Trojaner-Board
Seite 3 von 4 12 3 4
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Mein Rechner ist infiziert mit PUM.Disabled.SecurityCenter, brauche Hilfe (https://www.trojaner-board.de/123035-rechner-infiziert-pum-disabled-securitycenter-brauche-hilfe.html)

snoop999 15.09.2012 22:15
Wenn du mal auf den Scan schaust, wirst du sehen, dass ich die Datei kurz nach Mitternacht heruntergeladen habe und den Scan direkt ausgeführt habe. Zu dieser Zeit war die Version 3.2.61.4 noch nicht verfügbar. aber ich habe dir mit der aktuellsten Version einen weiteren Scan gemacht. Hier ist der Text-File:
OTL Logfile:
Code:
OTL logfile created on: 15.09.2012 22:55:28 - Run 6
OTL by OldTimer - Version 3.2.61.5    Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,75% Memory free
3,85 Gb Paging File | 3,36 Gb Available in Paging File | 87,23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 143,96 Gb Total Space | 34,57 Gb Free Space | 24,02% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 332,41 Gb Free Space | 71,37% Space Free | Partition Type: NTFS
 
Computer Name: MOBIL | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Programme\ScanSoft\OmniPageSE2.0\opwareSE2.exe (ScanSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\VistaCodecPack\filters\mmfinfo.dll ()
MOD - C:\Programme\VistaCodecPack\filters\mkunicode.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nosGetPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (JMP License Service) -- C:\Programme\Gemeinsame Dateien\SAS Institute Inc Shared\Service\JMPLicSvc.exe (SAS Institute Inc.)
SRV - (hnmsvc) -- C:\Programme\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
SRV - (WLANKEEPER) -- C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\system32\C.tmp File not found
DRV - (M9207) -- system32\DRIVERS\M9207BDA.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (Changer) --  File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DSproct) -- C:\Programme\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4070319
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4070319
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4070319
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4070319
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4070319
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4070319
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intern.passul.t-online.de/cgi-bin/CP/00000000;/Themen/CPM/Browser/ie7-start.html?l=hxxp://www.t-online.de
IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\InprocServer32 File not found
IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\..\SearchScopes\{0F499E64-266C-418B-B708-5BF31283445D}: "URL" = hxxp://suche.t-online.de/cgi-bin/swl?br=ie7&q={searchTerms}
IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\..\SearchScopes\{27930E33-87C4-4826-A572-DEF3A9C155A1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\..\SearchScopes\{E82F62B3-6D06-4156-8261-C2F04C2CDAEC}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledAddons: en-US@dictionaries.addons.mozilla.org:6.0
FF - prefs.js..extensions.enabledAddons: nl-NL@dictionaries.addons.mozilla.org:3.1.0
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: nl-NL@dictionaries.addons.mozilla.org:3.0.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.90: C:\Programme\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.07 11:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.07 11:48:34 | 000,000,000 | ---D | M]
 
[2008.12.18 01:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions
[2012.09.13 10:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions
[2010.07.02 20:30:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.17 22:38:35 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.02.17 22:38:36 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.06.12 10:35:47 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012.04.17 12:42:33 | 000,000,000 | ---D | M] (Woordenboek Nederlands) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\nl-NL@dictionaries.addons.mozilla.org
[2011.05.16 09:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\nostmp
[2012.07.26 13:20:10 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.13 10:47:56 | 000,698,867 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2011.01.17 15:41:40 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\searchplugins\conduit.xml
[2012.09.07 11:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.07 11:48:42 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 16:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll File not found
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll File not found
O3 - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE2] C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\Qigong\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://snoop999.spaces.live.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342088690281 (MUWebControl Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} hxxp://snoop999.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.13 14:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{41b40115-470d-11de-9dc8-0019b9592004}\Shell - "" = AutoRun
O33 - MountPoints2\{41b40115-470d-11de-9dc8-0019b9592004}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41b40115-470d-11de-9dc8-0019b9592004}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\Shell - "" = AutoRun
O33 - MountPoints2\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\Shell\AutoRun\command - "" = E:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {BC44F053-C22D-4BEF-B9FB-3CD538460A65} - T-Online Toolbar
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C5470D23-7E94-569F-DFBE-45E90974A061} - Java (Sun)
ActiveX: {C66DAF08-9AF8-69EB-EB49-019792EBF424} - Java (Sun)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F0BC534C-4D92-18BD-D40B-EBC670FE2127} - Browseranpassungen
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\iyvu9_32.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.15 22:53:47 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
[2012.09.13 10:45:14 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2012.09.13 10:45:14 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2012.09.13 10:45:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2012.09.12 17:40:45 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\OTL.exe
[2012.09.11 15:18:17 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxx\Recent
[2012.09.07 11:48:30 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2012.09.05 10:15:34 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.09.05 10:00:25 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\xxx\Desktop\esetsmartinstaller_enu.exe
[2012.09.02 16:47:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\SystemRequirementsLab
[2012.09.01 00:05:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Sun
[2012.08.29 19:14:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes
[2012.08.29 19:14:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.08.29 19:14:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.08.29 19:14:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.08.29 19:14:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.08.29 17:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2012.08.29 17:57:31 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2012.08.26 14:33:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Desktop\Facebook-Tierfotos
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.15 22:53:47 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
[2012.09.15 22:46:01 | 000,060,026 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.09.15 22:46:00 | 000,099,653 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012.09.15 22:45:30 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.15 22:45:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.15 22:45:12 | 000,099,653 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012.09.15 22:44:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.15 22:44:49 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.14 12:19:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.14 11:34:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.12 17:40:45 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\OTL.exe
[2012.09.12 17:13:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.09.12 00:05:47 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.11 15:17:10 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.05 10:00:25 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\xxx\Desktop\esetsmartinstaller_enu.exe
[2012.09.04 13:55:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpd.properties
[2012.09.04 13:52:32 | 000,460,762 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.09.04 13:52:32 | 000,442,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.04 13:52:32 | 000,085,626 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.09.04 13:52:32 | 000,072,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.08.30 13:31:12 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\defogger_reenable
[2012.08.29 17:57:38 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Spybot - Search & Destroy.lnk
[2012.08.29 13:26:01 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012.08.24 11:51:05 | 000,005,642 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012.08.24 11:50:42 | 000,000,168 | RHS- | M] () -- C:\WINDOWS\System32\524A1BAB7B.sys
[2012.08.22 22:32:59 | 000,012,288 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.30 13:31:12 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\defogger_reenable
[2012.08.29 19:14:03 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.29 17:57:38 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Spybot - Search & Destroy.lnk
[2012.06.26 21:49:55 | 000,002,828 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2012.06.26 21:49:51 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011.02.17 00:53:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.02.04 20:31:09 | 000,025,507 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\.recently-used.xbel
[2008.11.20 01:52:36 | 000,000,058 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2007.05.17 11:18:27 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.03.29 23:53:39 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\wklnhst.dat
[2007.03.29 12:37:45 | 000,012,288 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.03.26 13:22:52 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== LOP Check ==========
 
[2007.05.31 22:39:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2008.02.05 09:15:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2012.06.21 19:57:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2008.11.20 01:51:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DonationCoder
[2008.03.15 20:25:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular
[2008.07.17 00:20:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2008.09.23 19:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MythPeople
[2008.09.19 20:15:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SAS Institute Inc
[2007.03.30 00:49:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SingleClick Systems
[2012.08.24 11:09:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir
[2008.02.05 09:13:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard
[2008.07.15 21:41:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.01.25 12:34:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2008.09.23 19:59:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2012.01.11 21:19:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.12.20 18:18:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\CheckPoint
[2012.01.25 12:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software
[2011.10.31 09:44:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Qigong\Anwendungsdaten\CheckPoint
[2012.02.09 11:19:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Qigong\Anwendungsdaten\LibreOffice
[2011.11.03 13:21:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Qigong\Anwendungsdaten\OpenOffice.org
[2011.07.23 17:11:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Azureus
[2012.08.24 11:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Canon
[2012.09.05 10:22:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\CheckPoint
[2008.11.20 01:52:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DonationCoder
[2009.02.04 20:31:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\gtk-2.0
[2007.03.30 01:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ICQLite
[2008.09.30 01:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\iWin
[2007.04.07 21:38:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Leadertech
[2011.11.13 17:20:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\LibreOffice
[2009.02.22 12:14:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\LimeWire
[2011.02.09 16:36:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\OpenOffice.org
[2007.08.21 13:16:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\SAS
[2008.02.05 09:13:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ScanSoft
[2007.03.29 23:53:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Template
[2012.01.11 21:20:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TuneUp Software
[2008.09.30 01:09:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Zylom
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.31 09:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Adobe
[2012.07.20 13:20:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Avira
[2011.07.23 17:11:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Azureus
[2012.08.24 11:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Canon
[2012.09.05 10:22:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\CheckPoint
[2012.08.24 11:51:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Corel
[2007.03.30 01:18:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\CyberLink
[2008.11.20 01:52:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DonationCoder
[2009.06.02 20:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Google
[2007.03.19 23:51:18 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Gtek
[2009.02.04 20:31:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\gtk-2.0
[2007.10.23 20:22:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Help
[2007.03.30 01:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ICQLite
[2008.09.30 01:09:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Identities
[2007.03.19 23:42:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Intel
[2008.09.30 01:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\iWin
[2008.04.04 14:01:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Lavasoft
[2007.04.07 21:38:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Leadertech
[2011.11.13 17:20:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\LibreOffice
[2009.02.22 12:14:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\LimeWire
[2007.03.29 22:35:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Macromedia
[2012.08.29 19:14:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes
[2007.03.26 13:23:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\McAfee.com Personal Firewall
[2012.09.02 17:20:00 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Microsoft
[2008.12.18 01:22:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla
[2011.02.09 16:36:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\OpenOffice.org
[2011.02.09 13:13:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\OpenOffice.org2
[2007.05.26 14:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Real
[2007.08.21 13:16:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\SAS
[2008.02.05 09:13:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ScanSoft
[2012.09.13 10:59:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Skype
[2007.04.07 21:38:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Sonic
[2007.05.17 10:56:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Sun
[2007.03.29 23:53:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Template
[2012.01.11 21:20:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TuneUp Software
[2009.05.24 10:18:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3
[2008.09.30 01:09:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Zylom
 
< %APPDATA%\*.exe /s >
[2008.02.11 01:49:52 | 004,506,256 | ---- | M] (Lime Wire LLC) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
[2010.08.13 09:13:32 | 000,032,032 | ---- | M] (NOS Microsystems Ltd.) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\nostmp\content\getPlusPlus_Adobe_reg.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 16:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004.08.04 16:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2012.07.12 18:02:17 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2012.07.12 18:02:17 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004.08.04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 16:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004.08.04 16:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2012.07.12 18:02:17 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2012.07.12 18:02:17 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 16:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\i386\eventlog.dll
[2004.08.04 16:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\i386\netlogon.dll
[2004.08.04 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 16:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\i386\scecli.dll
[2004.08.04 16:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 16:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\i386\user32.dll
[2004.08.04 16:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 16:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\i386\userinit.exe
[2004.08.04 16:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 16:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\i386\winlogon.exe
[2004.08.04 16:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 16:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\i386\ws2ifsl.sys
[2004.08.04 16:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2004.08.13 14:46:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004.08.13 14:46:20 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.08.13 14:46:20 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 140 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:BEB71B81
@Alternate Data Stream - 103 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9F683177

< End of report >
--- --- ---

cosinus 16.09.2012 18:20
Da ich nicht genau weiß wann die Version rauskam, ich hatte irgendwas mit dem Abend zuvor vermutet hab ich nochmal nachgefragt

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - user.js - File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\system32\C.tmp File not found
DRV - (M9207) -- system32\DRIVERS\M9207BDA.sys File not found
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
[2010.07.02 20:30:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.17 15:41:40 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\searchplugins\conduit.xml
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll File not found
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll File not found
O3 - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\Qigong\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3129759340-1621867061-3447965378-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.13 14:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{41b40115-470d-11de-9dc8-0019b9592004}\Shell - "" = AutoRun
O33 - MountPoints2\{41b40115-470d-11de-9dc8-0019b9592004}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41b40115-470d-11de-9dc8-0019b9592004}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\Shell - "" = AutoRun
O33 - MountPoints2\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\Shell\AutoRun\command - "" = E:\pushinst.exe
@Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 140 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:BEB71B81
@Alternate Data Stream - 103 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9F683177
:Files
E:\Downloads\SoftonicDownloader_fuer_pdf24-creator.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{*
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

snoop999 17.09.2012 07:42
Das Programm läuft seit gestern Abend und die Systemzeit des Rechners ist bei 20:00 Uhr "eingefroren". Ist das normal?

cosinus 17.09.2012 08:38
Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.

snoop999 17.09.2012 22:55
Im abgesicherten Modus hat es funktioniert.
Code:
All processes killed
========== OTL ==========
Service MEMSWEEP2 stopped successfully!
Service MEMSWEEP2 deleted successfully!
File  C:\WINDOWS\system32\C.tmp File not found not found.
Service M9207 stopped successfully!
Service M9207 deleted successfully!
File  system32\DRIVERS\M9207BDA.sys File not found not found.
Prefs.js: "Search the web" removed from browser.search.defaultenginename
Prefs.js: "ZoneAlarm-Sicherheit Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "ZoneAlarm-Sicherheit Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.suggest.enabled
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Folder C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
File C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\searchplugins\conduit.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{327C2873-E90D-4c37-AA9D-10AC9BABA46C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}\ deleted successfully.
File WebPrint\Toolband.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
Registry value HKEY_USERS\S-1-5-21-3129759340-1621867061-3447965378-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISW deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3129759340-1621867061-3447965378-1005\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
C:\Dokumente und Einstellungen\Qigong\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoMSAppLogo5ChannelNotify deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarCustomize deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3129759340-1621867061-3447965378-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41b40115-470d-11de-9dc8-0019b9592004}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41b40115-470d-11de-9dc8-0019b9592004}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41b40115-470d-11de-9dc8-0019b9592004}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41b40115-470d-11de-9dc8-0019b9592004}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41b40115-470d-11de-9dc8-0019b9592004}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41b40115-470d-11de-9dc8-0019b9592004}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97bd51a-01b5-11dd-9fb6-0019b9592004}\ not found.
File E:\pushinst.exe not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:BEB71B81 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9F683177 deleted successfully.
========== FILES ==========
E:\Downloads\SoftonicDownloader_fuer_pdf24-creator.exe moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936} folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\xxx\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\xxx\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: All Users
 
User: contact
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes
 
User: Gast
->Temp folder emptied: 1120738 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6861458 bytes
->Flash cache emptied: 41 bytes
 
User: LocalService
->Temp folder emptied: 2189464 bytes
->Temporary Internet Files folder emptied: 284801 bytes
->FireFox cache emptied: 12212965 bytes
 
User: NetworkService
->Temp folder emptied: 2130376 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Qigong
->Temp folder emptied: 1554930 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 5644730 bytes
->Flash cache emptied: 41 bytes
 
User: xxx
->Temp folder emptied: 7684223 bytes
->Temporary Internet Files folder emptied: 98995 bytes
->Java cache emptied: 16626156 bytes
->FireFox cache emptied: 86871219 bytes
->Flash cache emptied: 741 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3771271 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1064611 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 141,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.5 log created on 09172012_234554

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 19.09.2012 11:06
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

snoop999 19.09.2012 11:42
Code:
12:34:52.0984 2936  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:34:52.0984 2936  ============================================================
12:34:52.0984 2936  Current date / time: 2012/09/19 12:34:52.0984
12:34:52.0984 2936  SystemInfo:
12:34:53.0000 2936 
12:34:53.0000 2936  OS Version: 5.1.2600 ServicePack: 3.0
12:34:53.0000 2936  Product type: Workstation
12:34:53.0000 2936  ComputerName: MOBIL
12:34:53.0000 2936  UserName: xxx
12:34:53.0000 2936  Windows directory: C:\WINDOWS
12:34:53.0000 2936  System windows directory: C:\WINDOWS
12:34:53.0000 2936  Processor architecture: Intel x86
12:34:53.0000 2936  Number of processors: 2
12:34:53.0000 2936  Page size: 0x1000
12:34:53.0000 2936  Boot type: Normal boot
12:34:53.0000 2936  ============================================================
12:34:54.0906 2936  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:34:54.0906 2936  Drive \Device\Harddisk1\DR5 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:34:54.0906 2936  ============================================================
12:34:54.0906 2936  \Device\Harddisk0\DR0:
12:34:54.0906 2936  MBR partitions:
12:34:54.0906 2936  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x11FEC629
12:34:54.0937 2936  \Device\Harddisk1\DR5:
12:34:54.0937 2936  MBR partitions:
12:34:54.0937 2936  \Device\Harddisk1\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
12:34:54.0937 2936  ============================================================
12:34:54.0984 2936  C: <-> \Device\Harddisk0\DR0\Partition1
12:34:55.0093 2936  E: <-> \Device\Harddisk1\DR5\Partition1
12:34:55.0156 2936  ============================================================
12:34:55.0156 2936  Initialize success
12:34:55.0156 2936  ============================================================
12:35:57.0703 3640  ============================================================
12:35:57.0703 3640  Scan started
12:35:57.0703 3640  Mode: Manual; SigCheck; TDLFS;
12:35:57.0703 3640  ============================================================
12:35:58.0625 3640  ================ Scan system memory ========================
12:36:02.0343 3640  System memory - ok
12:36:02.0343 3640  ================ Scan services =============================
12:36:02.0453 3640  Abiosdsk - ok
12:36:02.0500 3640  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:36:04.0546 3640  abp480n5 - ok
12:36:04.0609 3640  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:36:04.0843 3640  ACPI - ok
12:36:04.0906 3640  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
12:36:05.0031 3640  ACPIEC - ok
12:36:05.0125 3640  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:36:05.0156 3640  AdobeFlashPlayerUpdateSvc - ok
12:36:05.0203 3640  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:36:05.0328 3640  adpu160m - ok
12:36:05.0359 3640  [ 8BED39E3C35D6A489438B8141717A557 ] aec            C:\WINDOWS\system32\drivers\aec.sys
12:36:05.0468 3640  aec - ok
12:36:05.0531 3640  [ 375EB0B97E3950ADEF3633C27A82438B ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:36:05.0546 3640  AegisP ( UnsignedFile.Multi.Generic ) - warning
12:36:05.0546 3640  AegisP - detected UnsignedFile.Multi.Generic (1)
12:36:05.0593 3640  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD            C:\WINDOWS\System32\drivers\afd.sys
12:36:05.0625 3640  AFD - ok
12:36:05.0687 3640  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
12:36:05.0859 3640  agp440 - ok
12:36:05.0890 3640  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:36:06.0078 3640  agpCPQ - ok
12:36:06.0125 3640  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x        C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:36:06.0203 3640  Aha154x - ok
12:36:06.0234 3640  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2        C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:36:06.0390 3640  aic78u2 - ok
12:36:06.0468 3640  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx        C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:36:06.0593 3640  aic78xx - ok
12:36:06.0640 3640  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter        C:\WINDOWS\system32\alrsvc.dll
12:36:06.0765 3640  Alerter - ok
12:36:06.0781 3640  [ 190CD73D4984F94D823F9444980513E5 ] ALG            C:\WINDOWS\System32\alg.exe
12:36:06.0890 3640  ALG - ok
12:36:06.0921 3640  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
12:36:07.0093 3640  AliIde - ok
12:36:07.0187 3640  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:36:07.0328 3640  alim1541 - ok
12:36:07.0359 3640  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:36:07.0484 3640  amdagp - ok
12:36:07.0578 3640  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
12:36:07.0671 3640  amsint - ok
12:36:07.0781 3640  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
12:36:07.0828 3640  AntiVirSchedulerService - ok
12:36:07.0875 3640  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
12:36:07.0906 3640  AntiVirService - ok
12:36:07.0968 3640  [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
12:36:08.0000 3640  AntiVirWebService - ok
12:36:08.0046 3640  [ EC94E05B76D033B74394E7B2175103CF ] APPDRV          C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
12:36:08.0062 3640  APPDRV ( UnsignedFile.Multi.Generic ) - warning
12:36:08.0062 3640  APPDRV - detected UnsignedFile.Multi.Generic (1)
12:36:08.0109 3640  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt        C:\WINDOWS\System32\appmgmts.dll
12:36:08.0312 3640  AppMgmt - ok
12:36:08.0375 3640  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394        C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:36:08.0578 3640  Arp1394 - ok
12:36:08.0609 3640  [ 62D318E9A0C8FC9B780008E724283707 ] asc            C:\WINDOWS\system32\DRIVERS\asc.sys
12:36:08.0765 3640  asc - ok
12:36:08.0781 3640  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:36:08.0859 3640  asc3350p - ok
12:36:08.0890 3640  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550        C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:36:09.0031 3640  asc3550 - ok
12:36:09.0187 3640  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:36:09.0234 3640  aspnet_state - ok
12:36:09.0250 3640  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:36:09.0406 3640  AsyncMac - ok
12:36:09.0468 3640  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi          C:\WINDOWS\system32\DRIVERS\atapi.sys
12:36:09.0625 3640  atapi - ok
12:36:09.0640 3640  Atdisk - ok
12:36:09.0687 3640  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc        C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:36:09.0906 3640  Atmarpc - ok
12:36:09.0984 3640  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:36:10.0109 3640  AudioSrv - ok
12:36:10.0140 3640  [ D9F724AA26C010A217C97606B160ED68 ] audstub        C:\WINDOWS\system32\DRIVERS\audstub.sys
12:36:10.0265 3640  audstub - ok
12:36:10.0281 3640  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:36:10.0312 3640  avgntflt - ok
12:36:10.0343 3640  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:36:10.0359 3640  avipbb - ok
12:36:10.0375 3640  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
12:36:10.0390 3640  avkmgr - ok
12:36:10.0421 3640  [ 6489310D11971F6BA6C7F49BE0BAF6E0 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
12:36:10.0484 3640  bcm4sbxp - ok
12:36:10.0546 3640  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:36:10.0687 3640  Beep - ok
12:36:10.0796 3640  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
12:36:10.0937 3640  BITS - ok
12:36:10.0984 3640  [ B71549F23736ADF83A571061C47777FD ] Browser        C:\WINDOWS\System32\browser.dll
12:36:11.0062 3640  Browser - ok
12:36:11.0109 3640  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf          C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:36:11.0296 3640  cbidf - ok
12:36:11.0296 3640  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k        C:\WINDOWS\system32\drivers\cbidf2k.sys
12:36:11.0453 3640  cbidf2k - ok
12:36:11.0500 3640  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:36:11.0671 3640  CCDECODE - ok
12:36:11.0703 3640  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:36:11.0812 3640  cd20xrnt - ok
12:36:11.0828 3640  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio        C:\WINDOWS\system32\drivers\Cdaudio.sys
12:36:11.0984 3640  Cdaudio - ok
12:36:12.0062 3640  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:36:12.0187 3640  Cdfs - ok
12:36:12.0265 3640  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom          C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:36:12.0390 3640  Cdrom - ok
12:36:12.0390 3640  Changer - ok
12:36:12.0437 3640  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc          C:\WINDOWS\system32\cisvc.exe
12:36:12.0609 3640  CiSvc - ok
12:36:12.0656 3640  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv        C:\WINDOWS\system32\clipsrv.exe
12:36:12.0875 3640  ClipSrv - ok
12:36:13.0031 3640  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:36:13.0125 3640  clr_optimization_v2.0.50727_32 - ok
12:36:13.0171 3640  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:36:13.0296 3640  CmBatt - ok
12:36:13.0343 3640  [ C687F81290303D90099B027A6474F99F ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:36:13.0515 3640  CmdIde - ok
12:36:13.0562 3640  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:36:14.0062 3640  Compbatt - ok
12:36:14.0062 3640  COMSysApp - ok
12:36:14.0093 3640  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:36:14.0234 3640  Cpqarray - ok
12:36:14.0281 3640  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:36:14.0453 3640  CryptSvc - ok
12:36:14.0500 3640  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k        C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:36:14.0640 3640  dac2w2k - ok
12:36:14.0656 3640  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:36:14.0796 3640  dac960nt - ok
12:36:14.0859 3640  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:36:14.0937 3640  DcomLaunch - ok
12:36:14.0984 3640  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:36:15.0140 3640  Dhcp - ok
12:36:15.0156 3640  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:36:15.0281 3640  Disk - ok
12:36:15.0281 3640  dmadmin - ok
12:36:15.0375 3640  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:36:15.0546 3640  dmboot - ok
12:36:15.0546 3640  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:36:15.0703 3640  dmio - ok
12:36:15.0734 3640  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:36:15.0859 3640  dmload - ok
12:36:15.0906 3640  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:36:16.0078 3640  dmserver - ok
12:36:16.0171 3640  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:36:16.0343 3640  DMusic - ok
12:36:16.0375 3640  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:36:16.0484 3640  Dnscache - ok
12:36:16.0546 3640  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc        C:\WINDOWS\System32\dot3svc.dll
12:36:16.0765 3640  Dot3svc - ok
12:36:16.0781 3640  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:36:16.0937 3640  dpti2o - ok
12:36:16.0953 3640  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud        C:\WINDOWS\system32\drivers\drmkaud.sys
12:36:17.0062 3640  drmkaud - ok
12:36:17.0187 3640  [ E814854E6B246CCF498874839AB64D77 ] drvmcdb        C:\WINDOWS\system32\drivers\drvmcdb.sys
12:36:17.0187 3640  drvmcdb ( UnsignedFile.Multi.Generic ) - warning
12:36:17.0187 3640  drvmcdb - detected UnsignedFile.Multi.Generic (1)
12:36:17.0203 3640  [ EE83A4EBAE70BC93CF14879D062F548B ] drvnddm        C:\WINDOWS\system32\drivers\drvnddm.sys
12:36:17.0218 3640  drvnddm ( UnsignedFile.Multi.Generic ) - warning
12:36:17.0218 3640  drvnddm - detected UnsignedFile.Multi.Generic (1)
12:36:17.0296 3640  [ 2AC2372FFAD9ADC85672CC8E8AE14BE9 ] DSproct        C:\Programme\Dell Support\GTAction\triggers\DSproct.sys
12:36:17.0328 3640  DSproct ( UnsignedFile.Multi.Generic ) - warning
12:36:17.0328 3640  DSproct - detected UnsignedFile.Multi.Generic (1)
12:36:17.0359 3640  [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B          C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:36:17.0515 3640  E100B - ok
12:36:17.0593 3640  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost        C:\WINDOWS\System32\eapsvc.dll
12:36:17.0812 3640  EapHost - ok
12:36:17.0875 3640  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc          C:\WINDOWS\System32\ersvc.dll
12:36:17.0984 3640  ERSvc - ok
12:36:18.0031 3640  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
12:36:18.0078 3640  Eventlog - ok
12:36:18.0156 3640  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem    C:\WINDOWS\system32\es.dll
12:36:18.0218 3640  EventSystem - ok
12:36:18.0281 3640  [ 788C72B145C75A7EE5F5D6A32542D912 ] EvtEng          C:\Programme\Intel\Wireless\Bin\EvtEng.exe
12:36:18.0312 3640  EvtEng ( UnsignedFile.Multi.Generic ) - warning
12:36:18.0312 3640  EvtEng - detected UnsignedFile.Multi.Generic (1)
12:36:18.0359 3640  [ 38D332A6D56AF32635675F132548343E ] Fastfat        C:\WINDOWS\system32\drivers\Fastfat.sys
12:36:18.0578 3640  Fastfat - ok
12:36:18.0625 3640  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:36:18.0703 3640  FastUserSwitchingCompatibility - ok
12:36:18.0718 3640  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc            C:\WINDOWS\system32\DRIVERS\fdc.sys
12:36:18.0828 3640  Fdc - ok
12:36:18.0859 3640  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:36:18.0984 3640  Fips - ok
12:36:19.0015 3640  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:36:19.0156 3640  Flpydisk - ok
12:36:19.0187 3640  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
12:36:19.0296 3640  FltMgr - ok
12:36:19.0375 3640  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:36:19.0390 3640  FontCache3.0.0.0 - ok
12:36:19.0421 3640  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:36:19.0546 3640  Fs_Rec - ok
12:36:19.0593 3640  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:36:19.0718 3640  Ftdisk - ok
12:36:19.0765 3640  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc            C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:36:19.0890 3640  Gpc - ok
12:36:19.0984 3640  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9e3af68a3f28e C:\Programme\Google\Update\GoogleUpdate.exe
12:36:20.0000 3640  gupdate1c9e3af68a3f28e - ok
12:36:20.0015 3640  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
12:36:20.0031 3640  gupdatem - ok
12:36:20.0078 3640  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:36:20.0265 3640  HDAudBus - ok
12:36:20.0421 3640  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc        C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:36:20.0609 3640  helpsvc - ok
12:36:20.0640 3640  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ        C:\WINDOWS\System32\hidserv.dll
12:36:20.0750 3640  HidServ - ok
12:36:20.0765 3640  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:36:20.0890 3640  HidUsb - ok
12:36:20.0937 3640  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:36:21.0046 3640  hkmsvc - ok
12:36:21.0125 3640  [ 4BDA4856BD308C90CD5A98B6BF294A73 ] hnmsvc          C:\Programme\Dell Network Assistant\hnm_svc.exe
12:36:21.0140 3640  hnmsvc - ok
12:36:21.0171 3640  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn            C:\WINDOWS\system32\DRIVERS\hpn.sys
12:36:21.0281 3640  hpn - ok
12:36:21.0343 3640  [ 1C8CAA80E91FB71864E9426F9EED048D ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
12:36:21.0390 3640  HSFHWAZL - ok
12:36:21.0437 3640  [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV        C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
12:36:21.0515 3640  HSF_DPV - ok
12:36:21.0593 3640  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:36:21.0656 3640  HTTP - ok
12:36:21.0703 3640  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:36:21.0890 3640  HTTPFilter - ok
12:36:21.0890 3640  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt        C:\WINDOWS\system32\drivers\i2omgmt.sys
12:36:22.0140 3640  i2omgmt - ok
12:36:22.0187 3640  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp          C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:36:22.0328 3640  i2omp - ok
12:36:22.0343 3640  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:36:22.0453 3640  i8042prt - ok
12:36:22.0625 3640  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc          c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:36:22.0671 3640  idsvc - ok
12:36:22.0718 3640  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi          C:\WINDOWS\system32\DRIVERS\imapi.sys
12:36:22.0843 3640  Imapi - ok
12:36:22.0906 3640  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:36:23.0093 3640  ImapiService - ok
12:36:23.0140 3640  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u        C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:36:23.0375 3640  ini910u - ok
12:36:23.0453 3640  [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
12:36:23.0578 3640  IntelIde - ok
12:36:23.0609 3640  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:36:23.0750 3640  intelppm - ok
12:36:23.0765 3640  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw          C:\WINDOWS\system32\drivers\ip6fw.sys
12:36:23.0890 3640  Ip6Fw - ok
12:36:23.0921 3640  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:36:24.0062 3640  IpFilterDriver - ok
12:36:24.0156 3640  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:36:24.0265 3640  IpInIp - ok
12:36:24.0312 3640  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat          C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:36:24.0421 3640  IpNat - ok
12:36:24.0437 3640  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec          C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:36:24.0562 3640  IPSec - ok
12:36:24.0578 3640  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:36:24.0765 3640  IRENUM - ok
12:36:24.0843 3640  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:36:25.0015 3640  isapnp - ok
12:36:25.0125 3640  [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
12:36:25.0140 3640  JavaQuickStarterService - ok
12:36:25.0203 3640  [ 6960D14BAC216317B45F95155280B0F4 ] JMP License Service C:\Programme\Gemeinsame Dateien\SAS Institute Inc Shared\Service\JMPLicSvc.exe
12:36:25.0250 3640  JMP License Service ( UnsignedFile.Multi.Generic ) - warning
12:36:25.0250 3640  JMP License Service - detected UnsignedFile.Multi.Generic (1)
12:36:25.0296 3640  [ C4D1E49A7D853A6FDFE8EC2906AE5AAA ] Jukebox3        C:\WINDOWS\system32\DRIVERS\ctpdusb.sys
12:36:25.0343 3640  Jukebox3 - ok
12:36:25.0375 3640  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:36:25.0546 3640  Kbdclass - ok
12:36:25.0593 3640  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:36:25.0781 3640  kmixer - ok
12:36:25.0859 3640  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:36:25.0953 3640  KSecDD - ok
12:36:25.0984 3640  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
12:36:26.0031 3640  lanmanserver - ok
12:36:26.0078 3640  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:36:26.0125 3640  lanmanworkstation - ok
12:36:26.0125 3640  lbrtfdc - ok
12:36:26.0187 3640  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts        C:\WINDOWS\System32\lmhsvc.dll
12:36:26.0296 3640  LmHosts - ok
12:36:26.0343 3640  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector  C:\WINDOWS\system32\drivers\mbam.sys
12:36:26.0375 3640  MBAMProtector - ok
12:36:26.0484 3640  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler  C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:36:26.0531 3640  MBAMScheduler - ok
12:36:26.0593 3640  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService    C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
12:36:26.0656 3640  MBAMService - ok
12:36:26.0718 3640  [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk        C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:36:26.0750 3640  mdmxsdk - ok
12:36:26.0812 3640  [ B7550A7107281D170CE85524B1488C98 ] Messenger      C:\WINDOWS\System32\msgsvc.dll
12:36:27.0031 3640  Messenger - ok
12:36:27.0062 3640  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd          C:\WINDOWS\system32\drivers\mnmdd.sys
12:36:27.0187 3640  mnmdd - ok
12:36:27.0234 3640  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc        C:\WINDOWS\system32\mnmsrvc.exe
12:36:27.0375 3640  mnmsrvc - ok
12:36:27.0390 3640  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem          C:\WINDOWS\system32\drivers\Modem.sys
12:36:27.0515 3640  Modem - ok
12:36:27.0562 3640  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:36:27.0687 3640  Mouclass - ok
12:36:27.0734 3640  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:36:27.0875 3640  mouhid - ok
12:36:27.0953 3640  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:36:28.0093 3640  MountMgr - ok
12:36:28.0156 3640  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
12:36:28.0187 3640  MozillaMaintenance - ok
12:36:28.0218 3640  [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE            C:\WINDOWS\system32\DRIVERS\MPE.sys
12:36:28.0343 3640  MPE - ok
12:36:28.0390 3640  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:36:28.0578 3640  mraid35x - ok
12:36:28.0609 3640  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:36:29.0078 3640  MRxDAV - ok
12:36:29.0125 3640  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:36:29.0171 3640  MRxSmb - ok
12:36:29.0234 3640  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC          C:\WINDOWS\system32\msdtc.exe
12:36:29.0359 3640  MSDTC - ok
12:36:29.0375 3640  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:36:29.0500 3640  Msfs - ok
12:36:29.0500 3640  MSIServer - ok
12:36:29.0562 3640  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV        C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:36:29.0687 3640  MSKSSRV - ok
12:36:29.0703 3640  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:36:29.0812 3640  MSPCLOCK - ok
12:36:29.0843 3640  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM          C:\WINDOWS\system32\drivers\MSPQM.sys
12:36:29.0984 3640  MSPQM - ok
12:36:29.0984 3640  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:36:30.0093 3640  mssmbios - ok
12:36:30.0125 3640  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE          C:\WINDOWS\system32\drivers\MSTEE.sys
12:36:30.0265 3640  MSTEE - ok
12:36:30.0296 3640  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup            C:\WINDOWS\system32\drivers\Mup.sys
12:36:30.0328 3640  Mup - ok
12:36:30.0359 3640  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:36:30.0484 3640  NABTSFEC - ok
12:36:30.0531 3640  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:36:30.0671 3640  napagent - ok
12:36:30.0718 3640  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:36:30.0859 3640  NDIS - ok
12:36:30.0921 3640  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:36:31.0109 3640  NdisIP - ok
12:36:31.0140 3640  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:36:31.0187 3640  NdisTapi - ok
12:36:31.0203 3640  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio        C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:36:31.0390 3640  Ndisuio - ok
12:36:31.0390 3640  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan        C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:36:31.0593 3640  NdisWan - ok
12:36:31.0625 3640  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy        C:\WINDOWS\system32\drivers\NDProxy.sys
12:36:31.0656 3640  NDProxy - ok
12:36:31.0656 3640  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS        C:\WINDOWS\system32\DRIVERS\netbios.sys
12:36:31.0781 3640  NetBIOS - ok
12:36:31.0812 3640  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT          C:\WINDOWS\system32\DRIVERS\netbt.sys
12:36:31.0921 3640  NetBT - ok
12:36:31.0968 3640  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:36:32.0109 3640  NetDDE - ok
12:36:32.0109 3640  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:36:32.0234 3640  NetDDEdsdm - ok
12:36:32.0265 3640  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:36:32.0390 3640  Netlogon - ok
12:36:32.0421 3640  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
12:36:32.0546 3640  Netman - ok
12:36:32.0578 3640  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:36:32.0593 3640  NetTcpPortSharing - ok
12:36:32.0703 3640  [ 71371ED9086A3D65F43967C89634E9A9 ] NETw3x32        C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
12:36:32.0796 3640  NETw3x32 - ok
12:36:32.0843 3640  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394        C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:36:32.0968 3640  NIC1394 - ok
12:36:33.0031 3640  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla            C:\WINDOWS\System32\mswsock.dll
12:36:33.0062 3640  Nla - ok
12:36:33.0140 3640  [ EF7A048FE8E3F102C78C9BD7C448BB6C ] nosGetPlusHelper C:\Programme\NOS\bin\getPlus_Helper_3004.dll
12:36:33.0171 3640  nosGetPlusHelper - ok
12:36:33.0218 3640  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:36:33.0406 3640  Npfs - ok
12:36:33.0453 3640  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:36:33.0593 3640  Ntfs - ok
12:36:33.0625 3640  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp        C:\WINDOWS\system32\lsass.exe
12:36:33.0734 3640  NtLmSsp - ok
12:36:33.0796 3640  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc        C:\WINDOWS\system32\ntmssvc.dll
12:36:33.0921 3640  NtmsSvc - ok
12:36:33.0953 3640  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:36:34.0078 3640  Null - ok
12:36:34.0234 3640  [ F238620BC9D2FDF8734948C0A4441707 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:36:34.0578 3640  nv - ok
12:36:34.0640 3640  [ D54292149E9ED49AD149879B67EC24D1 ] NVSvc          C:\WINDOWS\system32\nvsvc32.exe
12:36:34.0687 3640  NVSvc - ok
12:36:34.0703 3640  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:36:34.0921 3640  NwlnkFlt - ok
12:36:34.0984 3640  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:36:35.0093 3640  NwlnkFwd - ok
12:36:35.0140 3640  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:36:35.0265 3640  ohci1394 - ok
12:36:35.0312 3640  [ B17228142CEC9B3C222239FD935A37CA ] omci            C:\WINDOWS\system32\DRIVERS\omci.sys
12:36:35.0312 3640  omci ( UnsignedFile.Multi.Generic ) - warning
12:36:35.0312 3640  omci - detected UnsignedFile.Multi.Generic (1)
12:36:35.0375 3640  [ 8F856DAE19383BD69DB444004D5D4F50 ] Packet          C:\WINDOWS\system32\DRIVERS\packet.sys
12:36:35.0390 3640  Packet ( UnsignedFile.Multi.Generic ) - warning
12:36:35.0390 3640  Packet - detected UnsignedFile.Multi.Generic (1)
12:36:35.0406 3640  [ F84785660305B9B903FB3BCA8BA29837 ] Parport        C:\WINDOWS\system32\DRIVERS\parport.sys
12:36:35.0546 3640  Parport - ok
12:36:35.0546 3640  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr        C:\WINDOWS\system32\drivers\PartMgr.sys
12:36:35.0703 3640  PartMgr - ok
12:36:35.0734 3640  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:36:35.0890 3640  ParVdm - ok
12:36:35.0906 3640  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI            C:\WINDOWS\system32\DRIVERS\pci.sys
12:36:36.0031 3640  PCI - ok
12:36:36.0046 3640  PCIDump - ok
12:36:36.0125 3640  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:36:36.0281 3640  PCIIde - ok
12:36:36.0296 3640  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:36:36.0437 3640  Pcmcia - ok
12:36:36.0437 3640  PDCOMP - ok
12:36:36.0437 3640  PDFRAME - ok
12:36:36.0453 3640  PDRELI - ok
12:36:36.0453 3640  PDRFRAME - ok
12:36:36.0531 3640  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2          C:\WINDOWS\system32\DRIVERS\perc2.sys
12:36:36.0671 3640  perc2 - ok
12:36:36.0687 3640  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:36:36.0843 3640  perc2hib - ok
12:36:36.0921 3640  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
12:36:36.0984 3640  PlugPlay - ok
12:36:36.0984 3640  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent    C:\WINDOWS\system32\lsass.exe
12:36:37.0093 3640  PolicyAgent - ok
12:36:37.0140 3640  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:36:37.0265 3640  PptpMiniport - ok
12:36:37.0281 3640  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:36:37.0390 3640  ProtectedStorage - ok
12:36:37.0390 3640  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:36:37.0500 3640  PSched - ok
12:36:37.0515 3640  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink        C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:36:37.0625 3640  Ptilink - ok
12:36:37.0671 3640  [ 7C81AE3C9B82BA2DA437ED4D31BC56CF ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:36:37.0687 3640  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
12:36:37.0687 3640  PxHelp20 - detected UnsignedFile.Multi.Generic (1)
12:36:37.0734 3640  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:36:37.0859 3640  ql1080 - ok
12:36:37.0859 3640  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt        C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:36:37.0984 3640  Ql10wnt - ok
12:36:37.0984 3640  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160        C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:36:38.0109 3640  ql12160 - ok
12:36:38.0125 3640  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:36:38.0234 3640  ql1240 - ok
12:36:38.0234 3640  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:36:38.0359 3640  ql1280 - ok
12:36:38.0375 3640  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:36:38.0500 3640  RasAcd - ok
12:36:38.0546 3640  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto        C:\WINDOWS\System32\rasauto.dll
12:36:38.0687 3640  RasAuto - ok
12:36:38.0765 3640  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp        C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:36:39.0156 3640  Rasl2tp - ok
12:36:39.0218 3640  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:36:39.0375 3640  RasMan - ok
12:36:39.0406 3640  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:36:39.0593 3640  RasPppoe - ok
12:36:39.0593 3640  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:36:39.0718 3640  Raspti - ok
12:36:39.0750 3640  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss          C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:36:39.0875 3640  Rdbss - ok
12:36:39.0890 3640  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:36:40.0015 3640  RDPCDD - ok
12:36:40.0031 3640  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr          C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:36:40.0156 3640  rdpdr - ok
12:36:40.0218 3640  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD          C:\WINDOWS\system32\drivers\RDPWD.sys
12:36:40.0250 3640  RDPWD - ok
12:36:40.0281 3640  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr      C:\WINDOWS\system32\sessmgr.exe
12:36:40.0437 3640  RDSessMgr - ok
12:36:40.0515 3640  [ ED761D453856F795A7FE056E42C36365 ] redbook        C:\WINDOWS\system32\DRIVERS\redbook.sys
12:36:40.0656 3640  redbook - ok
12:36:40.0703 3640  [ D8894ACEFE1A607DE7D0E628285BFFF4 ] RegSrvc        C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
12:36:40.0734 3640  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
12:36:40.0734 3640  RegSrvc - detected UnsignedFile.Multi.Generic (1)
12:36:40.0781 3640  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:36:40.0968 3640  RemoteAccess - ok
12:36:41.0031 3640  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
12:36:41.0187 3640  RemoteRegistry - ok
12:36:41.0218 3640  [ 24ED7AF20651F9FA1F249482E7C1F165 ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
12:36:41.0265 3640  rimmptsk - ok
12:36:41.0265 3640  [ 1BDBA2D2D402415A78A4BA766DFE0F7B ] rimsptsk        C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
12:36:41.0312 3640  rimsptsk - ok
12:36:41.0359 3640  [ F774ECD11A064F0DEBB2D4395418153C ] rismxdp        C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
12:36:41.0406 3640  rismxdp - ok
12:36:41.0437 3640  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:36:41.0578 3640  RpcLocator - ok
12:36:41.0625 3640  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs          C:\WINDOWS\system32\rpcss.dll
12:36:41.0687 3640  RpcSs - ok
12:36:41.0734 3640  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
12:36:41.0921 3640  RSVP - ok
12:36:42.0000 3640  [ C17C3A529CE14012F9731A6E264C1911 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
12:36:42.0031 3640  S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
12:36:42.0031 3640  S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
12:36:42.0046 3640  [ DAEF68FC328342D219DE928C8EE610B2 ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:36:42.0078 3640  s24trans ( UnsignedFile.Multi.Generic ) - warning
12:36:42.0078 3640  s24trans - detected UnsignedFile.Multi.Generic (1)
12:36:42.0078 3640  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs          C:\WINDOWS\system32\lsass.exe
12:36:42.0187 3640  SamSs - ok
12:36:42.0234 3640  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:36:42.0375 3640  SCardSvr - ok
12:36:42.0421 3640  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:36:42.0531 3640  Schedule - ok
12:36:42.0578 3640  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus          C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:36:42.0703 3640  sdbus - ok
12:36:42.0734 3640  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:36:42.0843 3640  Secdrv - ok
12:36:42.0875 3640  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:36:42.0984 3640  seclogon - ok
12:36:43.0000 3640  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
12:36:43.0125 3640  SENS - ok
12:36:43.0156 3640  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum        C:\WINDOWS\system32\DRIVERS\serenum.sys
12:36:43.0265 3640  serenum - ok
12:36:43.0296 3640  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
12:36:43.0406 3640  Serial - ok
12:36:43.0421 3640  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy        C:\WINDOWS\system32\drivers\Sfloppy.sys
12:36:43.0546 3640  Sfloppy - ok
12:36:43.0625 3640  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:36:43.0765 3640  SharedAccess - ok
12:36:43.0781 3640  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:36:43.0812 3640  ShellHWDetection - ok
12:36:43.0812 3640  Simbad - ok
12:36:43.0859 3640  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:36:43.0968 3640  sisagp - ok
12:36:44.0015 3640  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Programme\Skype\Updater\Updater.exe
12:36:44.0046 3640  SkypeUpdate - ok
12:36:44.0062 3640  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:36:44.0218 3640  SLIP - ok
12:36:44.0265 3640  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:36:44.0406 3640  SONYPVU1 - ok
12:36:44.0421 3640  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow        C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:36:44.0515 3640  Sparrow - ok
12:36:44.0546 3640  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:36:44.0687 3640  splitter - ok
12:36:44.0734 3640  [ 60784F891563FB1B767F70117FC2428F ] Spooler        C:\WINDOWS\system32\spoolsv.exe
12:36:44.0781 3640  Spooler - ok
12:36:44.0796 3640  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:36:44.0921 3640  sr - ok
12:36:45.0031 3640  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice      C:\WINDOWS\system32\srsvc.dll
12:36:45.0140 3640  srservice - ok
12:36:45.0171 3640  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv            C:\WINDOWS\system32\DRIVERS\srv.sys
12:36:45.0234 3640  Srv - ok
12:36:45.0265 3640  [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5        C:\WINDOWS\system32\drivers\sscdbhk5.sys
12:36:45.0281 3640  sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
12:36:45.0281 3640  sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
12:36:45.0328 3640  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV        C:\WINDOWS\System32\ssdpsrv.dll
12:36:45.0437 3640  SSDPSRV - ok
12:36:45.0484 3640  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:36:45.0515 3640  ssmdrv - ok
12:36:45.0515 3640  [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln          C:\WINDOWS\system32\drivers\ssrtln.sys
12:36:45.0546 3640  ssrtln ( UnsignedFile.Multi.Generic ) - warning
12:36:45.0546 3640  ssrtln - detected UnsignedFile.Multi.Generic (1)
12:36:45.0656 3640  [ 3AD78E22210D3FBD9F76DE84A8DF19B5 ] STHDA          C:\WINDOWS\system32\drivers\sthda.sys
12:36:45.0750 3640  STHDA - ok
12:36:45.0843 3640  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:36:46.0093 3640  stisvc - ok
12:36:46.0140 3640  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:36:46.0281 3640  streamip - ok
12:36:46.0296 3640  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:36:46.0406 3640  swenum - ok
12:36:46.0437 3640  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:36:46.0546 3640  swmidi - ok
12:36:46.0546 3640  SwPrv - ok
12:36:46.0609 3640  [ 1FF3217614018630D0A6758630FC698C ] symc810        C:\WINDOWS\system32\DRIVERS\symc810.sys
12:36:46.0765 3640  symc810 - ok
12:36:46.0781 3640  [ 070E001D95CF725186EF8B20335F933C ] symc8xx        C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:36:46.0921 3640  symc8xx - ok
12:36:46.0937 3640  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:36:47.0046 3640  sym_hi - ok
12:36:47.0078 3640  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:36:47.0187 3640  sym_u3 - ok
12:36:47.0234 3640  [ FA2DAA32BED908023272A0F77D625DAE ] SynTP          C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:36:47.0281 3640  SynTP - ok
12:36:47.0296 3640  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:36:47.0421 3640  sysaudio - ok
12:36:47.0515 3640  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog      C:\WINDOWS\system32\smlogsvc.exe
12:36:47.0625 3640  SysmonLog - ok
12:36:47.0687 3640  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv        C:\WINDOWS\System32\tapisrv.dll
12:36:47.0843 3640  TapiSrv - ok
12:36:47.0921 3640  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip          C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:36:47.0953 3640  Tcpip - ok
12:36:48.0046 3640  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:36:48.0156 3640  TDPIPE - ok
12:36:48.0171 3640  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP          C:\WINDOWS\system32\drivers\TDTCP.sys
12:36:48.0296 3640  TDTCP - ok
12:36:48.0312 3640  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:36:48.0437 3640  TermDD - ok
12:36:48.0484 3640  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService    C:\WINDOWS\System32\termsrv.dll
12:36:48.0625 3640  TermService - ok
12:36:48.0734 3640  [ 30698355067D07DA5F9EB81132C9FDD6 ] tfsnboio        C:\WINDOWS\system32\dla\tfsnboio.sys
12:36:48.0937 3640  tfsnboio ( UnsignedFile.Multi.Generic ) - warning
12:36:48.0937 3640  tfsnboio - detected UnsignedFile.Multi.Generic (1)
12:36:49.0031 3640  [ FB9D825BB4A2ABDF24600F7505050E2B ] tfsncofs        C:\WINDOWS\system32\dla\tfsncofs.sys
12:36:49.0109 3640  tfsncofs ( UnsignedFile.Multi.Generic ) - warning
12:36:49.0109 3640  tfsncofs - detected UnsignedFile.Multi.Generic (1)
12:36:49.0171 3640  [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33 ] tfsndrct        C:\WINDOWS\system32\dla\tfsndrct.sys
12:36:49.0265 3640  tfsndrct ( UnsignedFile.Multi.Generic ) - warning
12:36:49.0265 3640  tfsndrct - detected UnsignedFile.Multi.Generic (1)
12:36:49.0343 3640  [ D4400188782AA797598958969C9657D4 ] tfsndres        C:\WINDOWS\system32\dla\tfsndres.sys
12:36:49.0359 3640  tfsndres ( UnsignedFile.Multi.Generic ) - warning
12:36:49.0359 3640  tfsndres - detected UnsignedFile.Multi.Generic (1)
12:36:49.0359 3640  [ B92F67A71CC8176F331B8AA8D9F555AD ] tfsnifs        C:\WINDOWS\system32\dla\tfsnifs.sys
12:36:49.0375 3640  tfsnifs ( UnsignedFile.Multi.Generic ) - warning
12:36:49.0375 3640  tfsnifs - detected UnsignedFile.Multi.Generic (1)
12:36:49.0390 3640  [ 85985FAA9A71E2358FCC2EDEFC2A3C5C ] tfsnopio        C:\WINDOWS\system32\dla\tfsnopio.sys
12:36:49.0390 3640  tfsnopio ( UnsignedFile.Multi.Generic ) - warning
12:36:49.0390 3640  tfsnopio - detected UnsignedFile.Multi.Generic (1)
12:36:49.0406 3640  [ BBA22094F0F7C210567EFDAF11F64495 ] tfsnpool        C:\WINDOWS\system32\dla\tfsnpool.sys
12:36:49.0406 3640  tfsnpool ( UnsignedFile.Multi.Generic ) - warning
12:36:49.0406 3640  tfsnpool - detected UnsignedFile.Multi.Generic (1)
12:36:49.0421 3640  [ 81340BEF80B9811E98CE64611E67E3FF ] tfsnudf        C:\WINDOWS\system32\dla\tfsnudf.sys
12:36:49.0437 3640  tfsnudf ( UnsignedFile.Multi.Generic ) - warning
12:36:49.0437 3640  tfsnudf - detected UnsignedFile.Multi.Generic (1)
12:36:49.0437 3640  [ C035FD116224CCC8325F384776B6A8BB ] tfsnudfa        C:\WINDOWS\system32\dla\tfsnudfa.sys
12:36:49.0453 3640  tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
12:36:49.0453 3640  tfsnudfa - detected UnsignedFile.Multi.Generic (1)
12:36:49.0468 3640  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:36:49.0484 3640  Themes - ok
12:36:49.0515 3640  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr        C:\WINDOWS\system32\tlntsvr.exe
12:36:49.0656 3640  TlntSvr - ok
12:36:49.0671 3640  [ D213A9247DC347F305A2D4CC9B951487 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
12:36:49.0796 3640  TosIde - ok
12:36:49.0828 3640  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:36:49.0953 3640  TrkWks - ok
12:36:49.0984 3640  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:36:50.0109 3640  Udfs - ok
12:36:50.0109 3640  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra          C:\WINDOWS\system32\DRIVERS\ultra.sys
12:36:50.0171 3640  ultra - ok
12:36:50.0218 3640  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:36:50.0343 3640  Update - ok
12:36:50.0390 3640  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:36:50.0531 3640  upnphost - ok
12:36:50.0562 3640  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS            C:\WINDOWS\System32\ups.exe
12:36:50.0671 3640  UPS - ok
12:36:50.0703 3640  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
12:36:50.0843 3640  usbaudio - ok
12:36:50.0859 3640  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp        C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:36:50.0968 3640  usbccgp - ok
12:36:51.0015 3640  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci        C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:36:51.0140 3640  usbehci - ok
12:36:51.0156 3640  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:36:51.0281 3640  usbhub - ok
12:36:51.0312 3640  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:36:51.0421 3640  usbprint - ok
12:36:51.0453 3640  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan        C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:36:51.0578 3640  usbscan - ok
12:36:51.0593 3640  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR        C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:36:51.0718 3640  USBSTOR - ok
12:36:51.0796 3640  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci        C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:36:51.0921 3640  usbuhci - ok
12:36:51.0921 3640  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave        C:\WINDOWS\System32\drivers\vga.sys
12:36:52.0031 3640  VgaSave - ok
12:36:52.0062 3640  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:36:52.0203 3640  viaagp - ok
12:36:52.0234 3640  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
12:36:52.0343 3640  ViaIde - ok
12:36:52.0375 3640  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap        C:\WINDOWS\system32\drivers\VolSnap.sys
12:36:52.0500 3640  VolSnap - ok
12:36:52.0546 3640  [ 68F106273BE29E7B7EF8266977268E78 ] VSS            C:\WINDOWS\System32\vssvc.exe
12:36:52.0687 3640  VSS - ok
12:36:52.0718 3640  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] w32time        C:\WINDOWS\system32\w32time.dll
12:36:52.0843 3640  w32time - ok
12:36:52.0859 3640  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:36:52.0984 3640  Wanarp - ok
12:36:52.0984 3640  WDICA - ok
12:36:53.0031 3640  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:36:53.0171 3640  wdmaud - ok
12:36:53.0203 3640  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient      C:\WINDOWS\System32\webclnt.dll
12:36:53.0359 3640  WebClient - ok
12:36:53.0406 3640  [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:36:53.0453 3640  winachsf - ok
12:36:53.0578 3640  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt        C:\WINDOWS\system32\wbem\WMIsvc.dll
12:36:53.0750 3640  winmgmt - ok
12:36:53.0843 3640  [ 22516ED8E0D89323D4E0D9CCC2848819 ] WLANKEEPER      C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
12:36:53.0859 3640  WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning
12:36:53.0859 3640  WLANKEEPER - detected UnsignedFile.Multi.Generic (1)
12:36:53.0890 3640  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
12:36:54.0015 3640  WmdmPmSN - ok
12:36:54.0078 3640  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi            C:\WINDOWS\System32\advapi32.dll
12:36:54.0140 3640  Wmi - ok
12:36:54.0171 3640  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi        C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:36:54.0281 3640  WmiAcpi - ok
12:36:54.0328 3640  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:36:54.0453 3640  WmiApSrv - ok
12:36:54.0562 3640  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc  C:\Programme\Windows Media Player\WMPNetwk.exe
12:36:54.0625 3640  WMPNetworkSvc - ok
12:36:54.0671 3640  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL        C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:36:54.0812 3640  WS2IFSL - ok
12:36:54.0859 3640  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:36:54.0968 3640  wscsvc - ok
12:36:55.0000 3640  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:36:55.0140 3640  WSTCODEC - ok
12:36:55.0156 3640  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:36:55.0265 3640  wuauserv - ok
12:36:55.0312 3640  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:36:55.0375 3640  WudfPf - ok
12:36:55.0406 3640  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:36:55.0421 3640  WudfRd - ok
12:36:55.0437 3640  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc        C:\WINDOWS\System32\WUDFSvc.dll
12:36:55.0484 3640  WudfSvc - ok
12:36:55.0546 3640  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:36:55.0671 3640  WZCSVC - ok
12:36:55.0718 3640  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov        C:\WINDOWS\System32\xmlprov.dll
12:36:55.0843 3640  xmlprov - ok
12:36:55.0859 3640  ================ Scan global ===============================
12:36:55.0890 3640  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
12:36:55.0953 3640  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
12:36:55.0953 3640  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
12:36:55.0968 3640  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
12:36:55.0968 3640  [Global] - ok
12:36:55.0984 3640  ================ Scan MBR ==================================
12:36:56.0000 3640  [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
12:36:56.0312 3640  \Device\Harddisk0\DR0 - ok
12:36:56.0312 3640  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR5
12:36:56.0437 3640  \Device\Harddisk1\DR5 - ok
12:36:56.0437 3640  ================ Scan VBR ==================================
12:36:56.0437 3640  [ A2FD57E384E3BDAB42CA942C0127AAF7 ] \Device\Harddisk0\DR0\Partition1
12:36:56.0437 3640  \Device\Harddisk0\DR0\Partition1 - ok
12:36:56.0453 3640  [ 100451F8A5D73907789C377AB0450022 ] \Device\Harddisk1\DR5\Partition1
12:36:56.0453 3640  \Device\Harddisk1\DR5\Partition1 - ok
12:36:56.0453 3640  ============================================================
12:36:56.0453 3640  Scan finished
12:36:56.0453 3640  ============================================================
12:36:56.0562 1284  Detected object count: 25
12:36:56.0562 1284  Actual detected object count: 25
12:37:44.0671 1284  AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0671 1284  AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0671 1284  APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0671 1284  APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0671 1284  drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0671 1284  drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0671 1284  drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0671 1284  drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0671 1284  DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0671 1284  DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0671 1284  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0671 1284  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0687 1284  JMP License Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0687 1284  JMP License Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0687 1284  omci ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0687 1284  omci ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0687 1284  Packet ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0687 1284  Packet ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0687 1284  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0687 1284  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0687 1284  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0687 1284  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0703 1284  S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0703 1284  S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0703 1284  s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0703 1284  s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0703 1284  sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0703 1284  sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0703 1284  ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0703 1284  ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0703 1284  tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0703 1284  tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0718 1284  tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0718 1284  tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0718 1284  tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0718 1284  tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0718 1284  tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0718 1284  tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0718 1284  tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0718 1284  tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0718 1284  tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0734 1284  tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0734 1284  tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0734 1284  tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0734 1284  tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0734 1284  tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0734 1284  tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0734 1284  tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:37:44.0734 1284  WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:44.0734 1284  WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 19.09.2012 16:04
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

snoop999 19.09.2012 21:04
Combofix Logfile:
Code:
ComboFix 12-09-18.07 - xxx 19.09.2012  21:53:38.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1471 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\xxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\xxx\4.0
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-19 bis 2012-09-19  ))))))))))))))))))))))))))))))
.
.
2012-09-16 17:39 . 2012-09-16 17:39        --------        d-----w-        C:\_OTL
2012-09-13 08:45 . 2012-09-13 08:45        --------        d-----w-        c:\programme\Gemeinsame Dateien\Skype
2012-09-13 08:45 . 2012-09-13 08:45        --------        d-----r-        c:\programme\Skype
2012-09-05 08:15 . 2012-09-05 08:15        --------        d-----w-        c:\programme\ESET
2012-09-02 14:47 . 2012-09-02 14:47        --------        d-----w-        c:\dokumente und einstellungen\xxx\SystemRequirementsLab
2012-08-31 22:05 . 2012-08-31 22:05        --------        d-----w-        c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Sun
2012-08-31 08:06 . 2012-08-31 08:05        821736        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-08-31 08:05 . 2012-08-31 08:05        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2012-08-29 17:14 . 2012-08-29 17:14        --------        d-----w-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\Malwarebytes
2012-08-29 17:14 . 2012-08-29 17:14        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-08-29 17:14 . 2012-09-12 08:16        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-08-29 17:14 . 2012-09-07 15:04        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-08-29 15:57 . 2012-08-29 16:00        --------        d-----w-        c:\programme\Spybot - Search & Destroy
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 08:05 . 2010-05-13 17:12        746984        ----a-w-        c:\windows\system32\deployJava1.dll
2012-08-31 08:05 . 2007-05-17 08:26        143872        ----a-w-        c:\windows\system32\javacpl.cpl
2012-08-22 18:52 . 2012-06-23 13:00        696520        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-08-22 18:52 . 2011-05-16 07:22        73416        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:59 . 2004-08-13 12:40        78336        ----a-w-        c:\windows\system32\browser.dll
2012-07-04 14:05 . 2004-08-13 12:51        139784        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:25 . 2004-08-13 12:40        1866240        ----a-w-        c:\windows\system32\win32k.sys
2012-07-02 17:39 . 2004-08-13 12:40        916992        ----a-w-        c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2004-08-13 12:40        43520        ------w-        c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2004-08-13 12:40        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-13 12:40        385024        ------w-        c:\windows\system32\html.iec
2012-09-07 09:48 . 2012-09-07 09:48        266720        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"NVHotkey"="nvHotkey.dll" [2006-03-21 73728]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"OpwareSE2"="c:\programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"Skype"="c:\programme\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Corel Photo Downloader"=c:\programme\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
"PCMService"="c:\programme\Dell\MediaDirect\PCMService.exe"
"CTSVolFE.exe"="c:\programme\Creative\Mixer\CTSVolFE.exe" /r
"dla"=c:\windows\system32\dla\tfswctrl.exe
"nwiz"=nwiz.exe /installquiet
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"OpwareSE2"="c:\programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"SigmatelSysTrayApp"=stsystra.exe
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\VistaCodecPack\\filters\\ac3config.exe"=
"c:\\Programme\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Programme\\Mirc\\mirc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [20.07.2012 13:14 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [20.07.2012 13:14 86224]
R2 AntiVirWebService;Avira Browser Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [20.07.2012 13:14 465360]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [12.09.2012 00:05 399432]
S2 gupdate1c9e3af68a3f28e;Google Update Service (gupdate1c9e3af68a3f28e);c:\programme\Google\Update\GoogleUpdate.exe [02.06.2009 20:24 133104]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [29.08.2012 19:14 676936]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 13:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [23.06.2012 15:00 250568]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [02.06.2009 20:24 133104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29.08.2012 19:14 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [18.07.2012 00:55 114144]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [13.08.2004 14:40 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper        REG_MULTI_SZ          nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 18:52]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-02 18:24]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-02 18:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN01893581694779-1079&toolbarId=base&affiliateId=1025&Lan={dfltLng}&utid=1405ac500000000000000019d27abaa5&q=
FF - user.js: extensions.zonealarm.id - 1405ac500000000000000019d27abaa5
FF - user.js: extensions.zonealarm.instlDay - 15512
FF - user.js: extensions.zonealarm.vrsn - 1.5.24.4
FF - user.js: extensions.zonealarm.vrsni - 1.5.24.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.24.420:05
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1025
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN01893581694779-1079
FF - user.js: extensions.zonealarm.dfltLng - de
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
AddRemove-Easy-WebPrint - c:\windows\IsUn0407.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-19 21:58
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(1760)
c:\programme\Avira\AntiVir Desktop\avsda.dll
.
Zeit der Fertigstellung: 2012-09-19  22:01:03
ComboFix-quarantined-files.txt  2012-09-19 20:01
.
Vor Suchlauf: 15 Verzeichnis(se), 36.994.969.600 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 37.169.143.808 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8CD76E972F682706D156AF0F67628DAA
--- --- ---

cosinus 20.09.2012 11:37
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
Firefox::
FF - ProfilePath - c:\dokumente und einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - http://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN01893581694779-1079&toolbarId=base&affiliateId=1025&Lan={dfltLng}&utid=1405ac500000000000000019d27abaa5&q=
FF - user.js: extensions.zonealarm.id - 1405ac500000000000000019d27abaa5
FF - user.js: extensions.zonealarm.instlDay - 15512
FF - user.js: extensions.zonealarm.vrsn - 1.5.24.4
FF - user.js: extensions.zonealarm.vrsni - 1.5.24.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.24.420:05
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1025
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN01893581694779-1079
FF - user.js: extensions.zonealarm.dfltLng - de
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

snoop999 20.09.2012 12:51
Combofix Logfile:
Code:
ComboFix 12-09-18.07 - xxx 20.09.2012  13:40:48.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1502 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\xxx\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\xxx\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-20 bis 2012-09-20  ))))))))))))))))))))))))))))))
.
.
2012-09-16 17:39 . 2012-09-16 17:39        --------        d-----w-        C:\_OTL
2012-09-13 08:45 . 2012-09-13 08:45        --------        d-----w-        c:\programme\Gemeinsame Dateien\Skype
2012-09-13 08:45 . 2012-09-13 08:45        --------        d-----r-        c:\programme\Skype
2012-09-05 08:15 . 2012-09-05 08:15        --------        d-----w-        c:\programme\ESET
2012-09-02 14:47 . 2012-09-02 14:47        --------        d-----w-        c:\dokumente und einstellungen\xxx\SystemRequirementsLab
2012-08-31 22:05 . 2012-08-31 22:05        --------        d-----w-        c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Sun
2012-08-31 08:06 . 2012-08-31 08:05        821736        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-08-31 08:05 . 2012-08-31 08:05        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2012-08-29 17:14 . 2012-08-29 17:14        --------        d-----w-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\Malwarebytes
2012-08-29 17:14 . 2012-08-29 17:14        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-08-29 17:14 . 2012-09-12 08:16        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-08-29 17:14 . 2012-09-07 15:04        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-08-29 15:57 . 2012-08-29 16:00        --------        d-----w-        c:\programme\Spybot - Search & Destroy
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 08:05 . 2010-05-13 17:12        746984        ----a-w-        c:\windows\system32\deployJava1.dll
2012-08-31 08:05 . 2007-05-17 08:26        143872        ----a-w-        c:\windows\system32\javacpl.cpl
2012-08-22 18:52 . 2012-06-23 13:00        696520        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-08-22 18:52 . 2011-05-16 07:22        73416        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:59 . 2004-08-13 12:40        78336        ----a-w-        c:\windows\system32\browser.dll
2012-07-04 14:05 . 2004-08-13 12:51        139784        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:25 . 2004-08-13 12:40        1866240        ----a-w-        c:\windows\system32\win32k.sys
2012-07-02 17:39 . 2004-08-13 12:40        916992        ----a-w-        c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2004-08-13 12:40        43520        ------w-        c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2004-08-13 12:40        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-13 12:40        385024        ------w-        c:\windows\system32\html.iec
2012-09-07 09:48 . 2012-09-07 09:48        266720        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-09-19_19.58.53  )))))))))))))))))))))))))))))))))))))))))
.
- 2012-09-19 19:11 . 2012-09-19 19:11        16384              c:\windows\Temp\Perflib_Perfdata_790.dat
+ 2012-09-20 06:03 . 2012-09-20 06:03        16384              c:\windows\Temp\Perflib_Perfdata_790.dat
+ 2007-03-19 21:21 . 2012-09-20 08:54        99653              c:\windows\system32\nvModes.dat
- 2007-03-19 21:21 . 2012-09-19 12:01        99653              c:\windows\system32\nvModes.dat
+ 2012-09-20 06:39 . 2012-09-20 06:39        22016              c:\windows\Installer\20f362.msi
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"NVHotkey"="nvHotkey.dll" [2006-03-21 73728]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"OpwareSE2"="c:\programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"Skype"="c:\programme\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Corel Photo Downloader"=c:\programme\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
"PCMService"="c:\programme\Dell\MediaDirect\PCMService.exe"
"CTSVolFE.exe"="c:\programme\Creative\Mixer\CTSVolFE.exe" /r
"dla"=c:\windows\system32\dla\tfswctrl.exe
"nwiz"=nwiz.exe /installquiet
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"OpwareSE2"="c:\programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"SigmatelSysTrayApp"=stsystra.exe
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\VistaCodecPack\\filters\\ac3config.exe"=
"c:\\Programme\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Programme\\Mirc\\mirc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [20.07.2012 13:14 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [20.07.2012 13:14 86224]
R2 AntiVirWebService;Avira Browser Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [20.07.2012 13:14 465360]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [12.09.2012 00:05 399432]
S2 gupdate1c9e3af68a3f28e;Google Update Service (gupdate1c9e3af68a3f28e);c:\programme\Google\Update\GoogleUpdate.exe [02.06.2009 20:24 133104]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [29.08.2012 19:14 676936]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 13:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [23.06.2012 15:00 250568]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [02.06.2009 20:24 133104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29.08.2012 19:14 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [18.07.2012 00:55 114144]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [13.08.2004 14:40 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper        REG_MULTI_SZ          nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 18:52]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-02 18:24]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-02 18:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\g9pmis6d.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-20 13:47
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(2020)
c:\programme\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(3268)
c:\programme\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\programme\Creative\Creative Zen Touch\NOMAD Explorer\CTJBNS.DLL
c:\programme\Creative\Creative Zen Touch\NOMAD Explorer\JBNSHK.dll
c:\programme\Creative\Creative Zen Touch\NOMAD Explorer\CTIntrfc.dll
c:\programme\Creative\Creative Zen Touch\NOMAD Explorer\JBNSRES.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2012-09-20  13:49:03
ComboFix-quarantined-files.txt  2012-09-20 11:49
ComboFix2.txt  2012-09-19 20:01
.
Vor Suchlauf: 16 Verzeichnis(se), 37.116.276.736 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 37.087.072.256 Bytes frei
.
- - End Of File - - 990AC9C114BB82BBA53671988ACE72C5
--- --- ---

cosinus 20.09.2012 19:28
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

snoop999 20.09.2012 23:27
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-21 00:24:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541616J9SA00 rev.SB4OC74P
Running: 3uxn2hrl.exe; Driver: C:\DOKUME~1\xxx\LOKALE~1\Temp\pxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT            BA6B7F84                                            ZwClose
SSDT            BA6B7F3E                                            ZwCreateKey
SSDT            BA6B7F8E                                            ZwCreateSection
SSDT            BA6B7F34                                            ZwCreateThread
SSDT            BA6B7F43                                            ZwDeleteKey
SSDT            BA6B7F4D                                            ZwDeleteValueKey
SSDT            BA6B7F7F                                            ZwDuplicateObject
SSDT            BA6B7F52                                            ZwLoadKey
SSDT            BA6B7F20                                            ZwOpenProcess
SSDT            BA6B7F25                                            ZwOpenThread
SSDT            BA6B7FA7                                            ZwQueryValueKey
SSDT            BA6B7F5C                                            ZwReplaceKey
SSDT            BA6B7F98                                            ZwRequestWaitReplyPort
SSDT            BA6B7F57                                            ZwRestoreKey
SSDT            BA6B7F93                                            ZwSetContextThread
SSDT            BA6B7F9D                                            ZwSetSecurityObject
SSDT            BA6B7F48                                            ZwSetValueKey
SSDT            BA6B7FA2                                            ZwSystemDebugControl
SSDT            BA6B7F2F                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\system32\DRIVERS\nv4_mini.sys            section is writeable [0xB95DA380, 0x21FC8D, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0            SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1            SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer  tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer  tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer      tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer    tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer  tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Cdfs \Cdfs                              tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
--- --- ---


OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:37:18 on 21.09.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BACSCPL.cpl" - ? - C:\WINDOWS\system32\BACSCPL.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"stacgui.cpl" - "SigmaTel, Inc." - C:\WINDOWS\system32\stacgui.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.6.0.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"APPDRV" (APPDRV) - "Dell Inc" - C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
"Auto Internet Protocol" (Packet) - "SingleClick Systems" - C:\WINDOWS\System32\DRIVERS\packet.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\DOKUME~1\xxx\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"drvmcdb" (drvmcdb) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\drvmcdb.sys
"drvnddm" (drvnddm) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\drvnddm.sys
"DSproct" (DSproct) - "GTek Technologies Ltd." - C:\Programme\Dell Support\GTAction\triggers\DSproct.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"OMCI WDM Device Driver" (omci) - "Dell Inc" - C:\WINDOWS\System32\DRIVERS\omci.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"pxtdypog" (pxtdypog) - ? - C:\DOKUME~1\xxx\LOKALE~1\Temp\pxtdypog.sys  (Hidden registry entry, rootkit activity | File not found)
"sscdbhk5" (sscdbhk5) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\sscdbhk5.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"ssrtln" (ssrtln) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\ssrtln.sys
"tfsnboio" (tfsnboio) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnboio.sys
"tfsncofs" (tfsncofs) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsncofs.sys
"tfsndrct" (tfsndrct) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsndrct.sys
"tfsndres" (tfsndres) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsndres.sys
"tfsnifs" (tfsnifs) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnifs.sys
"tfsnopio" (tfsnopio) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnopio.sys
"tfsnpool" (tfsnpool) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnpool.sys
"tfsnudf" (tfsnudf) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnudf.sys
"tfsnudfa" (tfsnudfa) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnudfa.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Programme\VistaCodecPack\filters\mmfinfo.dll  (File found, but it contains no detailed information)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - "The Document Foundation" - C:\Programme\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswshx.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Programme\VistaCodecPack\filters\mmfinfo.dll  (File found, but it contains no detailed information)
{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Programme\VistaCodecPack\filters\mmfinfo.dll  (File found, but it contains no detailed information)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Programme\VistaCodecPack\filters\mmfinfo.dll  (File found, but it contains no detailed information)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? -  (File not found | COM-object registry key not found)
{A68865DD-EE3C-4442-9BE9-1BAB2576E3FA} "NOMAD Explorer" - "Creative Technology Ltd" - C:\Programme\Creative\Creative Zen Touch\NOMAD Explorer\CTJBNS.DLL
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - "The Document Foundation" - C:\Programme\LibreOffice 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? -  (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} "get_atlcom Class" - "NOS Microsystems Ltd." - C:\WINDOWS\Downloaded Program Files\gp.ocx / hxxp://www.adobe.com/products/acrobat/nos/gp.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll / hxxp://snoop999.spaces.live.com//PhotoUpload/MsnPUpld.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342088690281
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_271.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204
{7FC1B346-83E6-4774-8D20-1A6B09B0E737} "Windows Live Photo Upload Control" - "Microsoft® Corporation" - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll / hxxp://snoop999.spaces.live.com/PhotoUpload/MsnPUpld.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
"ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe  (File not found)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Programme\BAE\BAE.dll
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswshx.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"msnmsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"IntelWireless" - "Intel Corporation" - "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
"IntelZeroConfig" - "Intel Corporation" - "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
"ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"NVHotkey" - "NVIDIA Corporation" - rundll32.exe nvHotkey.dll,Start
"OpwareSE2" - "ScanSoft, Inc." - "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"pdfcmon" - "pdfforge GbR" - C:\WINDOWS\system32\pdfcmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Advanced Networking Service" (hnmsvc) - "SingleClick Systems" - C:\Programme\Dell Network Assistant\hnm_svc.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"getPlus(R) Helper 3004" (nosGetPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper_3004.dll
"Google Update Service (gupdate1c9e3af68a3f28e)" (gupdate1c9e3af68a3f28e) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"Intel(R) PROSet/Wireless SSO Service" (WLANKEEPER) - "Intel(R) Corporation" - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
"Java Quick Starter" (JavaQuickStarterService) - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jqs.exe
"JMP License Service" (JMP License Service) - "SAS Institute Inc." - C:\Programme\Gemeinsame Dateien\SAS Institute Inc Shared\Service\JMPLicSvc.exe
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Programme\Skype\Updater\Updater.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

[/code]

Ich hatte beim Booten eine Meldung, die ich noch nicht kannte: noch vor dem Öffnen des Benutzerkontos mit Passwort fand ich den Hinweis, dass es in diesem Benutzerkonto eine ungelesene Mail gibt (was auch stimmte). Hat das mit den Aktionen zu tun, die ich bereits gemacht habe? Und der IE ist wieder als Standardbrowser eingestellt, was bei den aktuellen Meldungen nicht meine erste Wahl ist.

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-21 00:43:02
-----------------------------
00:43:02.718    OS Version: Windows 5.1.2600 Service Pack 3
00:43:02.718    Number of processors: 2 586 0xF06
00:43:02.718    ComputerName: MOBIL  UserName:
00:43:03.500    Initialize success
01:02:18.136    AVAST engine defs: 12092001
01:03:15.202    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
01:03:15.202    Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC74P Size: 152627MB BusType: 3
01:03:15.295    Disk 0 MBR read successfully
01:03:15.295    Disk 0 MBR scan
01:03:15.342    Disk 0 unknown MBR code
01:03:15.389    Disk 0 Partition 1 00    DE Dell Utility Dell 8.0      78 MB offset 63
01:03:15.405    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      147416 MB offset 160650
01:03:15.420    Disk 0 Partition - 00    0F Extended LBA              2047 MB offset 302086260
01:03:15.483    Disk 0 Partition 3 00    DB  CP/M / CTOS Dell 8.0    3074 MB offset 306279225
01:03:15.561    Disk 0 Partition 4 00    DD              MSDOS5.0    2047 MB offset 302086323
01:03:15.608    Disk 0 scanning sectors +312576705
01:03:15.889    Disk 0 scanning C:\WINDOWS\system32\drivers
01:04:25.466    Service scanning
01:04:52.325    Modules scanning
01:05:50.591    Disk 0 trace - called modules:
01:05:50.622    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
01:05:50.622    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a755ab8]
01:05:50.622    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8a7c5510]
01:05:50.622    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7c4940]
01:05:51.263    AVAST engine scan C:\WINDOWS
01:06:09.528    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\xxx\Desktop\MBR.dat"
01:06:09.528    The log file has been saved successfully to "C:\Dokumente und Einstellungen\xxx\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-21 11:11:28
-----------------------------
11:11:28.953    OS Version: Windows 5.1.2600 Service Pack 3
11:11:28.953    Number of processors: 2 586 0xF06
11:11:28.953    ComputerName: MOBIL  UserName:
11:11:29.781    Initialize success
11:11:48.968    AVAST engine defs: 12092001
11:11:59.218    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:11:59.218    Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC74P Size: 152627MB BusType: 3
11:11:59.265    Disk 0 MBR read successfully
11:11:59.265    Disk 0 MBR scan
11:11:59.375    Disk 0 unknown MBR code
11:11:59.375    Disk 0 Partition 1 00    DE Dell Utility Dell 8.0      78 MB offset 63
11:11:59.421    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      147416 MB offset 160650
11:11:59.453    Disk 0 Partition - 00    0F Extended LBA              2047 MB offset 302086260
11:11:59.468    Disk 0 Partition 3 00    DB  CP/M / CTOS Dell 8.0    3074 MB offset 306279225
11:11:59.562    Disk 0 Partition 4 00    DD              MSDOS5.0    2047 MB offset 302086323
11:11:59.703    Disk 0 scanning sectors +312576705
11:11:59.921    Disk 0 scanning C:\WINDOWS\system32\drivers
11:12:44.796    Service scanning
11:13:14.609    Modules scanning
11:13:43.187    Disk 0 trace - called modules:
11:13:43.218    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
11:13:43.218    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7beab8]
11:13:43.234    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8a792f18]
11:13:43.234    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7b2d98]
11:13:43.953    AVAST engine scan C:\WINDOWS
11:14:00.187    AVAST engine scan C:\WINDOWS\system32
11:18:31.640    AVAST engine scan C:\WINDOWS\system32\drivers
11:18:57.921    AVAST engine scan C:\Dokumente und Einstellungen\xxx
11:24:15.593    File: C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Downloads\incredimail_install.exe  **INFECTED** Win32:Adware-gen [Adw]
11:37:14.078    AVAST engine scan C:\Dokumente und Einstellungen\All Users
11:38:52.781    Scan finished successfully
11:39:14.078    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\xxx\Desktop\MBR.dat"
11:39:14.125    The log file has been saved successfully to "C:\Dokumente und Einstellungen\xxx\Desktop\aswMBR.txt"

cosinus 21.09.2012 14:57
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

snoop999 21.09.2012 18:31
Nach der Datensicherung???

ah ok, das habe ich schon erledigt, ich mache FixMBR.

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-21 19:39:17
-----------------------------
19:39:17.296    OS Version: Windows 5.1.2600 Service Pack 3
19:39:17.296    Number of processors: 2 586 0xF06
19:39:17.296    ComputerName: MOBIL  UserName:
19:39:18.125    Initialize success
19:39:34.656    AVAST engine defs: 12092001
19:39:38.140    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:39:38.140    Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC74P Size: 152627MB BusType: 3
19:39:38.156    Disk 0 MBR read successfully
19:39:38.156    Disk 0 MBR scan
19:39:38.187    Disk 0 Windows XP default MBR code
19:39:38.187    Disk 0 Partition 1 00    DE Dell Utility Dell 8.0      78 MB offset 63
19:39:38.218    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      147416 MB offset 160650
19:39:38.218    Disk 0 Partition - 00    0F Extended LBA              2047 MB offset 302086260
19:39:38.250    Disk 0 Partition 3 00    DB  CP/M / CTOS Dell 8.0    3074 MB offset 306279225
19:39:38.281    Disk 0 Partition 4 00    DD              MSDOS5.0    2047 MB offset 302086323
19:39:38.281    Disk 0 scanning sectors +312576705
19:39:38.421    Disk 0 scanning C:\WINDOWS\system32\drivers
19:39:55.078    Service scanning
19:40:23.843    Modules scanning
19:40:31.890    Disk 0 trace - called modules:
19:40:31.921    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:40:31.921    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7c4ab8]
19:40:31.921    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8a7a2510]
19:40:31.921    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7c7940]
19:40:32.859    AVAST engine scan C:\WINDOWS
19:40:45.343    AVAST engine scan C:\WINDOWS\system32
19:44:06.640    AVAST engine scan C:\WINDOWS\system32\drivers
19:44:30.671    AVAST engine scan C:\Dokumente und Einstellungen\xxx
19:48:03.578    File: C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Downloads\incredimail_install.exe  **INFECTED** Win32:Adware-gen [Adw]
19:59:16.718    AVAST engine scan C:\Dokumente und Einstellungen\All Users
20:00:52.718    Scan finished successfully
20:04:23.343    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\xxx\Desktop\MBR.dat"
20:04:23.343    The log file has been saved successfully to "C:\Dokumente und Einstellungen\xxx\Desktop\aswMBR.txt"


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:10 Uhr.
Seite 3 von 4 12 3 4
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131