Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Sind meine Logfiles (nach Malware.Trace Bereinigung) ok? (https://www.trojaner-board.de/117405-logfiles-malware-trace-bereinigung-ok.html)

Miori 15.06.2012 20:02
Sind meine Logfiles (nach Malware.Trace Bereinigung) ok?
 
Hallo und guten Abend

Malwarebvtes Anti-Malware hat, nach einen vollständigen Scan auf meinem PC die Malware.Trace gefunden und zwar in:

C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\avdrn.dat
Ich habe wie vorgeschlagen bereinigt, nun ist es in Quarantäne.Ich weiß auch nicht ob ich das löschen soll, kann...

Danach habe ich die Malwarebvtes Anti-Malware noch mal vollständig scannen lassen und es wurde kein Fund mehr gemeldet.

Dann habe ich die Logfiles erstellt. Würdet ihr bitte mal drüber sehen und mir sagen ob damit alles ok ist.

Ich habe Windows XP, SP 3 , ich glaube 32 Bit

Ich hoffe, dass ich das alles richtig gemacht habe.

Vielen Dank im Voraus.



Code:
OTL Extras logfile created on: 15.06.2012 18:14:36 - Run 1
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 63,95% Memory free
3,81 Gb Paging File | 3,28 Gb Available in Paging File | 86,19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 101,08 Gb Free Space | 67,82% Space Free | Partition Type: NTFS
 
Computer Name: xxxx | User Name: xxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\opera.exe"
https [open] -- "C:\Programme\Opera\opera.exe"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Downloads\FLVPlayer_Setup.exe" = C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Downloads\FLVPlayer_Setup.exe:*:Enabled:Flash FLV Player -- ()
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series" = Canon MX350 series MP Drivers
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46442b17-da23-4466-ac4a-9afc5da9393f}" = Nero 9 Essentials
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6094AB91-4CC8-498E-9DFF-134CC0B159DE}" = PC Connectivity Solution
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8287D31D-78FF-4EDA-BB26-A29459E8DA97}" = Nokia Software Launcher
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E94E18-54D6-42C1-8FC4-24DACEDC3395}" = Nokia NSeries System Utilities
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E94603CA-2996-4154-8EE2-A5FCD4BFB500}" = Nokia Lifeblog 2.5
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{F779EC8D-6703-4C4A-817C-37B07898E647}" = Nokia NSeries Content Copier
"{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}" = Nokia NSeries Multimedia Player
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FD349381-D79C-4E5C-8980-015DFFB962D5}" = Nokia NSeries Application Installer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Canon MX350 series Benutzerregistrierung" = Canon MX350 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD  (03/19/2007 6.83.31.1)
"FreePDF_XP" = FreePDF XP (Remove only)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"ROM Papyrus Autor" = Papyrus Autor 3.52
"sm-un1.u32" = SoftMaker Office 2008 (C:\Programme\SoftMaker Office 2008)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wacom Tablet Driver" = Wacom Tablett
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.05.2012 17:28:34 | Computer Name = xxxx | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 16.05.2012 17:28:34 | Computer Name = xxxx | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 17.05.2012 16:23:39 | Computer Name = xxxx | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung YahooMessenger.exe, Version 11.0.0.2014, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.05.2012 16:23:40 | Computer Name = xxxx | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung YahooMessenger.exe, Version 11.0.0.2014, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.05.2012 16:23:40 | Computer Name = xxxx | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung YahooMessenger.exe, Version 11.0.0.2014, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.05.2012 16:23:40 | Computer Name = xxxx | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung YahooMessenger.exe, Version 11.0.0.2014, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.05.2012 16:24:31 | Computer Name = xxxx | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich -1714560907.
 
Error - 17.05.2012 16:24:42 | Computer Name = xxxx | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich -1714560907.
 
Error - 17.05.2012 16:24:52 | Computer Name = xxxx | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich -1714560907.
 
Error - 17.05.2012 16:24:53 | Computer Name = xxxx | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich -1714560907.
 
[ System Events ]
Error - 11.05.2012 13:26:17 | Computer Name = xxxx | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

        Neue
 Signaturversion:      Vorherige Signaturversion: 1.125.1581.0    Aktualisierungsquelle:
%%859    Aktualisierungsphase: %%854    Quellpfad: hxxp://www.microsoft.com    Signaturtyp:
%%800    Aktualisierungstyp: %%803    Benutzer: NT-AUTORITÄT\SYSTEM    Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8304.0    Fehlercode: 0x80240016    Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support".
 
Error - 11.05.2012 13:26:17 | Computer Name = xxxx | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

        Neue
 Signaturversion:      Vorherige Signaturversion: 1.125.1581.0    Aktualisierungsquelle:
%%859    Aktualisierungsphase: %%854    Quellpfad: hxxp://www.microsoft.com    Signaturtyp:
%%800    Aktualisierungstyp: %%803    Benutzer: NT-AUTORITÄT\SYSTEM    Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8304.0    Fehlercode: 0x80240016    Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support".
 
Error - 11.05.2012 13:26:17 | Computer Name = xxxx | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

        Neue
 Signaturversion:      Vorherige Signaturversion: 1.125.1581.0    Aktualisierungsquelle:
%%859    Aktualisierungsphase: %%853    Quellpfad: hxxp://www.microsoft.com    Signaturtyp:
%%800    Aktualisierungstyp: %%803    Benutzer: NT-AUTORITÄT\SYSTEM    Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8304.0    Fehlercode: 0x80240016    Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support".
 
Error - 08.06.2012 13:18:20 | Computer Name = xxxx | Source = Print | ID = 6161
Description = Das Dokument C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Eigene
 Bilder\Kinder,hundi,scotty\skot4.psd, im Besitz von xxxx, konnte nicht auf dem
 Drucker Canon MX350 series Printer gedruckt werden. Datentyp: NT EMF 1.008. Größe
 der Warteschlangendatei in Bytes: 12648448. Anzahl der gedruckten Bytes: 12560332.
 Gesamtanzahl der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 1. Clientcomputer:
 \\xxxx. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: 259 (0x103).
 
Error - 14.06.2012 14:23:14 | Computer Name = xxxx | Source = Print | ID = 6161
Description = Das Dokument Unbenannt 1, im Besitz von xxxx, konnte nicht auf
dem Drucker Canon MX350 series Printer gedruckt werden. Datentyp: NT EMF 1.008.
Größe der Warteschlangendatei in Bytes: 262144. Anzahl der gedruckten Bytes: 125840.
 Gesamtanzahl der Seiten des Dokuments: 9. Anzahl der gedruckten Seiten: 0. Clientcomputer:
 \\xxxx. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: 13 (0xd).
 
Error - 15.06.2012 11:41:11 | Computer Name = xxxx | Source = DCOM | ID = 10010
Description = Der Server "{C2BFE331-6739-4270-86C9-493D9A04CD38}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >
Code:
OTL logfile created on: 15.06.2012 18:14:36 - Run 1
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 63,95% Memory free
3,81 Gb Paging File | 3,28 Gb Available in Paging File | 86,19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 101,08 Gb Free Space | 67,82% Space Free | Partition Type: NTFS
 
Computer Name:xxxx | User Name: xxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Tablet\Wacom\libxml2.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TabletServiceWacom) -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (AVFSFilter) -- system32\DRIVERS\avfsfilter.sys File not found
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (hwusbfake) -- C:\WINDOWS\system32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (JMCR) -- C:\WINDOWS\system32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (Hotkey) -- C:\WINDOWS\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-rog
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Programme\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Programme\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Programme\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.20 00:07:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.20 00:08:58 | 000,000,000 | ---D | M]
 
[2010.02.04 16:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Mozilla\Extensions
[2012.04.30 20:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions
[2012.04.02 11:06:18 | 000,000,000 | ---D | M] (Click&amp;Clean) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com
[2012.05.18 20:25:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\b7wtnd0y.Standard-Benutzer\extensions
[2012.05.18 20:25:38 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\b7wtnd0y.Standard-Benutzer\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.03.13 15:49:59 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\b7wtnd0y.Standard-Benutzer\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.02.04 17:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\xe9a6lw2.default\extensions
[2010.02.04 16:23:44 | 000,000,000 | ---D | M] (FireShot) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\xe9a6lw2.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.02.04 17:12:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\xe9a6lw2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.04.30 20:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.30 20:16:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.03.20 21:01:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.08.21 18:59:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.21 18:59:37 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.08.21 18:59:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.21 18:59:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.21 18:59:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.21 18:59:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2001.08.18 15:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe File not found
O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\WButton.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261781556123 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261781517232 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0DDA801-E584-45EB-82C5-31AF39ECB647}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.22 21:41:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{16cf4195-52ed-11df-b68a-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{16cf4195-52ed-11df-b68a-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{16cf4195-52ed-11df-b68a-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{16cf4196-52ed-11df-b68a-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{16cf4196-52ed-11df-b68a-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{16cf4196-52ed-11df-b68a-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1b902fdc-51ed-11df-b688-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{1b902fdc-51ed-11df-b688-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b902fdc-51ed-11df-b688-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{34d4211a-8e04-11e1-b9c5-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{34d4211a-8e04-11e1-b9c5-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{34d4211a-8e04-11e1-b9c5-00225fd4842f}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{8de522d4-dfd3-11e0-b8d9-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{8de522d4-dfd3-11e0-b8d9-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8de522d4-dfd3-11e0-b8d9-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b28b3bd0-5851-11df-b696-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{b28b3bd0-5851-11df-b696-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b28b3bd0-5851-11df-b696-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{be316722-6bf2-11e0-b81d-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{be316722-6bf2-11e0-b81d-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be316722-6bf2-11e0-b81d-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{be316724-6bf2-11e0-b81d-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{be316724-6bf2-11e0-b81d-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be316724-6bf2-11e0-b81d-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{be316729-6bf2-11e0-b81d-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{be316729-6bf2-11e0-b81d-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be316729-6bf2-11e0-b81d-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c63d62ba-d653-11e0-b8c5-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{c63d62ba-d653-11e0-b8c5-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c63d62ba-d653-11e0-b8c5-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{da5759be-7014-11df-b6c3-001f1624ad63}\Shell - "" = AutoRun
O33 - MountPoints2\{da5759be-7014-11df-b6c3-001f1624ad63}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{da5759be-7014-11df-b6c3-001f1624ad63}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{da5759bf-7014-11df-b6c3-001f1624ad63}\Shell - "" = AutoRun
O33 - MountPoints2\{da5759bf-7014-11df-b6c3-001f1624ad63}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{da5759bf-7014-11df-b6c3-001f1624ad63}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.15 03:00:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\viren u ä
[2012.06.14 23:36:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Malwarebytes
[2012.06.14 23:36:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.06.14 23:36:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.06.14 23:36:26 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.14 23:36:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.06.12 20:04:30 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012.06.09 00:03:59 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxxx\Recent
[2012.05.20 00:08:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2012.05.20 00:08:21 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2012.05.20 00:08:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2012.05.16 23:14:13 | 002,002,416 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\xxxx\Desktop\HousecallLauncher.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.15 14:58:37 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012.06.15 14:48:56 | 000,013,708 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.15 14:48:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.14 23:41:35 | 000,054,651 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Hundefutter.tmd
[2012.06.14 23:36:35 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.13 19:52:50 | 000,314,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.13 00:25:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.12 19:59:31 | 000,320,696 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.12 19:59:31 | 000,315,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.12 19:59:31 | 000,049,484 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.12 19:59:31 | 000,041,150 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.10 15:30:27 | 000,052,881 | ---- | M] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2012.06.09 23:38:34 | 000,010,240 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.09 23:05:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.05.31 19:18:47 | 000,000,032 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\.simfy
[2012.05.31 15:22:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012.05.24 23:08:01 | 002,020,524 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\20052012387.jpg
[2012.05.24 23:07:47 | 002,142,095 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\20052012385.jpg
[2012.05.24 23:01:38 | 002,024,271 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\17052012377.jpg
[2012.05.20 00:23:29 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012.05.20 00:08:48 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2012.05.17 13:35:17 | 000,232,382 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Lokale Einstellungen\Anwendungsdaten\census.cache
[2012.05.17 13:35:16 | 000,175,184 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Lokale Einstellungen\Anwendungsdaten\ars.cache
[2012.05.17 01:28:32 | 000,000,450 | ---- | M] () -- C:\WINDOWS\DCEBOOT.RST
[2012.05.17 01:26:07 | 000,022,032 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2012.05.16 23:14:51 | 000,000,036 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2012.05.16 23:14:16 | 002,002,416 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\xxxx\Desktop\HousecallLauncher.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.14 23:41:35 | 000,054,651 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Hundefutter.tmd
[2012.06.14 23:36:35 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.13 00:24:39 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.05.31 19:18:47 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\.simfy
[2012.05.24 23:07:59 | 002,020,524 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\20052012387.jpg
[2012.05.24 23:07:44 | 002,142,095 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\20052012385.jpg
[2012.05.24 23:01:34 | 002,024,271 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\17052012377.jpg
[2012.05.20 00:08:48 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2012.05.17 01:28:32 | 000,000,450 | ---- | C] () -- C:\WINDOWS\DCEBOOT.RST
[2012.05.17 01:26:07 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2012.05.16 23:33:31 | 000,232,382 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Lokale Einstellungen\Anwendungsdaten\census.cache
[2012.05.16 23:33:27 | 000,175,184 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Lokale Einstellungen\Anwendungsdaten\ars.cache
[2012.05.16 23:14:51 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2012.02.16 13:27:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.10.09 18:46:33 | 000,000,088 | ---- | C] () -- C:\WINDOWS\DTK100_2.INI
[2011.02.12 18:53:30 | 000,052,881 | ---- | C] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2010.12.25 03:00:22 | 000,010,240 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.18 23:41:24 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.08.12 19:58:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.09 19:50:01 | 000,540,672 | ---- | C] () -- C:\WINDOWS\_UnInst.exe
 
========== LOP Check ==========
 
[2011.05.28 19:21:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2012.01.30 15:56:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2010.05.21 12:28:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\clp
[2010.05.29 19:26:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Toolkit Suite
[2009.12.28 19:14:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData
[2010.04.09 23:05:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM
[2010.04.09 23:04:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail
[2011.06.28 21:08:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011.02.12 18:55:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009.12.22 22:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2011.01.22 21:20:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012.01.30 15:56:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Canon
[2011.05.28 19:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Canon Easy-WebPrint EX
[2010.04.20 23:10:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Fighters
[2012.02.06 20:31:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\LaunchPad
[2011.06.28 20:52:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Nokia
[2011.10.09 01:05:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\NSeries
[2012.02.08 21:39:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\OpenOffice.org
[2009.12.26 14:12:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Opera
[2010.08.09 19:58:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Papyrus Autor
[2011.06.28 20:52:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\PC Suite
[2011.08.24 19:51:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Simfy
[2012.05.12 21:39:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\SoftMaker
[2011.01.22 21:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\PSE8_win.exe:SummaryInformation

< End of report >

cosinus 18.06.2012 13:17
Bitte alle Logs von Malwarebytes vollständig posten!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Miori 18.06.2012 18:38
Hallo Arne
vielen Dank für deine Antwort.

Dies war der erste Scann mit Malwarebytes:

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.14.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
XXXX :: XXXX [Administrator]

14.06.2012 23:44:25
mbam-log-2012-06-14 (23-44-25).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 308112
Laufzeit: 55 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\avdrn.dat (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
und dies der zweite Scan:

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.15.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
XXXX :: XXXX [Administrator]

15.06.2012 14:51:56
mbam-log-2012-06-15 (14-51-56).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 307905
Laufzeit: 56 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Ich hoffe, dass ich es hier richtig eingestellt habe.

cosinus 18.06.2012 21:17
Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.

Miori 18.06.2012 23:31
Hallo Arne
nochmals danke, dass du mir weiter hilfst.
Ich habe alles gemacht wie beschrieben.
Hier sind die logs:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=72f0d6d3a04da84eaba8619f5844ce1b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-18 10:16:06
# local_time=2012-06-19 12:16:06 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776533 42 92 9182 7787635 0 0
# compatibility_mode=8192 67108863 100 0 145 145 0 0
# scanned=83547
# found=4
# cleaned=0
# scan_time=4680
C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Downloads\Babylon8_setup.exe        a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Downloads\FLVPlayer_Setup.exe        a variant of Win32/SweetIM.A application (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Eigene Bilder\Downloads\Babylon8_setup.exe        a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Eigene Bilder\Downloads\FLVPlayer_Setup.exe        a variant of Win32/SweetIM.A application (unable to clean)        00000000000000000000000000000000        I
Da wurden 4 Funde angezeigt.
Was muss ich nun weiter unternehmen?

Ich wünsche eine gute Nacht und

lieben Gruß
Miori

cosinus 19.06.2012 08:27
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Miori 19.06.2012 19:46
Hallo Arne
hier sind die OTL. Files
OTL Logfile:
Code:
OTL logfile created on: 19.06.2012 20:24:51 - Run 2
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 75,36% Memory free
3,81 Gb Paging File | 3,50 Gb Available in Paging File | 91,89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 100,41 Gb Free Space | 67,37% Space Free | Partition Type: NTFS
 
Computer Name: XXXX | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Wacom\Wacom_TouchService.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Tablet\Wacom\libxml2.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (TabletServiceWacom) -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServiceWacom) -- C:\Programme\Tablet\Wacom\Wacom_TouchService.exe (Wacom Technology, Corp.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (AVFSFilter) -- system32\DRIVERS\avfsfilter.sys File not found
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (hwusbfake) -- C:\WINDOWS\system32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (JMCR) -- C:\WINDOWS\system32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (Hotkey) -- C:\WINDOWS\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-602162358-179605362-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-602162358-179605362-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-602162358-179605362-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
IE - HKU\S-1-5-21-602162358-179605362-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-602162358-179605362-725345543-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-602162358-179605362-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-602162358-179605362-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKU\S-1-5-21-602162358-179605362-725345543-1003\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2
IE - HKU\S-1-5-21-602162358-179605362-725345543-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-rog
IE - HKU\S-1-5-21-602162358-179605362-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Programme\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Programme\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Programme\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Programme\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.4: C:\Programme\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Programme\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.18 19:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.20 00:08:58 | 000,000,000 | ---D | M]
 
[2010.02.04 16:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Extensions
[2012.04.30 20:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions
[2012.04.02 11:06:18 | 000,000,000 | ---D | M] (Click&amp;Clean) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com
[2012.05.18 20:25:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\b7wtnd0y.Standard-Benutzer\extensions
[2012.05.18 20:25:38 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\b7wtnd0y.Standard-Benutzer\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.03.13 15:49:59 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\b7wtnd0y.Standard-Benutzer\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.02.04 17:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\xe9a6lw2.default\extensions
[2010.02.04 16:23:44 | 000,000,000 | ---D | M] (FireShot) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\xe9a6lw2.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.02.04 17:12:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\xe9a6lw2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.04.30 20:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.18 19:18:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.03.20 21:01:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.18 19:18:07 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.18 19:18:07 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.18 19:18:07 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 19:18:07 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 19:18:07 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 19:18:07 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2001.08.18 15:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-602162358-179605362-725345543-1003\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe File not found
O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\WButton.exe File not found
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-179605362-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261781556123 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261781517232 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0DDA801-E584-45EB-82C5-31AF39ECB647}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.22 21:41:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{16cf4195-52ed-11df-b68a-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{16cf4195-52ed-11df-b68a-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{16cf4195-52ed-11df-b68a-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{16cf4196-52ed-11df-b68a-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{16cf4196-52ed-11df-b68a-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{16cf4196-52ed-11df-b68a-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1b902fdc-51ed-11df-b688-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{1b902fdc-51ed-11df-b688-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b902fdc-51ed-11df-b688-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{34d4211a-8e04-11e1-b9c5-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{34d4211a-8e04-11e1-b9c5-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{34d4211a-8e04-11e1-b9c5-00225fd4842f}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{8de522d4-dfd3-11e0-b8d9-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{8de522d4-dfd3-11e0-b8d9-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8de522d4-dfd3-11e0-b8d9-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b28b3bd0-5851-11df-b696-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{b28b3bd0-5851-11df-b696-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b28b3bd0-5851-11df-b696-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{be316722-6bf2-11e0-b81d-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{be316722-6bf2-11e0-b81d-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be316722-6bf2-11e0-b81d-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{be316724-6bf2-11e0-b81d-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{be316724-6bf2-11e0-b81d-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be316724-6bf2-11e0-b81d-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{be316729-6bf2-11e0-b81d-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{be316729-6bf2-11e0-b81d-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be316729-6bf2-11e0-b81d-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c63d62ba-d653-11e0-b8c5-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{c63d62ba-d653-11e0-b8c5-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c63d62ba-d653-11e0-b8c5-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{da5759be-7014-11df-b6c3-001f1624ad63}\Shell - "" = AutoRun
O33 - MountPoints2\{da5759be-7014-11df-b6c3-001f1624ad63}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{da5759be-7014-11df-b6c3-001f1624ad63}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{da5759bf-7014-11df-b6c3-001f1624ad63}\Shell - "" = AutoRun
O33 - MountPoints2\{da5759bf-7014-11df-b6c3-001f1624ad63}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{da5759bf-7014-11df-b6c3-001f1624ad63}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= -  File not found
MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: NSLauncher - hkey= - key= - C:\Programme\Nokia\Nokia Software Launcher\NSLauncher.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Search Protection - hkey= - key= - C:\Programme\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
MsConfig - StartUpReg: Smash - hkey= - key= - C:\Programme\SoftMaker Office 2008\Smash.exe ()
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: YSearchProtection - hkey= - key= - C:\Programme\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C7E264F5-A3E8-B0CB-7A7A-F24AC861CEF1} - Java (Sun)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.18 22:55:42 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.06.18 22:50:41 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\XXXX\Desktop\esetsmartinstaller_enu.exe
[2012.06.18 19:16:36 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\XXXX\Recent
[2012.06.16 00:11:44 | 001,422,200 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Touch_Tablet.dll
[2012.06.16 00:11:36 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Wacom Tablett
[2012.06.16 00:11:32 | 001,453,432 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WacomMT.dll
[2012.06.15 03:00:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\viren u ä
[2012.06.14 23:36:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Malwarebytes
[2012.06.14 23:36:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.06.14 23:36:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.06.14 23:36:26 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.14 23:36:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.19 20:10:48 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012.06.19 20:04:42 | 000,013,708 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.19 20:00:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.18 22:50:44 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\XXXX\Desktop\esetsmartinstaller_enu.exe
[2012.06.16 23:05:05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.06.14 23:41:35 | 000,054,651 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\Hundefutter.tmd
[2012.06.14 23:36:35 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.13 19:52:50 | 000,314,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.12 19:59:31 | 000,320,696 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.12 19:59:31 | 000,315,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.12 19:59:31 | 000,049,484 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.12 19:59:31 | 000,041,150 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.10 15:30:27 | 000,052,881 | ---- | M] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2012.06.09 23:38:34 | 000,010,240 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.31 19:18:47 | 000,000,032 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\.simfy
[2012.05.24 23:08:01 | 002,020,524 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\20052012387.jpg
[2012.05.24 23:07:47 | 002,142,095 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\20052012385.jpg
[2012.05.24 23:01:38 | 002,024,271 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\17052012377.jpg
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.14 23:41:35 | 000,054,651 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\Hundefutter.tmd
[2012.06.14 23:36:35 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.31 19:18:47 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\.simfy
[2012.05.24 23:07:59 | 002,020,524 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\20052012387.jpg
[2012.05.24 23:07:44 | 002,142,095 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\20052012385.jpg
[2012.05.24 23:01:34 | 002,024,271 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\17052012377.jpg
[2012.05.17 01:26:07 | 000,022,032 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2012.05.16 23:33:31 | 000,232,382 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\census.cache
[2012.05.16 23:33:27 | 000,175,184 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\ars.cache
[2012.05.16 23:14:51 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2012.02.16 13:27:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.10.09 18:46:33 | 000,000,088 | ---- | C] () -- C:\WINDOWS\DTK100_2.INI
[2011.02.12 18:53:30 | 000,052,881 | ---- | C] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2010.12.25 03:00:22 | 000,010,240 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.18 23:41:24 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.08.12 19:58:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.09 19:50:01 | 000,540,672 | ---- | C] () -- C:\WINDOWS\_UnInst.exe
 
========== LOP Check ==========
 
[2011.05.28 19:21:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2012.01.30 15:56:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2010.05.21 12:28:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\clp
[2010.05.29 19:26:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Toolkit Suite
[2009.12.28 19:14:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData
[2010.04.09 23:05:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM
[2010.04.09 23:04:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail
[2011.06.28 21:08:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011.02.12 18:55:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009.12.22 22:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2011.01.22 21:20:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012.01.30 15:56:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Canon
[2011.05.28 19:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Canon Easy-WebPrint EX
[2010.04.20 23:10:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Fighters
[2012.02.06 20:31:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\LaunchPad
[2011.06.28 20:52:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Nokia
[2011.10.09 01:05:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\NSeries
[2012.02.08 21:39:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\OpenOffice.org
[2009.12.26 14:12:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Opera
[2010.08.09 19:58:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Papyrus Autor
[2011.06.28 20:52:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\PC Suite
[2011.08.24 19:51:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Simfy
[2012.05.12 21:39:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\SoftMaker
[2011.01.22 21:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\TuneUp Software
[2010.05.20 13:48:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Common Toolkit Suite
[2011.09.03 23:54:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Nokia
[2012.05.12 21:56:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\OpenOffice.org
[2010.02.18 21:09:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Opera
[2011.09.03 23:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Papyrus Autor
[2011.09.03 23:55:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\PC Suite
[2012.05.12 22:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\SoftMaker
[2011.01.29 21:43:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2010.07.24 19:41:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Office Genuine Advantage
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.24 19:39:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Adobe
[2012.02.10 21:13:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Apple Computer
[2012.01.30 15:56:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Canon
[2011.05.28 19:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Canon Easy-WebPrint EX
[2010.04.20 23:10:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Fighters
[2011.01.23 01:33:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Google
[2009.12.22 21:45:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Identities
[2009.12.22 22:24:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\InstallShield
[2012.02.06 20:31:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\LaunchPad
[2009.12.26 13:16:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Macromedia
[2012.06.14 23:36:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Malwarebytes
[2010.07.21 10:36:32 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Microsoft
[2010.02.04 16:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla
[2010.04.21 15:18:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Nero
[2011.06.28 20:52:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Nokia
[2011.10.09 01:05:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\NSeries
[2012.02.08 21:39:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\OpenOffice.org
[2009.12.26 14:12:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Opera
[2010.08.09 19:58:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Papyrus Autor
[2011.06.28 20:52:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\PC Suite
[2011.08.24 19:51:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Simfy
[2012.05.12 21:39:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\SoftMaker
[2010.02.04 16:57:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Sun
[2011.01.22 21:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\TuneUp Software
[2011.08.30 20:39:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\WinRAR
[2012.06.16 00:11:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\WTablet
[2010.01.09 23:33:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Yahoo!
 
< %APPDATA%\*.exe /s >
[2012.05.31 19:11:43 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009.03.20 00:57:34 | 000,040,960 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\xe9a6lw2.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
[2007.11.28 12:03:40 | 000,523,776 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\SoftMaker\smun3250.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 03:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.12.26 12:33:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.12.26 12:33:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 03:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.12.26 12:33:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.12.26 12:33:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 02:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 02:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 02:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 02:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 02:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 02:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.18 15:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.18 15:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.12.22 22:28:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.12.22 22:28:58 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.12.22 22:28:58 | 000,458,752 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\PSE8_win.exe:SummaryInformation

< End of report >
--- --- ---


Lieben Gruß
Miori

cosinus 20.06.2012 10:24
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
IE - HKU\S-1-5-21-602162358-179605362-725345543-1003\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2
IE - HKU\S-1-5-21-602162358-179605362-725345543-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-rog
[2012.04.02 11:06:18 | 000,000,000 | ---D | M] (Click&amp;Clean) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com
[2010.02.04 17:12:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\xe9a6lw2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-179605362-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.22 21:41:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{16cf4195-52ed-11df-b68a-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{16cf4195-52ed-11df-b68a-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{16cf4195-52ed-11df-b68a-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{16cf4196-52ed-11df-b68a-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{16cf4196-52ed-11df-b68a-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{16cf4196-52ed-11df-b68a-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1b902fdc-51ed-11df-b688-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{1b902fdc-51ed-11df-b688-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b902fdc-51ed-11df-b688-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{34d4211a-8e04-11e1-b9c5-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{34d4211a-8e04-11e1-b9c5-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{34d4211a-8e04-11e1-b9c5-00225fd4842f}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{8de522d4-dfd3-11e0-b8d9-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{8de522d4-dfd3-11e0-b8d9-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8de522d4-dfd3-11e0-b8d9-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b28b3bd0-5851-11df-b696-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{b28b3bd0-5851-11df-b696-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b28b3bd0-5851-11df-b696-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{be316722-6bf2-11e0-b81d-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{be316722-6bf2-11e0-b81d-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be316722-6bf2-11e0-b81d-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{be316724-6bf2-11e0-b81d-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{be316724-6bf2-11e0-b81d-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be316724-6bf2-11e0-b81d-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{be316729-6bf2-11e0-b81d-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{be316729-6bf2-11e0-b81d-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be316729-6bf2-11e0-b81d-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c63d62ba-d653-11e0-b8c5-00225fd4842f}\Shell - "" = AutoRun
O33 - MountPoints2\{c63d62ba-d653-11e0-b8c5-00225fd4842f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c63d62ba-d653-11e0-b8c5-00225fd4842f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{da5759be-7014-11df-b6c3-001f1624ad63}\Shell - "" = AutoRun
O33 - MountPoints2\{da5759be-7014-11df-b6c3-001f1624ad63}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{da5759be-7014-11df-b6c3-001f1624ad63}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{da5759bf-7014-11df-b6c3-001f1624ad63}\Shell - "" = AutoRun
O33 - MountPoints2\{da5759bf-7014-11df-b6c3-001f1624ad63}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{da5759bf-7014-11df-b6c3-001f1624ad63}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
:Files
C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Downloads\Babylon8_setup.exe
C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Downloads\FLVPlayer_Setup.exe
C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Eigene Bilder\Downloads\Babylon8_setup.exe
C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Eigene Bilder\Downloads\FLVPlayer_Setup.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Miori 20.06.2012 19:53
Hallo Arne
vielen Dank für deine Bemühungen.
Wie ich den Microsoft Security Essentials ausschalten konnte,
wusste ich nicht, ich habe den Echtzeitscan ausgeschaltet.
Ich hoffe, dass das reichte.
Die Firewall habe ich deaktiviert und nach dem Fix alles wieder aktiviert.

Hier sind die Logfiles.

Code:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-602162358-179605362-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_USERS\S-1-5-21-602162358-179605362-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com\defaults folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com\chrome\skin\mac folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com\chrome\locale\ru-RU folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com\chrome\locale\en-US folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com\chrome\locale\de-DE folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com\chrome\locale folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com\chrome\icons\default folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com\chrome\icons folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com\chrome\content\js folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com\chrome\content\img folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com\chrome\content\css folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com\chrome folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\3qel334k.tarnfox\extensions\clickclean@hotcleaner.com folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\xe9a6lw2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\xe9a6lw2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\xe9a6lw2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\xe9a6lw2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\xe9a6lw2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\xe9a6lw2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-602162358-179605362-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16cf4195-52ed-11df-b68a-00225fd4842f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16cf4195-52ed-11df-b68a-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16cf4195-52ed-11df-b68a-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16cf4195-52ed-11df-b68a-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16cf4195-52ed-11df-b68a-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16cf4195-52ed-11df-b68a-00225fd4842f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16cf4196-52ed-11df-b68a-00225fd4842f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16cf4196-52ed-11df-b68a-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16cf4196-52ed-11df-b68a-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16cf4196-52ed-11df-b68a-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16cf4196-52ed-11df-b68a-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16cf4196-52ed-11df-b68a-00225fd4842f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b902fdc-51ed-11df-b688-00225fd4842f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b902fdc-51ed-11df-b688-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b902fdc-51ed-11df-b688-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b902fdc-51ed-11df-b688-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b902fdc-51ed-11df-b688-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b902fdc-51ed-11df-b688-00225fd4842f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34d4211a-8e04-11e1-b9c5-00225fd4842f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34d4211a-8e04-11e1-b9c5-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34d4211a-8e04-11e1-b9c5-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34d4211a-8e04-11e1-b9c5-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34d4211a-8e04-11e1-b9c5-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34d4211a-8e04-11e1-b9c5-00225fd4842f}\ not found.
File E:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8de522d4-dfd3-11e0-b8d9-00225fd4842f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8de522d4-dfd3-11e0-b8d9-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8de522d4-dfd3-11e0-b8d9-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8de522d4-dfd3-11e0-b8d9-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8de522d4-dfd3-11e0-b8d9-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8de522d4-dfd3-11e0-b8d9-00225fd4842f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b28b3bd0-5851-11df-b696-00225fd4842f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b28b3bd0-5851-11df-b696-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b28b3bd0-5851-11df-b696-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b28b3bd0-5851-11df-b696-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b28b3bd0-5851-11df-b696-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b28b3bd0-5851-11df-b696-00225fd4842f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be316722-6bf2-11e0-b81d-00225fd4842f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be316722-6bf2-11e0-b81d-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be316722-6bf2-11e0-b81d-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be316722-6bf2-11e0-b81d-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be316722-6bf2-11e0-b81d-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be316722-6bf2-11e0-b81d-00225fd4842f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be316724-6bf2-11e0-b81d-00225fd4842f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be316724-6bf2-11e0-b81d-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be316724-6bf2-11e0-b81d-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be316724-6bf2-11e0-b81d-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be316724-6bf2-11e0-b81d-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be316724-6bf2-11e0-b81d-00225fd4842f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be316729-6bf2-11e0-b81d-00225fd4842f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be316729-6bf2-11e0-b81d-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be316729-6bf2-11e0-b81d-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be316729-6bf2-11e0-b81d-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be316729-6bf2-11e0-b81d-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be316729-6bf2-11e0-b81d-00225fd4842f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c63d62ba-d653-11e0-b8c5-00225fd4842f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c63d62ba-d653-11e0-b8c5-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c63d62ba-d653-11e0-b8c5-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c63d62ba-d653-11e0-b8c5-00225fd4842f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c63d62ba-d653-11e0-b8c5-00225fd4842f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c63d62ba-d653-11e0-b8c5-00225fd4842f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da5759be-7014-11df-b6c3-001f1624ad63}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da5759be-7014-11df-b6c3-001f1624ad63}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da5759be-7014-11df-b6c3-001f1624ad63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da5759be-7014-11df-b6c3-001f1624ad63}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da5759be-7014-11df-b6c3-001f1624ad63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da5759be-7014-11df-b6c3-001f1624ad63}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da5759bf-7014-11df-b6c3-001f1624ad63}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da5759bf-7014-11df-b6c3-001f1624ad63}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da5759bf-7014-11df-b6c3-001f1624ad63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da5759bf-7014-11df-b6c3-001f1624ad63}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da5759bf-7014-11df-b6c3-001f1624ad63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da5759bf-7014-11df-b6c3-001f1624ad63}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\LGAutoRun.exe not found.
========== FILES ==========
C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\Downloads\Babylon8_setup.exe moved successfully.
C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\Downloads\FLVPlayer_Setup.exe moved successfully.
C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\Eigene Bilder\Downloads\Babylon8_setup.exe moved successfully.
C:\Dokumente und Einstellungen\XXXX\Eigene Dateien\Eigene Bilder\Downloads\FLVPlayer_Setup.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: XXXX
->Temp folder emptied: 12092322 bytes
->Temporary Internet Files folder emptied: 66358 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 124369178 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 57974 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Gast
->Temp folder emptied: 1174667 bytes
->Temporary Internet Files folder emptied: 145559 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 10679510 bytes
->Opera cache emptied: 254187 bytes
->Flash cache emptied: 596 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 35672 bytes
 
User: NetworkService
->Temp folder emptied: 3111006 bytes
->Temporary Internet Files folder emptied: 49554 bytes
 
%systemdrive% .tmp files removed: 280116676 bytes
%systemroot% .tmp files removed: 2134333 bytes
%systemroot%\System32 .tmp files removed: 3614087 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5248835 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 423,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: XXXX
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Gast
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.48.0 log created on 06202012_203559

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Schönen Abend und
lieben Gruß,
Miori

cosinus 21.06.2012 10:26
Zitat:
wusste ich nicht, ich habe den Echtzeitscan ausgeschaltet.
Ja das wird auch gemeint mit "Virenscanner abstellen" bzw. ausschalten :)

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Miori 21.06.2012 18:58
Hallo Arne

ich habe aus Versehen das Babylon Toolbar installiert :headbang: und wieder aus der Software deinstalliert.
Danach hab ich den TDSS-Killer installiert und ausgeführt. Da waren drei Funde, die hab ich gelassen, ich wusste nicht, ob die in Quarantäne sollten. Löschen sollte ich ja nichts.
Dann habe ich die Logs gesucht und gefunden.
Hier sind sie:

Code:
19:32:05.0437 3476        TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
19:32:05.0875 3476        ============================================================
19:32:05.0875 3476        Current date / time: 2012/06/21 19:32:05.0875
19:32:05.0875 3476        SystemInfo:
19:32:05.0875 3476       
19:32:05.0875 3476        OS Version: 5.1.2600 ServicePack: 3.0
19:32:05.0875 3476        Product type: Workstation
19:32:05.0875 3476        ComputerName: BELL
19:32:05.0875 3476        UserName: Annelie
19:32:05.0875 3476        Windows directory: C:\WINDOWS
19:32:05.0875 3476        System windows directory: C:\WINDOWS
19:32:05.0875 3476        Processor architecture: Intel x86
19:32:05.0875 3476        Number of processors: 2
19:32:05.0875 3476        Page size: 0x1000
19:32:05.0875 3476        Boot type: Normal boot
19:32:05.0875 3476        ============================================================
19:32:07.0734 3476        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:32:07.0734 3476        ============================================================
19:32:07.0734 3476        \Device\Harddisk0\DR0:
19:32:07.0734 3476        MBR partitions:
19:32:07.0734 3476        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
19:32:07.0734 3476        ============================================================
19:32:07.0750 3476        C: <-> \Device\Harddisk0\DR0\Partition0
19:32:07.0750 3476        ============================================================
19:32:07.0750 3476        Initialize success
19:32:07.0750 3476        ============================================================
19:32:23.0015 3712        ============================================================
19:32:23.0015 3712        Scan started
19:32:23.0015 3712        Mode: Manual; SigCheck; TDLFS;
19:32:23.0015 3712        ============================================================
19:32:23.0296 3712        Abiosdsk - ok
19:32:23.0296 3712        abp480n5 - ok
19:32:23.0359 3712        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:32:23.0687 3712        ACPI - ok
19:32:23.0703 3712        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:32:23.0828 3712        ACPIEC - ok
19:32:23.0953 3712        AdobeActiveFileMonitor5.0 (63ab43534cbf5d7f3eb81dfdc8161490) C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
19:32:23.0968 3712        AdobeActiveFileMonitor5.0 - ok
19:32:24.0031 3712        AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
19:32:24.0046 3712        AdobeActiveFileMonitor8.0 - ok
19:32:24.0046 3712        adpu160m - ok
19:32:24.0078 3712        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:32:24.0171 3712        aec - ok
19:32:24.0234 3712        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:32:24.0328 3712        AFD - ok
19:32:24.0328 3712        Aha154x - ok
19:32:24.0328 3712        aic78u2 - ok
19:32:24.0343 3712        aic78xx - ok
19:32:24.0375 3712        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
19:32:24.0500 3712        Alerter - ok
19:32:24.0531 3712        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
19:32:24.0671 3712        ALG - ok
19:32:24.0671 3712        AliIde - ok
19:32:24.0671 3712        amsint - ok
19:32:24.0718 3712        AppMgmt        (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
19:32:24.0843 3712        AppMgmt - ok
19:32:24.0953 3712        AR5416          (1ba565f1e58e271c6ad6b21a4f181ca4) C:\WINDOWS\system32\DRIVERS\athw.sys
19:32:25.0031 3712        AR5416 - ok
19:32:25.0109 3712        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:32:25.0218 3712        Arp1394 - ok
19:32:25.0218 3712        asc - ok
19:32:25.0234 3712        asc3350p - ok
19:32:25.0234 3712        asc3550 - ok
19:32:25.0265 3712        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:32:25.0359 3712        AsyncMac - ok
19:32:25.0406 3712        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:32:25.0500 3712        atapi - ok
19:32:25.0515 3712        Atdisk - ok
19:32:25.0531 3712        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:32:25.0656 3712        Atmarpc - ok
19:32:25.0687 3712        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
19:32:25.0812 3712        AudioSrv - ok
19:32:25.0843 3712        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:32:25.0937 3712        audstub - ok
19:32:25.0937 3712        AVFSFilter - ok
19:32:26.0000 3712        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:32:26.0109 3712        Beep - ok
19:32:26.0171 3712        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
19:32:26.0328 3712        BITS - ok
19:32:26.0359 3712        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
19:32:26.0484 3712        Browser - ok
19:32:26.0515 3712        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:32:26.0609 3712        cbidf2k - ok
19:32:26.0625 3712        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:32:26.0734 3712        CCDECODE - ok
19:32:26.0734 3712        cd20xrnt - ok
19:32:26.0765 3712        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:32:26.0875 3712        Cdaudio - ok
19:32:26.0921 3712        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:32:27.0015 3712        Cdfs - ok
19:32:27.0031 3712        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:32:27.0140 3712        Cdrom - ok
19:32:27.0140 3712        Changer - ok
19:32:27.0171 3712        CiSvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
19:32:27.0296 3712        CiSvc - ok
19:32:27.0312 3712        ClipSrv        (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
19:32:27.0406 3712        ClipSrv - ok
19:32:27.0437 3712        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:32:27.0546 3712        CmBatt - ok
19:32:27.0546 3712        CmdIde - ok
19:32:27.0562 3712        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:32:27.0656 3712        Compbatt - ok
19:32:27.0656 3712        COMSysApp - ok
19:32:27.0671 3712        Cpqarray - ok
19:32:27.0718 3712        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
19:32:27.0843 3712        CryptSvc - ok
19:32:27.0843 3712        dac2w2k - ok
19:32:27.0843 3712        dac960nt - ok
19:32:27.0906 3712        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
19:32:27.0968 3712        DcomLaunch - ok
19:32:28.0046 3712        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
19:32:28.0171 3712        Dhcp - ok
19:32:28.0187 3712        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:32:28.0312 3712        Disk - ok
19:32:28.0312 3712        dmadmin - ok
19:32:28.0359 3712        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
19:32:28.0500 3712        dmboot - ok
19:32:28.0531 3712        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
19:32:28.0640 3712        dmio - ok
19:32:28.0656 3712        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:32:28.0750 3712        dmload - ok
19:32:28.0796 3712        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
19:32:28.0890 3712        dmserver - ok
19:32:28.0906 3712        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:32:29.0031 3712        DMusic - ok
19:32:29.0078 3712        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
19:32:29.0171 3712        Dnscache - ok
19:32:29.0218 3712        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
19:32:29.0328 3712        Dot3svc - ok
19:32:29.0328 3712        dpti2o - ok
19:32:29.0359 3712        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:32:29.0453 3712        drmkaud - ok
19:32:29.0500 3712        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
19:32:29.0609 3712        EapHost - ok
19:32:29.0640 3712        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
19:32:29.0750 3712        ERSvc - ok
19:32:29.0796 3712        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
19:32:29.0828 3712        Eventlog - ok
19:32:29.0875 3712        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
19:32:29.0906 3712        EventSystem - ok
19:32:29.0937 3712        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:32:30.0062 3712        Fastfat - ok
19:32:30.0093 3712        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
19:32:30.0140 3712        FastUserSwitchingCompatibility - ok
19:32:30.0156 3712        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:32:30.0250 3712        Fdc - ok
19:32:30.0281 3712        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
19:32:30.0390 3712        Fips - ok
19:32:30.0546 3712        FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:32:30.0578 3712        FLEXnet Licensing Service - ok
19:32:30.0593 3712        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:32:30.0703 3712        Flpydisk - ok
19:32:30.0750 3712        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:32:30.0875 3712        FltMgr - ok
19:32:30.0890 3712        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:32:31.0000 3712        Fs_Rec - ok
19:32:31.0015 3712        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:32:31.0125 3712        Ftdisk - ok
19:32:31.0171 3712        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:32:31.0281 3712        Gpc - ok
19:32:31.0312 3712        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:32:31.0421 3712        HDAudBus - ok
19:32:31.0484 3712        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:32:31.0578 3712        helpsvc - ok
19:32:31.0578 3712        HidServ - ok
19:32:31.0609 3712        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:32:31.0703 3712        HidUsb - ok
19:32:31.0750 3712        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
19:32:31.0843 3712        hkmsvc - ok
19:32:31.0890 3712        Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\WINDOWS\system32\drivers\Hotkey.sys
19:32:31.0906 3712        Hotkey ( UnsignedFile.Multi.Generic ) - warning
19:32:31.0906 3712        Hotkey - detected UnsignedFile.Multi.Generic (1)
19:32:31.0906 3712        hpn - ok
19:32:31.0953 3712        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:32:32.0015 3712        HTTP - ok
19:32:32.0031 3712        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
19:32:32.0171 3712        HTTPFilter - ok
19:32:32.0218 3712        hwdatacard      (8adf5ef39e896a65beded878494ee2b6) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
19:32:32.0296 3712        hwdatacard - ok
19:32:32.0343 3712        hwusbfake      (9be5caeabc6b2eb98b3a4839a55d47a0) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
19:32:32.0406 3712        hwusbfake - ok
19:32:32.0406 3712        i2omgmt - ok
19:32:32.0421 3712        i2omp - ok
19:32:32.0453 3712        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:32:32.0562 3712        i8042prt - ok
19:32:32.0890 3712        ialm            (c56fc0970b453e68eba1c78ae36185a8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:32:33.0312 3712        ialm - ok
19:32:33.0437 3712        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:32:33.0546 3712        Imapi - ok
19:32:33.0593 3712        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
19:32:33.0718 3712        ImapiService - ok
19:32:33.0718 3712        ini910u - ok
19:32:34.0000 3712        IntcAzAudAddService (1824c4894aa438cd06c976e44b9e7353) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:32:34.0203 3712        IntcAzAudAddService - ok
19:32:34.0312 3712        IntelIde - ok
19:32:34.0359 3712        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:32:34.0468 3712        intelppm - ok
19:32:34.0500 3712        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:32:34.0593 3712        Ip6Fw - ok
19:32:34.0625 3712        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:32:34.0734 3712        IpFilterDriver - ok
19:32:34.0765 3712        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:32:34.0875 3712        IpInIp - ok
19:32:34.0906 3712        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:32:35.0000 3712        IpNat - ok
19:32:35.0015 3712        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:32:35.0125 3712        IPSec - ok
19:32:35.0140 3712        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:32:35.0250 3712        IRENUM - ok
19:32:35.0265 3712        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:32:35.0359 3712        isapnp - ok
19:32:35.0515 3712        JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
19:32:35.0531 3712        JavaQuickStarterService - ok
19:32:35.0593 3712        JMCR            (dedb6cc1b166928a8f3f68def1766db0) C:\WINDOWS\system32\DRIVERS\jmcr.sys
19:32:35.0640 3712        JMCR - ok
19:32:35.0671 3712        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:32:35.0781 3712        Kbdclass - ok
19:32:35.0812 3712        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:32:35.0921 3712        kmixer - ok
19:32:35.0968 3712        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:32:36.0046 3712        KSecDD - ok
19:32:36.0109 3712        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
19:32:36.0171 3712        lanmanserver - ok
19:32:36.0218 3712        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
19:32:36.0281 3712        lanmanworkstation - ok
19:32:36.0281 3712        lbrtfdc - ok
19:32:36.0328 3712        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
19:32:36.0437 3712        LmHosts - ok
19:32:36.0453 3712        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
19:32:36.0546 3712        Messenger - ok
19:32:36.0578 3712        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:32:36.0703 3712        mnmdd - ok
19:32:36.0750 3712        mnmsrvc        (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
19:32:36.0843 3712        mnmsrvc - ok
19:32:36.0859 3712        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
19:32:36.0968 3712        Modem - ok
19:32:37.0015 3712        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:32:37.0125 3712        Mouclass - ok
19:32:37.0140 3712        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:32:37.0265 3712        mouhid - ok
19:32:37.0281 3712        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:32:37.0406 3712        MountMgr - ok
19:32:37.0437 3712        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:32:37.0453 3712        MozillaMaintenance - ok
19:32:37.0484 3712        MpFilter        (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:32:37.0515 3712        MpFilter - ok
19:32:37.0515 3712        mraid35x - ok
19:32:37.0562 3712        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:32:37.0671 3712        MRxDAV - ok
19:32:37.0750 3712        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:32:37.0828 3712        MRxSmb - ok
19:32:37.0875 3712        MSDTC          (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
19:32:37.0984 3712        MSDTC - ok
19:32:38.0015 3712        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:32:38.0125 3712        Msfs - ok
19:32:38.0125 3712        MSIServer - ok
19:32:38.0156 3712        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:32:38.0265 3712        MSKSSRV - ok
19:32:38.0359 3712        MsMpSvc        (24516bf4e12a46cb67302e2cdcb8cddf) c:\Programme\Microsoft Security Client\MsMpEng.exe
19:32:38.0375 3712        MsMpSvc - ok
19:32:38.0390 3712        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:32:38.0484 3712        MSPCLOCK - ok
19:32:38.0500 3712        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:32:38.0609 3712        MSPQM - ok
19:32:38.0640 3712        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:32:38.0734 3712        mssmbios - ok
19:32:38.0750 3712        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:32:38.0859 3712        MSTEE - ok
19:32:38.0921 3712        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:32:38.0968 3712        Mup - ok
19:32:39.0015 3712        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:32:39.0125 3712        NABTSFEC - ok
19:32:39.0171 3712        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
19:32:39.0281 3712        napagent - ok
19:32:39.0312 3712        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:32:39.0437 3712        NDIS - ok
19:32:39.0453 3712        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:32:39.0562 3712        NdisIP - ok
19:32:39.0609 3712        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:32:39.0671 3712        NdisTapi - ok
19:32:39.0703 3712        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:32:39.0812 3712        Ndisuio - ok
19:32:39.0828 3712        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:32:39.0921 3712        NdisWan - ok
19:32:39.0968 3712        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:32:40.0000 3712        NDProxy - ok
19:32:40.0140 3712        Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
19:32:40.0171 3712        Nero BackItUp Scheduler 4.0 - ok
19:32:40.0218 3712        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:32:40.0328 3712        NetBIOS - ok
19:32:40.0375 3712        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:32:40.0500 3712        NetBT - ok
19:32:40.0531 3712        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
19:32:40.0640 3712        NetDDE - ok
19:32:40.0640 3712        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
19:32:40.0734 3712        NetDDEdsdm - ok
19:32:40.0796 3712        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:32:40.0921 3712        Netlogon - ok
19:32:40.0953 3712        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
19:32:41.0062 3712        Netman - ok
19:32:41.0078 3712        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:32:41.0171 3712        NIC1394 - ok
19:32:41.0218 3712        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
19:32:41.0250 3712        Nla - ok
19:32:41.0296 3712        nmwcd          (696b37ea78f9d9767a2f18ba0304a51a) C:\WINDOWS\system32\drivers\nmwcd.sys
19:32:41.0421 3712        nmwcd - ok
19:32:41.0453 3712        nmwcdc          (bbb6010fc01d9239d88fcdf133e03ff0) C:\WINDOWS\system32\drivers\nmwcdc.sys
19:32:41.0500 3712        nmwcdc - ok
19:32:41.0515 3712        nmwcdcj        (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcj.sys
19:32:41.0546 3712        nmwcdcj - ok
19:32:41.0578 3712        nmwcdcm        (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcm.sys
19:32:41.0593 3712        nmwcdcm - ok
19:32:41.0625 3712        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:32:41.0718 3712        Npfs - ok
19:32:41.0750 3712        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:32:41.0875 3712        Ntfs - ok
19:32:41.0875 3712        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:32:41.0968 3712        NtLmSsp - ok
19:32:42.0046 3712        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
19:32:42.0156 3712        NtmsSvc - ok
19:32:42.0187 3712        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:32:42.0281 3712        Null - ok
19:32:42.0328 3712        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:32:42.0421 3712        NwlnkFlt - ok
19:32:42.0421 3712        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:32:42.0531 3712        NwlnkFwd - ok
19:32:42.0562 3712        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:32:42.0656 3712        ohci1394 - ok
19:32:42.0703 3712        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
19:32:42.0812 3712        Parport - ok
19:32:42.0828 3712        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:32:42.0921 3712        PartMgr - ok
19:32:42.0937 3712        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
19:32:43.0046 3712        ParVdm - ok
19:32:43.0062 3712        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
19:32:43.0156 3712        PCI - ok
19:32:43.0156 3712        PCIDump - ok
19:32:43.0171 3712        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:32:43.0265 3712        PCIIde - ok
19:32:43.0296 3712        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:32:43.0390 3712        Pcmcia - ok
19:32:43.0406 3712        PDCOMP - ok
19:32:43.0406 3712        PDFRAME - ok
19:32:43.0406 3712        PDRELI - ok
19:32:43.0421 3712        PDRFRAME - ok
19:32:43.0421 3712        perc2 - ok
19:32:43.0421 3712        perc2hib - ok
19:32:43.0468 3712        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
19:32:43.0484 3712        PlugPlay - ok
19:32:43.0484 3712        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:32:43.0578 3712        PolicyAgent - ok
19:32:43.0625 3712        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:32:43.0734 3712        PptpMiniport - ok
19:32:43.0750 3712        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:32:43.0828 3712        ProtectedStorage - ok
19:32:43.0843 3712        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:32:43.0937 3712        PSched - ok
19:32:43.0953 3712        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:32:44.0062 3712        Ptilink - ok
19:32:44.0109 3712        PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:32:44.0140 3712        PxHelp20 - ok
19:32:44.0140 3712        ql1080 - ok
19:32:44.0140 3712        Ql10wnt - ok
19:32:44.0156 3712        ql12160 - ok
19:32:44.0156 3712        ql1240 - ok
19:32:44.0156 3712        ql1280 - ok
19:32:44.0171 3712        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:32:44.0296 3712        RasAcd - ok
19:32:44.0343 3712        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
19:32:44.0453 3712        RasAuto - ok
19:32:44.0484 3712        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:32:44.0593 3712        Rasl2tp - ok
19:32:44.0640 3712        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
19:32:44.0765 3712        RasMan - ok
19:32:44.0765 3712        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:32:44.0859 3712        RasPppoe - ok
19:32:44.0890 3712        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:32:44.0984 3712        Raspti - ok
19:32:45.0000 3712        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:32:45.0109 3712        Rdbss - ok
19:32:45.0125 3712        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:32:45.0218 3712        RDPCDD - ok
19:32:45.0234 3712        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:32:45.0328 3712        rdpdr - ok
19:32:45.0375 3712        RDPWD          (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
19:32:45.0390 3712        RDPWD - ok
19:32:45.0453 3712        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
19:32:45.0578 3712        RDSessMgr - ok
19:32:45.0593 3712        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:32:45.0687 3712        redbook - ok
19:32:45.0718 3712        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
19:32:45.0828 3712        RemoteAccess - ok
19:32:45.0875 3712        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
19:32:45.0968 3712        RemoteRegistry - ok
19:32:45.0984 3712        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
19:32:46.0078 3712        RpcLocator - ok
19:32:46.0125 3712        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
19:32:46.0156 3712        RpcSs - ok
19:32:46.0203 3712        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
19:32:46.0328 3712        RSVP - ok
19:32:46.0375 3712        RTLE8023xp      (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:32:46.0421 3712        RTLE8023xp - ok
19:32:46.0453 3712        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
19:32:46.0562 3712        SamSs - ok
19:32:46.0562 3712        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
19:32:46.0671 3712        SCardSvr - ok
19:32:46.0718 3712        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
19:32:46.0828 3712        Schedule - ok
19:32:46.0843 3712        sdbus          (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:32:46.0953 3712        sdbus - ok
19:32:46.0968 3712        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:32:47.0062 3712        Secdrv - ok
19:32:47.0078 3712        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
19:32:47.0187 3712        seclogon - ok
19:32:47.0250 3712        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
19:32:47.0359 3712        SENS - ok
19:32:47.0406 3712        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
19:32:47.0515 3712        Serial - ok
19:32:47.0640 3712        ServiceLayer    (65114d59850ca4d7785c22f922cc6942) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
19:32:47.0671 3712        ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
19:32:47.0671 3712        ServiceLayer - detected UnsignedFile.Multi.Generic (1)
19:32:47.0703 3712        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:32:47.0812 3712        Sfloppy - ok
19:32:47.0875 3712        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
19:32:47.0984 3712        SharedAccess - ok
19:32:48.0015 3712        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
19:32:48.0031 3712        ShellHWDetection - ok
19:32:48.0031 3712        Simbad - ok
19:32:48.0062 3712        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:32:48.0171 3712        SLIP - ok
19:32:48.0171 3712        Sparrow - ok
19:32:48.0218 3712        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:32:48.0328 3712        splitter - ok
19:32:48.0375 3712        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:32:48.0421 3712        Spooler - ok
19:32:48.0453 3712        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
19:32:48.0531 3712        sr - ok
19:32:48.0578 3712        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
19:32:48.0687 3712        srservice - ok
19:32:48.0718 3712        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:32:48.0781 3712        Srv - ok
19:32:48.0796 3712        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
19:32:48.0890 3712        SSDPSRV - ok
19:32:48.0921 3712        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
19:32:49.0031 3712        stisvc - ok
19:32:49.0062 3712        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:32:49.0171 3712        streamip - ok
19:32:49.0187 3712        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:32:49.0312 3712        swenum - ok
19:32:49.0328 3712        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:32:49.0437 3712        swmidi - ok
19:32:49.0437 3712        SwPrv - ok
19:32:49.0453 3712        symc810 - ok
19:32:49.0453 3712        symc8xx - ok
19:32:49.0468 3712        sym_hi - ok
19:32:49.0468 3712        sym_u3 - ok
19:32:49.0531 3712        SynTP          (86692a9116559222bd2d62633ddc352d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:32:49.0578 3712        SynTP - ok
19:32:49.0625 3712        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:32:49.0718 3712        sysaudio - ok
19:32:49.0765 3712        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
19:32:49.0875 3712        SysmonLog - ok
19:32:50.0312 3712        TabletServiceWacom (77e974834b9c246de54de4f430315b09) C:\Programme\Tablet\Wacom\Wacom_Tablet.exe
19:32:50.0703 3712        TabletServiceWacom - ok
19:32:50.0890 3712        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
19:32:51.0000 3712        TapiSrv - ok
19:32:51.0062 3712        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:32:51.0093 3712        Tcpip - ok
19:32:51.0156 3712        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:32:51.0250 3712        TDPIPE - ok
19:32:51.0281 3712        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:32:51.0359 3712        TDTCP - ok
19:32:51.0421 3712        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:32:51.0500 3712        TermDD - ok
19:32:51.0546 3712        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
19:32:51.0656 3712        TermService - ok
19:32:51.0703 3712        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
19:32:51.0718 3712        Themes - ok
19:32:51.0750 3712        TlntSvr        (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
19:32:51.0843 3712        TlntSvr - ok
19:32:51.0843 3712        TosIde - ok
19:32:52.0000 3712        TouchServiceWacom (7496f4c86cac98ca7a24586570e214aa) C:\Programme\Tablet\Wacom\Wacom_TouchService.exe
19:32:52.0031 3712        TouchServiceWacom - ok
19:32:52.0078 3712        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
19:32:52.0171 3712        TrkWks - ok
19:32:52.0218 3712        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:32:52.0312 3712        Udfs - ok
19:32:52.0328 3712        ultra - ok
19:32:52.0359 3712        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:32:52.0484 3712        Update - ok
19:32:52.0515 3712        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
19:32:52.0625 3712        upnphost - ok
19:32:52.0625 3712        upperdev - ok
19:32:52.0656 3712        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
19:32:52.0734 3712        UPS - ok
19:32:52.0781 3712        usbbus          (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
19:32:52.0843 3712        usbbus - ok
19:32:52.0875 3712        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:32:52.0984 3712        usbccgp - ok
19:32:53.0015 3712        UsbDiag        (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
19:32:53.0046 3712        UsbDiag - ok
19:32:53.0062 3712        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:32:53.0171 3712        usbehci - ok
19:32:53.0203 3712        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:32:53.0312 3712        usbhub - ok
19:32:53.0312 3712        USBModem        (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
19:32:53.0328 3712        USBModem - ok
19:32:53.0359 3712        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:32:53.0468 3712        USBSTOR - ok
19:32:53.0484 3712        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:32:53.0578 3712        usbuhci - ok
19:32:53.0625 3712        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:32:53.0734 3712        usbvideo - ok
19:32:53.0765 3712        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:32:53.0843 3712        VgaSave - ok
19:32:53.0859 3712        ViaIde - ok
19:32:53.0906 3712        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
19:32:54.0000 3712        VolSnap - ok
19:32:54.0062 3712        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
19:32:54.0171 3712        VSS - ok
19:32:54.0203 3712        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
19:32:54.0296 3712        W32Time - ok
19:32:54.0328 3712        wacmoumonitor  (c3b03ed7b06657a3355f620bc02acfb6) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
19:32:54.0406 3712        wacmoumonitor - ok
19:32:54.0453 3712        wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
19:32:54.0468 3712        wacommousefilter - ok
19:32:54.0546 3712        wacomvhid      (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
19:32:54.0546 3712        wacomvhid - ok
19:32:54.0593 3712        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:32:54.0687 3712        Wanarp - ok
19:32:54.0734 3712        Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:32:54.0750 3712        Wdf01000 - ok
19:32:54.0765 3712        WDICA - ok
19:32:54.0781 3712        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:32:54.0890 3712        wdmaud - ok
19:32:54.0937 3712        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
19:32:55.0031 3712        WebClient - ok
19:32:55.0109 3712        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:32:55.0218 3712        winmgmt - ok
19:32:55.0312 3712        WisLMSvc        (b0e6faa0f0ead4772c545a3737efb47f) C:\Programme\Launch Manager\WisLMSvc.exe
19:32:55.0343 3712        WisLMSvc ( UnsignedFile.Multi.Generic ) - warning
19:32:55.0343 3712        WisLMSvc - detected UnsignedFile.Multi.Generic (1)
19:32:55.0375 3712        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:32:55.0421 3712        WmdmPmSN - ok
19:32:55.0515 3712        Wmi            (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
19:32:55.0546 3712        Wmi - ok
19:32:55.0593 3712        WmiAcpi        (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:32:55.0687 3712        WmiAcpi - ok
19:32:55.0734 3712        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:32:55.0843 3712        WmiApSrv - ok
19:32:55.0968 3712        WMPNetworkSvc  (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
19:32:56.0015 3712        WMPNetworkSvc - ok
19:32:56.0093 3712        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:32:56.0125 3712        WpdUsb - ok
19:32:56.0156 3712        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:32:56.0265 3712        WS2IFSL - ok
19:32:56.0312 3712        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
19:32:56.0421 3712        wscsvc - ok
19:32:56.0453 3712        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:32:56.0531 3712        WSTCODEC - ok
19:32:56.0562 3712        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
19:32:56.0656 3712        wuauserv - ok
19:32:56.0718 3712        WudfPf          (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:32:56.0781 3712        WudfPf - ok
19:32:56.0812 3712        WudfRd          (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:32:56.0843 3712        WudfRd - ok
19:32:56.0859 3712        WudfSvc        (ae93084d2d236887ba56467ae42b4955) C:\WINDOWS\System32\WUDFSvc.dll
19:32:56.0890 3712        WudfSvc - ok
19:32:56.0953 3712        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
19:32:57.0078 3712        WZCSVC - ok
19:32:57.0109 3712        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
19:32:57.0218 3712        xmlprov - ok
19:32:57.0375 3712        YahooAUService  (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:32:57.0406 3712        YahooAUService - ok
19:32:57.0421 3712        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
19:32:57.0937 3712        \Device\Harddisk0\DR0 - ok
19:32:57.0953 3712        Boot (0x1200)  (ae4f670b4050b85786c04c6e56ec1cb6) \Device\Harddisk0\DR0\Partition0
19:32:57.0953 3712        \Device\Harddisk0\DR0\Partition0 - ok
19:32:57.0953 3712        ============================================================
19:32:57.0953 3712        Scan finished
19:32:57.0953 3712        ============================================================
19:32:58.0062 2544        Detected object count: 3
19:32:58.0062 2544        Actual detected object count: 3
19:34:35.0734 2544        Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
19:34:35.0734 2544        Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:34:35.0734 2544        ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
19:34:35.0734 2544        ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:34:35.0734 2544        WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:34:35.0734 2544        WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

Nochmals Danke und
lieben Gruß von mir,
Miori

cosinus 21.06.2012 19:46
Durch welches Setup hast du das denn mitinstalliert? :confused:

Miori 21.06.2012 20:00
ADLSoft_UnComressor_v2.3
habe wohl auf die Werbung geklickt, und dachte das wäre der Killer.:headbang:

cosinus 21.06.2012 20:06
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Miori 21.06.2012 20:32
Habe es so gemacht
hier ist der kopierte Text:


Combofix Logfile:
Code:
ComboFix 12-06-21.02 - XXXX 21.06.2012  21:20:07.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2009.1397 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\XXXX\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\Opera_1010_in_Setup.exe
c:\programme\SoftMaker Office 2008\Smash.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-21 bis 2012-06-21  ))))))))))))))))))))))))))))))
.
.
2012-06-21 19:15 . 2012-06-21 19:15        56200        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{317B1686-B329-463A-B78E-6C99049D3A6A}\offreg.dll
2012-06-21 17:35 . 2012-05-31 03:41        6762896        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{317B1686-B329-463A-B78E-6C99049D3A6A}\mpengine.dll
2012-06-21 17:19 . 2012-06-21 17:19        250        ----a-w-        C:\user.js
2012-06-21 17:19 . 2012-06-21 17:19        --------        d-----w-        c:\dokumente und einstellungen\XXXX\Anwendungsdaten\Babylon
2012-06-21 17:19 . 2012-06-21 17:19        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Babylon
2012-06-21 17:07 . 2012-06-21 17:07        --------        d-----w-        c:\windows\LastGood
2012-06-20 18:48 . 2012-05-31 03:41        6762896        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-20 18:35 . 2012-06-20 18:35        --------        d-----w-        C:\_OTL
2012-06-18 20:55 . 2012-06-18 20:55        --------        d-----w-        c:\programme\ESET
2012-06-18 17:18 . 2012-06-18 17:18        421200        ----a-w-        c:\programme\Mozilla Firefox\msvcp100.dll
2012-06-18 17:18 . 2012-06-18 17:18        770384        ----a-w-        c:\programme\Mozilla Firefox\msvcr100.dll
2012-06-15 22:11 . 2012-01-23 06:38        1422200        ----a-w-        c:\windows\system32\Wacom_Touch_Tablet.dll
2012-06-15 22:11 . 2012-01-23 06:38        1453432        ----a-w-        c:\windows\system32\WacomMT.dll
2012-06-14 21:36 . 2012-06-14 21:36        --------        d-----w-        c:\dokumente und einstellungen\XXXX\Anwendungsdaten\Malwarebytes
2012-06-14 21:36 . 2012-06-14 21:36        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-06-14 21:36 . 2012-06-14 21:36        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-06-14 21:36 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-12 18:04 . 2012-05-11 14:40        521728        -c----w-        c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 13:02 . 2012-03-30 17:31        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-06-16 13:02 . 2011-05-15 18:24        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2009-12-25 22:53        18456        ----a-w-        c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-12-25 22:53        15896        ----a-w-        c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-12-22 19:39        329240        ----a-w-        c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-12-22 19:39        210968        ----a-w-        c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-12-22 19:39        219160        ----a-w-        c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-12-25 22:53        15896        ----a-w-        c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-12-22 19:39        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2004-08-04 00:57        97304        ----a-w-        c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-12-25 22:53        23576        ----a-w-        c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-12-22 19:39        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-12-22 19:39        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2009-12-26 09:26        275696        ----a-w-        c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-12-26 09:26        18160        ----a-w-        c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2009-08-06 18:23        214256        ----a-w-        c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-04 00:57        604160        ----a-w-        c:\windows\system32\crypt32.dll
2012-05-16 23:26 . 2012-05-16 23:26        22032        ----a-w-        c:\windows\DCEBoot.exe
2012-05-16 15:07 . 2004-08-04 00:57        916992        ----a-w-        c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2004-08-04 00:46        1863296        ----a-w-        c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2004-08-04 00:58        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2012-05-11 14:40 . 2004-08-04 00:57        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-04 00:42        385024        ----a-w-        c:\windows\system32\html.iec
2012-05-05 03:14 . 2004-08-04 00:50        2029056        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2004-08-04 00:50        2150912        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2009-12-22 19:36        139656        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-18 18:56 . 2012-04-18 18:56        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56        69632        ----a-w-        c:\windows\system32\QuickTime.qts
2010-02-04 14:58 . 2010-02-04 14:51        35677512        ----a-w-        c:\programme\JonDoSetup.paf.exe
2010-02-04 14:12 . 2010-02-04 14:10        8159312        ----a-w-        c:\programme\Firefox_Setup_3.6.exe
2009-12-26 22:20 . 2009-12-26 22:20        9079792        ----a-w-        c:\programme\mssefullinstall-x86fre-de-de-xp.exe
2009-12-26 12:23 . 2009-12-26 12:23        1924200        ----a-w-        c:\programme\install_flash_player.exe
2009-12-26 11:44 . 2009-12-26 11:44        2596000        ----a-w-        c:\programme\GoogleToolbarInstaller_en32_signed64.exe
2009-12-26 10:56 . 2009-12-26 10:56        415968        ----a-w-        c:\programme\msgr10de.exe
2009-12-25 21:05 . 2009-12-25 21:05        769120        ----a-w-        c:\programme\avira_antivir_premium.exe
2012-06-18 17:18 . 2011-05-01 17:28        85472        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 150040]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1105920]
"HotkeyApp"="c:\programme\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"MSC"="c:\programme\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07        843712        ----a-r-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 06:29        67752        ----a-w-        c:\programme\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43        69632        ----a-w-        c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-11-01 17:30        2508104        ----a-w-        c:\programme\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-03 16:43        767312        ----a-w-        c:\programme\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:22        15360        ----a-w-        c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2007-06-26 19:27        312320        ----a-w-        c:\programme\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2009-09-28 15:56        140640        ----a-w-        c:\programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-11-06 08:16        3096576        ----a-w-        c:\programme\Nokia\Nokia Software Launcher\NSLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56        421888        ----a-w-        c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-03-26 14:14        16859136        ----a-w-        c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-03 13:15        111856        ----a-w-        c:\programme\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-07-21 14:14        86016        ----a-w-        c:\windows\SoundMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-03 13:15        111856        ----a-w-        c:\programme\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
.
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09.10.2009 06:45 169312]
R2 TabletServiceWacom;TabletServiceWacom;c:\programme\Tablet\Wacom\Wacom_Tablet.exe [27.05.2011 22:05 6321016]
R2 TouchServiceWacom;Wacom Professional Touch Service;c:\programme\Tablet\Wacom\Wacom_TouchService.exe [16.06.2012 00:11 470904]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [11.04.2008 17:55 84240]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [06.02.2011 16:42 10752]
R3 WisLMSvc;WisLMSvc;c:\programme\Launch Manager\WisLMSvc.exe [22.12.2009 22:26 118784]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [21.04.2011 11:10 102656]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [30.04.2012 20:16 113120]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 43732686
*Deregistered* - 43732686
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-06-21 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\programme\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?affID=113480&tt=060612_6_&babsrc=HP_ss&mntrId=48b46d7000000000000000225fd4842f
mStart Page = hxxp://de.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\XXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\b7wtnd0y.Standard-Benutzer\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=113480&tt=060612_6_&babsrc=KW_ss&mntrId=48b46d7000000000000000225fd4842f&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-CtrlVol - c:\programme\Launch Manager\CtrlVol.exe
HKLM-Run-LaunchAp - c:\programme\Launch Manager\LaunchAp.exe
HKLM-Run-Wbutton - c:\programme\Launch Manager\WButton.exe
MSConfigStartUp-Smash - c:\programme\SoftMaker Office 2008\Smash.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-21 21:23
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CtrlVol = c:\programme\Launch Manager\CtrlVol.exe?8???x???0???\???????0??????????? ??|???|???????|????????L????????f????F?????????????h?????????????B????? ??|`??|????]??|??A???????????A???????????????7~?h@???????????????A?=?????????A???@??f??vs@??f????????@??f?????
  LaunchAp = c:\programme\Launch Manager\LaunchAp.exe????x???0???\???????0??????????? ??|???|???????|????????L????????f????F?????????????h?????????????B????? ??|`??|????]??|??A???????????A???????????????7~?h@???????????????A?=?????????A???@??f??vs@??f????????@??f?????
  Wbutton = c:\programme\Launch Manager\WButton.exe?????x???0???\???????0??????????? ??|???|???????|????????L????????f????F?????????????h?????????????B????? ??|`??|????]??|??A???????????A???????????????7~?h@???????????????A?=?????????A???@??f??vs@??f????????@??f?????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-21  21:25:03
ComboFix-quarantined-files.txt  2012-06-21 19:25
.
Vor Suchlauf: 6 Verzeichnis(se), 107.801.923.584 Bytes frei
Nach Suchlauf: 7 Verzeichnis(se), 107.842.727.936 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0A762CA5634AB989D19562E1490E9DC0
--- --- ---

Liebe Grüße
Miori


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:16 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129