

Code:
facemoodssrv.exe;c:\programme\facemoods.com\facemoods\1.4.17.11;Adware.Funmoods.3;Verschoben.;
DriverScanner.exe;C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads;Program.Uniblue.7;;
SoftonicDownloader_for_last-fm-scrobbler.exe;C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads;Adware.Downware.21;Verschoben.;
WebInstaller.exe;C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads;Trojan.DownLoader5.52228;Nicht desinfizierbar.Verschoben.;
uninstall.exe;C:\Programme\facemoods.com\facemoods\1.4.17.11;Adware.Funmoods.2;Verschoben.;
A0136753.exe;C:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP598;BackDoor.Bebloh.2;Gelöscht.;
A0149628.exe;C:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Adware.Funmoods.3;Verschoben.;
A0149629.exe;C:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Adware.Funmoods.2;Verschoben.;
DriverScanner.exe;G:\Sicherung 16.2.2012\Downloads;Program.Uniblue.7;;
SoftonicDownloader_for_last-fm-scrobbler.exe;G:\Sicherung 16.2.2012\Downloads;Adware.Downware.21;Verschoben.;
WebInstaller.exe;G:\Sicherung 16.2.2012\Downloads;Trojan.DownLoader5.52228;Nicht desinfizierbar.Verschoben.;
A0136754.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP598;Trojan.Damaged.1;Gelöscht.;
A0136755.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP598;Trojan.Damaged.1;Gelöscht.;
A0136756.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP598;Trojan.Damaged.1;Gelöscht.;
A0136757.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP598;Trojan.Damaged.1;Gelöscht.;
A0136758.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP598;Trojan.Damaged.1;Gelöscht.;
A0143065.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Program.Uniblue.7;;
A0143137.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Adware.Downware.21;Verschoben.;
A0143473.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Program.Uniblue.7;;
A0143550.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Adware.Downware.21;Verschoben.;
A0143580.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Trojan.DownLoader5.52228;Nicht desinfizierbar.Verschoben.;
A0149630.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Adware.Downware.21;Verschoben.;
A0149631.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Trojan.DownLoader5.52228;Nicht desinfizierbar.Verschoben.;
Hoffe das Ergebnis ist brauchbar und hilft weiter


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:44 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131