Trojaner-Board - Webseite kann nicht angezeigt werden

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Webseite kann nicht angezeigt werden (https://www.trojaner-board.de/124286-webseite-angezeigt.html)

Webseite kann nicht angezeigt werden

Habe ein Problem, dasss hier augenscheinlich schon diskutiert wurde, Beim Besuch einer schönen Internetseite musste ich einen plötzlichen Abbruch verzeichnen. Beim Neustart taucht nur (zu kurz) der Desktop auf, Task-Manager kommt auch nur kurz. Rechner ist im abgesicherten Modus (mit Netzwerk?) hoch gefahren. Virenscanner (Avast) findet aber nichts...

Was ist zu tun?

OTL schmeißt nur ein Textfile aus:OTL Logfile:

Code:

OTL logfile created on: 18.9.2012 22:22:20 - Run 4

OTL by OldTimer - Version 3.2.63.0     Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy

 

2,94 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 79,80% Memory free

4,79 Gb Paging File | 4,36 Gb Available in Paging File | 91,12% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 89,43 Gb Total Space | 74,60 Gb Free Space | 83,42% Space Free | Partition Type: NTFS

 

Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator.

Cannot determine boot mode. | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.09.18 21:48:21 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\OTL.exe

PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe

PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe

PRC - [2012.08.05 19:58:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2012.04.23 21:06:09 | 000,114,240 | ---- | M] (TODO: <Company name>) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe

PRC - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe

PRC - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe

PRC - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe

PRC - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) -- C:\Programme\Netwatch\NetWatch.exe

PRC - [2010.08.25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe

PRC - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe

PRC - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe

PRC - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe

PRC - [2009.01.16 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe

PRC - [2009.01.16 17:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe

PRC - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe

PRC - [2009.01.16 17:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\McTray.exe

PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe

PRC - [2008.04.13 22:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.09.18 10:09:22 | 001,810,944 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091801\algo.dll

MOD - [2012.08.21 09:21:38 | 001,802,240 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12082100\algo.dll

MOD - [2012.08.05 19:58:18 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2010.07.30 19:05:28 | 002,860,384 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll

MOD - [2010.02.17 12:20:36 | 000,065,576 | R--- | M] () -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll

MOD - [2009.04.29 21:07:00 | 000,148,816 | ---- | M] () -- C:\Programme\McAfee\VirusScan Enterprise\vsevntui.dll

MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU

MOD - [2009.01.16 17:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll

MOD - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe

MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012.08.05 19:58:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.04.29 13:14:11 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.04.23 21:06:09 | 000,114,240 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)

SRV - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)

SRV - [2011.05.23 12:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)

SRV - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)

SRV - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe -- (WMCoreService)

SRV - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) [Auto | Running] -- C:\Programme\Netwatch\NetWatch.exe -- (NetWatch)

SRV - [2010.08.25 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)

SRV - [2010.08.25 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)

SRV - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)

SRV - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)

SRV - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\User\LOKALE~1\Temp\fflciuob.sys -- (fflciuob)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1e5132.sys -- (e1express)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011.05.27 11:06:16 | 001,970,726 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2011.05.13 21:51:18 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2011.03.08 11:25:58 | 000,144,984 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)

DRV - [2011.02.28 15:24:02 | 000,087,592 | R--- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\h36wgps.sys -- (h36wgps)

DRV - [2011.02.11 14:46:36 | 000,149,960 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys -- (Mbm4NUn)

DRV - [2011.02.11 14:46:36 | 000,138,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys -- (Mbm4mdm)

DRV - [2011.02.11 14:46:36 | 000,132,808 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys -- (Mbm4mgmt)

DRV - [2011.02.11 14:46:36 | 000,024,904 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys -- (Mbm4NNd5)

DRV - [2011.02.11 14:46:34 | 000,122,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4bus.sys -- (Mbm4bus)

DRV - [2011.02.11 14:46:34 | 000,014,920 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys -- (Mbm4mdfl)

DRV - [2011.02.09 14:26:44 | 000,023,640 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci)

DRV - [2011.01.06 14:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)

DRV - [2011.01.06 14:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2010.12.21 01:27:06 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)

DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)

DRV - [2010.10.15 01:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)

DRV - [2010.09.02 09:41:18 | 002,699,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2010.08.25 21:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2010.08.25 21:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2010.08.25 21:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2010.08.25 21:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2010.08.25 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)

DRV - [2010.08.25 21:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2010.07.22 23:52:36 | 000,932,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2010.07.22 23:52:30 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2010.01.26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2009.04.21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)

DRV - [2008.07.23 11:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)

DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)

DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ewe.de/

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ewe.de/

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{5D55F36D-DE86-4F4A-AD35-65AC5342BF52}: "URL" = hxxp://de.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.2.2

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.18 20:47:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.05 19:58:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

 

[2012.04.16 21:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions

[2012.08.05 11:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions

[2012.08.04 22:30:10 | 000,021,674 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\addon@defaulttab.com.xpi

[2012.08.05 11:09:31 | 000,314,397 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi

[2012.04.23 21:12:27 | 000,002,036 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\search-here.xml

[2012.04.16 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.08.05 19:58:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: hxxp://www.google.com/

CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

 

O1 HOSTS File: ([2001.08.23 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Dokumente und Einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKCU..\Run: [uslzggirrwpdthg] C:\WINDOWS\uslzggir.exe ()

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 1

O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O15 - HKLM\..Trusted Domains: ewe.de ([gate] https in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9D581F-CC17-4ACE-B151-662E2C1ED90D}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C4ECB1-DF1F-47F5-AEE4-0BE78D45AF19}: DhcpNameServer = 10.160.34.1 10.160.34.2

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.03 05:19:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\laucher.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.09.18 20:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome

[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Programme\Google

[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google

[2012.09.18 20:47:28 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012.09.18 20:47:28 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012.09.18 20:47:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus

[2012.09.18 20:47:27 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012.09.18 20:47:27 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012.09.18 20:47:27 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012.09.18 20:47:27 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012.09.18 20:47:27 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012.09.18 20:47:27 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012.09.18 20:47:15 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012.09.18 20:47:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software

[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software

[2012.09.18 20:16:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC

[2012.09.18 19:51:18 | 000,000,000 | ---D | C] -- C:\QUARANTINE

[2012.09.18 19:51:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv

[2012.09.18 18:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\2012_09 Hamburg Arena Polo

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.09.18 21:57:01 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.09.18 21:57:00 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.09.18 21:49:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.09.18 21:45:43 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable

[2012.09.18 21:42:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.09.18 21:09:02 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job

[2012.09.18 20:55:12 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012.09.18 20:55:11 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012.09.18 20:52:44 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk

[2012.09.18 20:47:28 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk

[2012.09.18 20:31:21 | 000,531,650 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.09.18 20:31:21 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.09.18 20:31:21 | 000,107,066 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.09.18 20:31:21 | 000,089,478 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.09.18 20:26:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.09.18 20:22:02 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata

[2012.09.18 19:51:18 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf

[2012.09.18 19:51:08 | 000,080,896 | ---- | M] () -- C:\WINDOWS\uslzggir.exe

[2012.09.18 19:51:08 | 000,080,896 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\uslzggir.exe

[2012.09.18 19:51:08 | 000,080,896 | ---- | M] () -- C:\Dokumente und Einstellungen\User\ms.exe

[2012.09.18 18:52:46 | 000,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012.08.21 11:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.09.18 21:45:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable

[2012.09.18 20:52:44 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk

[2012.09.18 20:47:30 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.09.18 20:47:30 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.09.18 20:47:28 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk

[2012.09.18 20:47:27 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012.09.18 20:22:02 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata

[2012.09.18 19:51:17 | 000,080,896 | ---- | C] () -- C:\WINDOWS\uslzggir.exe

[2012.09.18 19:51:17 | 000,080,896 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\uslzggir.exe

[2012.09.18 19:51:08 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf

[2012.09.18 19:51:06 | 000,080,896 | ---- | C] () -- C:\Dokumente und Einstellungen\User\ms.exe

[2012.04.22 21:37:08 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.04.13 17:46:48 | 000,120,824 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2011.09.20 16:20:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2011.02.27 09:21:40 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin

[2011.02.27 09:21:40 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin

[2011.02.27 09:21:38 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin

[2011.02.27 09:00:22 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll

[2011.02.27 08:58:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config

 
 ========== ZeroAccess Check ==========

 

[2012.03.12 17:39:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 
 ========== LOP Check ==========

 

[2012.09.18 20:47:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software

[2012.09.18 19:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv

[2012.04.23 21:06:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\DefaultTab

[2012.04.25 08:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\FinalMediaPlayer

[2012.03.12 17:27:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Synaptics

[2012.09.18 20:55:12 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

[2012.09.18 21:09:02 | 000,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\Final Media Player Update Checker.job

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

GMER Logfile:

Code:

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover

Rootkit scan 2012-09-18 22:38:57

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.MH00

Running: dru1shox.exe; Driver: C:\DOKUME~1\User\LOKALE~1\Temp\fflciuob.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwAllocateVirtualMemory [0xA60297C8]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwClose [0xA60353B4]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwCreateKey [0xA60354AC]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwCreateSection [0xA6029BBA]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwDeleteKey [0xA6035240]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwDeleteValueKey [0xA6035148]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwDuplicateObject [0xA6034808]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwFreeVirtualMemory [0xA60298AC]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwOpenKey [0xA6034CE0]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwOpenProcess [0xA603470C]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwOpenThread [0xA603478A]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwProtectVirtualMemory [0xA6029A2C]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwQueryValueKey [0xA6034D7E]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwRenameKey [0xA603530E]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwRestoreKey [0xA60355E6]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwSetValueKey [0xA6034F7C]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwTerminateProcess [0xA6029AF6]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwWriteVirtualMemory [0xA6029962]
 

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwCreateProcessEx [0xA6041966]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwLoadDriver [0xA60418C4]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ObInsertObject

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ObMakeTemporaryObject
 

---- Kernel code sections - GMER 1.0.15 ----
 

PAGE            ntoskrnl.exe!ObInsertObject                                                                                            8056DA64 5 Bytes  JMP A6040320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE            ntoskrnl.exe!ZwCreateProcessEx                                                                                         8059056D 7 Bytes  JMP A604196A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE            ntoskrnl.exe!ZwLoadDriver                                                                                              805AEDE2 7 Bytes  JMP A60418C8 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE            ntoskrnl.exe!ObMakeTemporaryObject                                                                                     805E74E6 5 Bytes  JMP A603E806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\Programme\AVAST Software\Avast\AvastUI.exe[3328] ntdll.dll!RtlDosSearchPath_U + 1D1                                 7C9271CA 1 Byte  [62]

.text           C:\Programme\AVAST Software\Avast\AvastUI.exe[3328] kernel32.dll!GetBinaryTypeW + 80                                   7C868D8C 1 Byte  [62]

.text           C:\Programme\AVAST Software\Avast\AvastSvc.exe[3596] ntdll.dll!RtlDosSearchPath_U + 1D1                                7C9271CA 1 Byte  [62]

.text           C:\Programme\AVAST Software\Avast\AvastSvc.exe[3596] kernel32.dll!SetUnhandledExceptionFilter                          7C84495D 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }

.text           C:\Programme\AVAST Software\Avast\AvastSvc.exe[3596] kernel32.dll!GetBinaryTypeW + 80                                  7C868D8C 1 Byte  [62]

.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ntdll.dll!LdrLoadDll                   7C9263C3 5 Bytes  JMP 001501F8 

.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ntdll.dll!RtlDosSearchPath_U + 1D1     7C9271CA 1 Byte  [62]

.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ntdll.dll!LdrUnloadDll                 7C92738B 5 Bytes  JMP 001503FC 

.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] kernel32.dll!GetBinaryTypeW + 80       7C868D8C 1 Byte  [62]

.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!SetServiceObjectSecurity  77E06D81 5 Bytes  JMP 003E1014 

.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!ChangeServiceConfigA      77E06E69 5 Bytes  JMP 003E0804 

.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!ChangeServiceConfigW      77E07001 5 Bytes  JMP 003E0A08 

.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!ChangeServiceConfig2A     77E07101 5 Bytes  JMP 003E0C0C 

.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!ChangeServiceConfig2W     77E07189 5 Bytes  JMP 003E0E10 

.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!CreateServiceA            77E07211 5 Bytes  JMP 003E01F8 

.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!CreateServiceW            77E073A9 5 Bytes  JMP 003E03FC 

.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] ADVAPI32.dll!DeleteService             77E074B1 5 Bytes  JMP 003E0600 

.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] USER32.dll!SetWindowsHookExW           7E37820F 5 Bytes  JMP 003F0804 

.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] USER32.dll!UnhookWindowsHookEx         7E37D5F3 5 Bytes  JMP 003F0A08 

.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] USER32.dll!SetWindowsHookExA           7E381211 5 Bytes  JMP 003F0600 

.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] USER32.dll!SetWinEventHook             7E3817F7 5 Bytes  JMP 003F01F8 

.text           C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\dru1shox.exe[3612] USER32.dll!UnhookWinEvent              7E3818AC 5 Bytes  JMP 003F03FC 
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\WINDOWS\system32\services.exe[1172] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]          00770002

IAT             C:\WINDOWS\system32\services.exe[1172] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]                00770000

IAT             C:\Programme\AVAST Software\Avast\AvastUI.exe[3328] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]     [64C8F6D0] C:\Programme\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

IAT             C:\Programme\AVAST Software\Avast\AvastSvc.exe[3596] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]    [64C8F6D0] C:\Programme\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
 

---- Devices - GMER 1.0.15 ----
 

Device          \FileSystem\Ntfs \Ntfs                                                                                                 aswSP.SYS (avast! self protection module/AVAST Software)
 

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                                wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                                wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                              AswRdr.SYS (avast! TDI Redirect Driver/AVAST Software)
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Hi,

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die End Nutzer Lizenz.
Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls was schief geht.
Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.

Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Vielen Dank schon einmal für die schnelle Antwort: Log-Datei anbeiCombofix Logfile:

Code:

ComboFix 12-09-18.07 - User 19.09.2012  17:47:38.2.4 - x86 DSREPAIR

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3014.2565 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\User\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

.

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Vorheriger Suchlauf -------

.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\uslzggir.exe

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\addon.ico

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\amazon_ie.ico

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\bing.ico

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabBHO.dll

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabStart.exe

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabWrap.dll

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DT.ico

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DTUpdate.exe

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\facebook_ie.ico

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\google.ico

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\search_here_ie.ico

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\searchhere.ico

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\twitter_ie.ico

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\uninstalldt.exe

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\update.exe

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\wikipedia_ie.ico

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\yahoo.ico

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\yahoo_ie.ico

c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\youtube_ie.ico

c:\dokumente und einstellungen\User\Lokale Einstellungen\Temporary Internet Files\PMH1D.tmp

c:\dokumente und einstellungen\User\ms.exe

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_DefaultTabUpdate

-------\Legacy_DefaultTabUpdate

-------\Service_DefaultTabUpdate

-------\Service_DefaultTabUpdate

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-08-19 bis 2012-09-19  ))))))))))))))))))))))))))))))

.

.

2012-09-19 15:43 . 2012-09-19 15:43        --------        d-----w-        C:\avast! sandbox

2012-09-18 17:51 . 2012-09-18 17:51        --------        d-----w-        C:\QUARANTINE

2012-09-18 17:51 . 2012-09-18 17:51        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv

2012-09-18 17:51 . 2012-09-18 17:51        80896        ----a-w-        c:\windows\uslzggir.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-05 17:58 . 2012-04-16 19:54        136672        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2009-06-02 . 81D2A1B309552DBBB88D1A041CB4A620 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-08-21 09:12        121528        ----a-w-        c:\programme\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uslzggirrwpdthg"="c:\windows\uslzggir.exe" [2012-09-18 80896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2011-04-18 2209064]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-21 737280]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 141656]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 181592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 165720]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"McAfeeUpdaterUI"="c:\programme\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]

"ShStatEXE"="c:\programme\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-25 124224]

"QLBController"="c:\programme\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-05-13 318520]

"HPConnectionManager"="c:\programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]

"avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 636256]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programme\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Programme\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=

.

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.9.2012 20:47 355632]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.9.2012 20:47 21256]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe [21.5.2011 17:52 103992]

R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [13.5.2011 22:00 317496]

R2 McAfeeEngineService;McAfee Engine Service;c:\programme\McAfee\VirusScan Enterprise\engineserver.exe [25.8.2010 21:07 22816]

R2 NetWatch;NetWatch;c:\programme\Netwatch\NetWatch.exe [12.3.2012 19:58 45056]

R2 WMCoreService;Mobile Broadband Service;c:\programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode --> c:\programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode [?]

R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [21.4.2009 22:13 113664]

R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c5132.sys [21.12.2010 01:27 174248]

R3 h36wgps;HP  Mobile Broadband Module NMEA;c:\windows\system32\drivers\h36wgps.sys [12.3.2012 19:32 87592]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23.7.2008 11:31 44800]

R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\drivers\IntcDAud.sys [15.10.2010 01:29 260864]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [8.3.2011 11:25 144984]

R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [9.2.2011 14:26 23640]

R3 Mbm4bus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [12.3.2012 19:32 122824]

R3 Mbm4mdfl;HP  Mobile Broadband Module Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [12.3.2012 19:32 14920]

R3 Mbm4mdm;HP  Mobile Broadband Module Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [12.3.2012 19:32 138952]

R3 Mbm4mgmt;HP  Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [12.3.2012 19:32 132808]

R3 Mbm4NNd5;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter;c:\windows\system32\drivers\Mbm4NNd5.sys [12.3.2012 19:32 24904]

R3 Mbm4NUn;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [12.3.2012 19:32 149960]

R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [19.10.2010 16:33 41088]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18.9.2012 20:47 729752]

S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [18.9.2012 20:47 136176]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12.3.2012 18:33 69192]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29.4.2012 13:14 253088]

S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [18.9.2012 20:47 136176]

S3 hpCMSrv;HP Connection Manager 4 Service;c:\programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [23.5.2011 12:45 1098296]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12.3.2012 18:33 66536]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [30.4.2012 22:50 113120]

.

Inhalt des "geplante Tasks" Ordners

.

2012-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 11:14]

.

2012-09-19 c:\windows\Tasks\avast! Emergency Update.job

- c:\programme\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-18 09:12]

.

2012-09-19 c:\windows\Tasks\Final Media Player Update Checker.job

- c:\programme\FinalMediaPlayer\FMPCheckForUpdates.exe [2012-04-23 12:24]

.

2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2012-09-18 18:47]

.

2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2012-09-18 18:47]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.ewe.de/

mStart Page = hxxp://www.ewe.de/

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: ewe.de\gate

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\DefaultTabBHO.dll

AddRemove-DefaultTab - c:\dokumente und einstellungen\User\Anwendungsdaten\DefaultTab\DefaultTab\uninstalldt.exe

AddRemove-LSI Soft Modem - c:\windows\agrsmdel

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-09-19 17:49

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-09-19  17:50:15

ComboFix-quarantined-files.txt  2012-09-19 15:50

.

Vor Suchlauf: 12 Verzeichnis(se), 80.407.101.440 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 80.354.152.448 Bytes frei

.

- - End Of File - - 819C873A4ACFD1E7541CF78CE2F2EE47

--- --- ---

Hochfahren ist übrigens nur mit Verzeichniswiederherstellung im abgesicherten Modus möglich.

Hi,

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:

BleepingComputer.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

Folder::

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv
 

File::

c:\windows\uslzggir.exe
 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uslzggirrwpdthg"=-

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

http://i266.photobucket.com/albums/i.../CFScriptB.gif

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Vista-User mit Rechtsklick und als Administrator starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

:filefind sfcfiles.dll
Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Downloade dir bitte Farbar's Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Combofix Logfile:

Code:

ComboFix 12-09-18.07 - User 19.09.2012  20:39:47.3.4 - x86 DSREPAIR

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3014.2601 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\User\Eigene Dateien\Downloads\ComboFix.exe

Benutzte Befehlsschalter :: c:\dokumente und einstellungen\User\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

.

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!

.

FILE ::

"c:\windows\uslzggir.exe"

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\btn-green.png

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\corners-btn.png

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\corners1.png

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\corners2.png

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\corners3.png

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\corners4.png

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\de-flag.png

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\de-image.png

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\ie6-7.css

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\jquery.main.js

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\McAfee.png

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\pays-de.png

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\steps-de.png

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\steps-en.png

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\style.css

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\tabs.png

c:\dokumente und einstellungen\All Users\Anwendungsdaten\nhrzyxozrhiqapv\wait.html

c:\windows\uslzggir.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-08-19 bis 2012-09-19  ))))))))))))))))))))))))))))))

.

.

2012-09-19 15:43 . 2012-09-19 15:43        --------        d-----w-        C:\avast! sandbox

2012-09-18 17:51 . 2012-09-18 17:51        --------        d-----w-        C:\QUARANTINE

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-05 17:58 . 2012-04-16 19:54        136672        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2009-06-02 . 81D2A1B309552DBBB88D1A041CB4A620 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-08-21 09:12        121528        ----a-w-        c:\programme\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2011-04-18 2209064]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-21 737280]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 141656]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 181592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 165720]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"McAfeeUpdaterUI"="c:\programme\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]

"ShStatEXE"="c:\programme\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-25 124224]

"QLBController"="c:\programme\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-05-13 318520]

"HPConnectionManager"="c:\programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]

"avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 636256]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programme\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Programme\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=

.

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.9.2012 20:47 355632]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.9.2012 20:47 21256]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe [21.5.2011 17:52 103992]

R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [13.5.2011 22:00 317496]

R2 McAfeeEngineService;McAfee Engine Service;c:\programme\McAfee\VirusScan Enterprise\engineserver.exe [25.8.2010 21:07 22816]

R2 NetWatch;NetWatch;c:\programme\Netwatch\NetWatch.exe [12.3.2012 19:58 45056]

R2 WMCoreService;Mobile Broadband Service;c:\programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode --> c:\programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe servicemode [?]

R3 AESTAud;IDT AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [21.4.2009 22:13 113664]

R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c5132.sys [21.12.2010 01:27 174248]

R3 h36wgps;HP  Mobile Broadband Module NMEA;c:\windows\system32\drivers\h36wgps.sys [12.3.2012 19:32 87592]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23.7.2008 11:31 44800]

R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\drivers\IntcDAud.sys [15.10.2010 01:29 260864]

R3 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [9.2.2011 14:26 23640]

R3 Mbm4bus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\drivers\Mbm4bus.sys [12.3.2012 19:32 122824]

R3 Mbm4mdfl;HP  Mobile Broadband Module Data Modem Filter;c:\windows\system32\drivers\Mbm4mdfl.sys [12.3.2012 19:32 14920]

R3 Mbm4mdm;HP  Mobile Broadband Module Data Modem Driver;c:\windows\system32\drivers\Mbm4mdm.sys [12.3.2012 19:32 138952]

R3 Mbm4mgmt;HP  Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\drivers\Mbm4mgmt.sys [12.3.2012 19:32 132808]

R3 Mbm4NNd5;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter;c:\windows\system32\drivers\Mbm4NNd5.sys [12.3.2012 19:32 24904]

R3 Mbm4NUn;HP hs2340 HSPA+ Mobile Broadband Module Network Adapter (WDM);c:\windows\system32\drivers\Mbm4NUn.sys [12.3.2012 19:32 149960]

R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [19.10.2010 16:33 41088]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18.9.2012 20:47 729752]

S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [18.9.2012 20:47 136176]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12.3.2012 18:33 69192]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29.4.2012 13:14 253088]

S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [18.9.2012 20:47 136176]

S3 hpCMSrv;HP Connection Manager 4 Service;c:\programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [23.5.2011 12:45 1098296]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [8.3.2011 11:25 144984]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12.3.2012 18:33 66536]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [30.4.2012 22:50 113120]

.

Inhalt des "geplante Tasks" Ordners

.

2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 11:14]

.

2012-09-19 c:\windows\Tasks\avast! Emergency Update.job

- c:\programme\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-18 09:12]

.

2012-09-19 c:\windows\Tasks\Final Media Player Update Checker.job

- c:\programme\FinalMediaPlayer\FMPCheckForUpdates.exe [2012-04-23 12:24]

.

2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2012-09-18 18:47]

.

2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2012-09-18 18:47]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.ewe.de/

mStart Page = hxxp://www.ewe.de/

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: ewe.de\gate

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\dokumente und einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-09-19 20:41

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(1152)

c:\windows\system32\igfxdev.dll

.

Zeit der Fertigstellung: 2012-09-19  20:41:42

ComboFix-quarantined-files.txt  2012-09-19 18:41

ComboFix2.txt  2012-09-19 15:50

.

Vor Suchlauf: 12 Verzeichnis(se), 80.458.518.528 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 80.437.997.568 Bytes frei

.

- - End Of File - - CB4EBA64445E358DDE5B53DD1413760E

--- --- ---

SystemLook 30.07.11 by jpshortstuff
Log created at 20:48 on 19/09/2012 by User
Administrator - Elevation successful

========== filefind ==========

Searching for "sfcfiles.dll"
C:\WINDOWS\system32\sfcfiles.dll --a---- 1571840 bytes [04:07 03/06/2009] [04:29 02/06/2009] 81D2A1B309552DBBB88D1A041CB4A620

-= EOF =-

Farbar Service Scanner Version: 19-09-2012
Ran by User (administrator) on 19-09-2012 at 20:50:56
Running from "C:\Dokumente und Einstellungen\User\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2009-06-03 06:05] - [2008-04-13 22:52] - 0127488 ____A (Microsoft Corporation) C29A1C9B75BA38FA37F8C44405DEC360

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2009-06-03 06:05] - [2008-04-13 22:52] - 0045568 ____A (Microsoft Corporation) 8C9ED3B2834AAE63081AB2DA831C6FE9

C:\WINDOWS\system32\ipnathlp.dll
[2009-06-03 06:06] - [2008-04-13 22:52] - 0334336 ____A (Microsoft Corporation) CAD058D5F8B889A87CA3EB3CF624DCEF

C:\WINDOWS\system32\netman.dll
[2009-06-03 06:06] - [2008-04-13 22:52] - 0198144 ____A (Microsoft Corporation) E6D88F1F6745BF00B57E7855A2AB696C

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-06-03 05:16] - [2008-04-13 22:52] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729

C:\WINDOWS\system32\srsvc.dll
[2009-06-03 05:17] - [2008-04-13 22:52] - 0171520 ____A (Microsoft Corporation) FE77A85495065F3AD59C5C65B6C54182

C:\WINDOWS\system32\Drivers\sr.sys
[2009-06-03 05:17] - [2008-04-13 22:32] - 0073472 ____A (Microsoft Corporation) 50FA898F8C032796D3B1B9951BB5A90F

C:\WINDOWS\system32\wscsvc.dll
[2009-06-03 06:07] - [2008-04-13 22:52] - 0080896 ____A (Microsoft Corporation) 300B3E84FAF1A5C1F791C159BA28035D

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-06-03 05:16] - [2008-04-13 22:52] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729

C:\WINDOWS\system32\wuauserv.dll
[2009-06-03 05:18] - [2008-04-13 22:52] - 0006656 ____A (Microsoft Corporation) 7B4FE05202AA6BF9F4DFD0E6A0D8A085

C:\WINDOWS\system32\qmgr.dll
[2009-06-03 05:18] - [2008-04-13 22:52] - 0409088 ____A (Microsoft Corporation) D6F603772A789BB3228F310D650B8BD1

C:\WINDOWS\system32\es.dll
[2009-06-03 06:05] - [2008-07-07 22:26] - 0253952 ____A (Microsoft Corporation) AF4F6B5739D18CA7972AB53E091CBC74

C:\WINDOWS\system32\cryptsvc.dll
[2009-06-03 06:05] - [2008-04-13 22:52] - 0062464 ____A (Microsoft Corporation) 611F824E5C703A5A899F84C5F1699E4D

C:\WINDOWS\system32\svchost.exe
[2009-06-03 06:07] - [2008-04-13 22:53] - 0014336 ____A (Microsoft Corporation) 4FBC75B74479C7A6F829E0CA19DF3366

C:\WINDOWS\system32\rpcss.dll
[2009-06-03 06:07] - [2009-02-09 12:51] - 0401408 ____A (Microsoft Corporation) 3127AFBF2C1ED0AB14A1BBB7AAECB85B

C:\WINDOWS\system32\services.exe
[2009-06-03 06:07] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) A3EDBE9053889FB24AB22492472B39DC

Extra List:
=======
aswTdi(10) Gpc(6) IPSec(4) mfetdik(9) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000900000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

Ich hoffe ich hab´s...

Lass bitte Systemlook nochmal laufen, diesmal:

:filefind
sfcfiles.*

SystemLook 30.07.11 by jpshortstuff
Log created at 21:32 on 19/09/2012 by User
Administrator - Elevation successful

========== filefind ==========

Searching for "sfcfiles.*"
C:\WINDOWS\system32\sfcfiles.dll --a---- 1571840 bytes [04:07 03/06/2009] [04:29 02/06/2009] 81D2A1B309552DBBB88D1A041CB4A620

-= EOF =-

Gruß
frglaner

geh mal bitte auf virustotal.com und lass folgende datei prüfen:

C:\WINDOWS\system32\sfcfiles.dll

und poste mir den link zum ergebnis.

Findest Du hier

https://www.virustotal.com/file/b17d72bb6d69cd74edced49ad9ae3fa621f2343547426f2a47f736fffdd855f6/analysis/1348085286/

gruß
frglaner

Sieht gut aus :)

Malwarebytes' Anti-Malware

Lies dir die Entfernungsanleitung durch und lass alles entfernen was gefunden wurde:

Download von Malwarebytes' Anti-Malware

(nach dem scannen auf den Button klicken und Funde löschen lassen!)

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Und ein frisches OTL logfile bitte. Noch Probleme?

Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.19.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: CNU2023M8L [Administrator]

Schutz: Aktiviert

19.9.2012 22:41:23
mbam-log-2012-09-19 (22-41-23).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214469
Laufzeit: 2 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Dokumente und Einstellungen\User\Desktop\VLCMediaPlayerSetup.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\FinalMediaPlayer2011Setup.exe (PUP.BundleOffers.IIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\3C57D487-BAB0-7891-823C-006C65AD63A5\Latest\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\All Users\Anwendungsdaten\uslzggir.exe.vir Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\User\ms.exe.vir Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\uslzggir.exe.vir Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{6A133E43-ADF4-4D4E-ABD3-BA4249936868}\RP135\A0011538.exe Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{6A133E43-ADF4-4D4E-ABD3-BA4249936868}\RP135\A0011558.exe Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{6A133E43-ADF4-4D4E-ABD3-BA4249936868}\RP135\A0012750.exe Win32/Weelsof.B trojan cleaned by deleting - quarantined

OTL Logfile:

Code:

OTL logfile created on: 19.9.2012 23:11:49 - Run 6

OTL by OldTimer - Version 3.2.63.0     Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy

 

2,94 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 76,73% Memory free

4,79 Gb Paging File | 4,21 Gb Available in Paging File | 87,91% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 89,43 Gb Total Space | 74,68 Gb Free Space | 83,51% Space Free | Partition Type: NTFS

 

Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator.

Cannot determine boot mode. | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

PRC - [2012.09.18 22:12:27 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\OTL(1).exe

PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe

PRC - [2012.08.05 19:58:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe

PRC - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe

PRC - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe

PRC - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) -- C:\Programme\Netwatch\NetWatch.exe

PRC - [2010.08.25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe

PRC - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe

PRC - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe

PRC - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe

PRC - [2009.01.16 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe

PRC - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe

PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe

PRC - [2008.04.13 22:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.09.19 22:27:36 | 002,098,200 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll

MOD - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

MOD - [2012.09.19 11:33:07 | 001,811,456 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091900\algo.dll

MOD - [2012.09.06 07:25:54 | 000,467,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-14.0.1.dll

MOD - [2012.08.05 19:58:18 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2010.02.17 12:20:36 | 000,065,576 | R--- | M] () -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll

MOD - [2009.01.16 17:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll

MOD - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe

MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)

SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012.08.05 19:58:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.04.29 13:14:11 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)

SRV - [2011.05.23 12:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)

SRV - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)

SRV - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe -- (WMCoreService)

SRV - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) [Auto | Running] -- C:\Programme\Netwatch\NetWatch.exe -- (NetWatch)

SRV - [2010.08.25 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)

SRV - [2010.08.25 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)

SRV - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)

SRV - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)

SRV - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1e5132.sys -- (e1express)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys -- (catchme)

DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011.05.27 11:06:16 | 001,970,726 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2011.05.13 21:51:18 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2011.03.08 11:25:58 | 000,144,984 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)

DRV - [2011.02.28 15:24:02 | 000,087,592 | R--- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\h36wgps.sys -- (h36wgps)

DRV - [2011.02.11 14:46:36 | 000,149,960 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys -- (Mbm4NUn)

DRV - [2011.02.11 14:46:36 | 000,138,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys -- (Mbm4mdm)

DRV - [2011.02.11 14:46:36 | 000,132,808 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys -- (Mbm4mgmt)

DRV - [2011.02.11 14:46:36 | 000,024,904 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys -- (Mbm4NNd5)

DRV - [2011.02.11 14:46:34 | 000,122,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4bus.sys -- (Mbm4bus)

DRV - [2011.02.11 14:46:34 | 000,014,920 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys -- (Mbm4mdfl)

DRV - [2011.02.09 14:26:44 | 000,023,640 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci)

DRV - [2011.01.06 14:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)

DRV - [2011.01.06 14:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2010.12.21 01:27:06 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)

DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)

DRV - [2010.10.15 01:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)

DRV - [2010.09.02 09:41:18 | 002,699,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2010.08.25 21:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2010.08.25 21:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2010.08.25 21:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2010.08.25 21:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2010.08.25 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)

DRV - [2010.08.25 21:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2010.07.22 23:52:36 | 000,932,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2010.07.22 23:52:30 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2010.01.26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2009.04.21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)

DRV - [2008.07.23 11:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)

DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)

DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = EWE AG - Strom, Erdgas und Telekommunikation aus einer Hand

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = Babylon Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search

IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114435&tt=120912_ccp_3812_8&babsrc=SP_ss&mntrId=28821cc0000000000000028037ec0200

IE - HKCU\..\SearchScopes\{5D55F36D-DE86-4F4A-AD35-65AC5342BF52}: "URL" = hxxp://de.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=114435&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=28821cc0000000000000028037ec0200"

FF - prefs.js..extensions.enabledAddons: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.2.2

FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0

FF - prefs.js..extensions.enabledAddons: {b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.2.643.41

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.18 20:47:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.05 19:58:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.09.19 22:27:37 | 000,000,000 | ---D | M]

 

[2012.04.16 21:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions

[2012.09.19 22:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions

[2012.09.19 22:36:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\ffxtlbr@babylon.com

[2012.08.04 22:30:10 | 000,021,674 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\addon@defaulttab.com.xpi

[2012.08.05 11:09:31 | 000,314,397 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi

[2012.09.19 22:27:37 | 000,002,223 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\BabylonMngr.xml

[2012.04.23 21:12:27 | 000,002,036 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\search-here.xml

[2012.04.16 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.09.19 22:27:37 | 000,000,000 | ---D | M] (Browser Manager) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\BROWSER MANAGER\2.2.643.41\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION

[2012.08.05 19:58:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.19 22:26:27 | 000,002,360 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml

[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: Babylon Search

CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

 

O1 HOSTS File: ([2012.09.19 20:41:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKCU..\Run: [SDP] C:\Programme\FilesFrog Update Checker\update_checker.exe (Somoto)

O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-48S0V.exe ()

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O15 - HKLM\..Trusted Domains: ewe.de ([gate] https in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9D581F-CC17-4ACE-B151-662E2C1ED90D}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C4ECB1-DF1F-47F5-AEE4-0BE78D45AF19}: DhcpNameServer = 10.160.34.1 10.160.34.2

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.03 05:19:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.09.19 22:53:12 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.09.19 22:31:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes

[2012.09.19 22:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.09.19 22:30:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Programme\FilesFrog Update Checker

[2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\FilesFrog Update Checker

[2012.09.19 22:27:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Start Menu

[2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager

[2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BabylonToolbar

[2012.09.19 22:26:44 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar

[2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Babylon

[2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon

[2012.09.19 20:49:47 | 000,693,265 | ---- | C] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe

[2012.09.19 17:43:11 | 000,000,000 | ---D | C] -- C:\avast! sandbox

[2012.09.19 17:38:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012.09.19 17:38:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012.09.19 17:38:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012.09.19 17:38:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012.09.19 17:35:38 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.09.19 17:35:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Verwaltung

[2012.09.19 17:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2012.09.18 20:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome

[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Programme\Google

[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google

[2012.09.18 20:47:28 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012.09.18 20:47:28 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012.09.18 20:47:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus

[2012.09.18 20:47:27 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012.09.18 20:47:27 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012.09.18 20:47:27 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012.09.18 20:47:27 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012.09.18 20:47:27 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012.09.18 20:47:27 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012.09.18 20:47:15 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012.09.18 20:47:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software

[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software

[2012.09.18 20:16:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2012.09.18 19:51:18 | 000,000,000 | ---D | C] -- C:\QUARANTINE

[2012.09.18 18:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\2012_09 Hamburg Arena Polo

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.09.19 23:14:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Browser Manager.job

[2012.09.19 23:03:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.09.19 23:03:00 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.09.19 22:54:19 | 000,531,650 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.09.19 22:54:19 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.09.19 22:54:19 | 000,107,066 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.09.19 22:54:19 | 000,089,478 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.09.19 22:50:15 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012.09.19 22:49:56 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job

[2012.09.19 22:49:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.09.19 22:42:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.09.19 22:33:07 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-48S0V.exe

[2012.09.19 22:33:07 | 000,012,842 | ---- | M] () -- C:\WINDOWS\is-48S0V.msg

[2012.09.19 22:33:07 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.19 22:33:07 | 000,000,414 | ---- | M] () -- C:\WINDOWS\is-48S0V.lst

[2012.09.19 22:27:41 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk

[2012.09.19 22:26:45 | 000,000,315 | ---- | M] () -- C:\user.js

[2012.09.19 20:49:50 | 000,693,265 | ---- | M] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe

[2012.09.19 20:46:52 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe

[2012.09.19 20:41:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012.09.19 20:34:49 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk

[2012.09.18 21:49:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.09.18 21:45:43 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable

[2012.09.18 20:55:11 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012.09.18 20:52:44 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk

[2012.09.18 20:47:28 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk

[2012.09.18 20:22:02 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata

[2012.09.18 19:51:18 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf

[2012.09.18 18:52:46 | 000,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012.08.21 11:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.09.19 22:33:07 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-48S0V.exe

[2012.09.19 22:33:07 | 000,012,842 | ---- | C] () -- C:\WINDOWS\is-48S0V.msg

[2012.09.19 22:33:07 | 000,000,414 | ---- | C] () -- C:\WINDOWS\is-48S0V.lst

[2012.09.19 22:30:58 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.19 22:27:41 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk

[2012.09.19 22:27:38 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Browser Manager.job

[2012.09.19 22:26:45 | 000,000,315 | ---- | C] () -- C:\user.js

[2012.09.19 20:46:52 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe

[2012.09.19 20:34:49 | 000,000,941 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk

[2012.09.19 17:38:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012.09.19 17:38:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012.09.19 17:38:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012.09.19 17:38:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012.09.19 17:38:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012.09.18 21:45:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable

[2012.09.18 20:52:44 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk

[2012.09.18 20:47:30 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.09.18 20:47:30 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.09.18 20:47:28 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk

[2012.09.18 20:47:27 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012.09.18 20:22:02 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata

[2012.09.18 19:51:08 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf

[2012.04.22 21:37:08 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.04.13 17:46:48 | 000,120,824 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2011.09.20 16:20:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2011.02.27 09:21:40 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin

[2011.02.27 09:21:40 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin

[2011.02.27 09:21:38 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin

[2011.02.27 09:00:22 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll

[2011.02.27 08:58:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config

 
 ========== ZeroAccess Check ==========

 

[2012.03.12 17:39:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 

< End of report >

--- --- ---
Problemlage kann ich so nicht beurteilen. Hab auch ein bisschen den Überblick verloren.

Gruß

frglaner

OTL Logfile:

Code:

OTL logfile created on: 19.9.2012 23:11:49 - Run 6

OTL by OldTimer - Version 3.2.63.0     Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy

 

2,94 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 76,73% Memory free

4,79 Gb Paging File | 4,21 Gb Available in Paging File | 87,91% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 89,43 Gb Total Space | 74,68 Gb Free Space | 83,51% Space Free | Partition Type: NTFS

 

Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator.

Cannot determine boot mode. | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

PRC - [2012.09.18 22:12:27 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\OTL(1).exe

PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe

PRC - [2012.08.05 19:58:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe

PRC - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe

PRC - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe

PRC - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) -- C:\Programme\Netwatch\NetWatch.exe

PRC - [2010.08.25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe

PRC - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe

PRC - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe

PRC - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe

PRC - [2009.01.16 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe

PRC - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe

PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe

PRC - [2008.04.13 22:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.09.19 22:27:36 | 002,098,200 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll

MOD - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

MOD - [2012.09.19 11:33:07 | 001,811,456 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091900\algo.dll

MOD - [2012.09.06 07:25:54 | 000,467,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-14.0.1.dll

MOD - [2012.08.05 19:58:18 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2010.02.17 12:20:36 | 000,065,576 | R--- | M] () -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll

MOD - [2009.01.16 17:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll

MOD - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe

MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)

SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012.08.05 19:58:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.04.29 13:14:11 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)

SRV - [2011.05.23 12:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)

SRV - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)

SRV - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe -- (WMCoreService)

SRV - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) [Auto | Running] -- C:\Programme\Netwatch\NetWatch.exe -- (NetWatch)

SRV - [2010.08.25 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)

SRV - [2010.08.25 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)

SRV - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)

SRV - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)

SRV - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1e5132.sys -- (e1express)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys -- (catchme)

DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011.05.27 11:06:16 | 001,970,726 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2011.05.13 21:51:18 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2011.03.08 11:25:58 | 000,144,984 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)

DRV - [2011.02.28 15:24:02 | 000,087,592 | R--- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\h36wgps.sys -- (h36wgps)

DRV - [2011.02.11 14:46:36 | 000,149,960 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys -- (Mbm4NUn)

DRV - [2011.02.11 14:46:36 | 000,138,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys -- (Mbm4mdm)

DRV - [2011.02.11 14:46:36 | 000,132,808 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys -- (Mbm4mgmt)

DRV - [2011.02.11 14:46:36 | 000,024,904 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys -- (Mbm4NNd5)

DRV - [2011.02.11 14:46:34 | 000,122,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4bus.sys -- (Mbm4bus)

DRV - [2011.02.11 14:46:34 | 000,014,920 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys -- (Mbm4mdfl)

DRV - [2011.02.09 14:26:44 | 000,023,640 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci)

DRV - [2011.01.06 14:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)

DRV - [2011.01.06 14:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2010.12.21 01:27:06 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)

DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)

DRV - [2010.10.15 01:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)

DRV - [2010.09.02 09:41:18 | 002,699,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2010.08.25 21:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2010.08.25 21:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2010.08.25 21:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2010.08.25 21:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2010.08.25 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)

DRV - [2010.08.25 21:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2010.07.22 23:52:36 | 000,932,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2010.07.22 23:52:30 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2010.01.26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2009.04.21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)

DRV - [2008.07.23 11:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)

DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)

DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = EWE AG - Strom, Erdgas und Telekommunikation aus einer Hand

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = Babylon Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search

IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114435&tt=120912_ccp_3812_8&babsrc=SP_ss&mntrId=28821cc0000000000000028037ec0200

IE - HKCU\..\SearchScopes\{5D55F36D-DE86-4F4A-AD35-65AC5342BF52}: "URL" = hxxp://de.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=114435&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=28821cc0000000000000028037ec0200"

FF - prefs.js..extensions.enabledAddons: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.2.2

FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0

FF - prefs.js..extensions.enabledAddons: {b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.2.643.41

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.18 20:47:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.05 19:58:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.09.19 22:27:37 | 000,000,000 | ---D | M]

 

[2012.04.16 21:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions

[2012.09.19 22:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions

[2012.09.19 22:36:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\ffxtlbr@babylon.com

[2012.08.04 22:30:10 | 000,021,674 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\addon@defaulttab.com.xpi

[2012.08.05 11:09:31 | 000,314,397 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi

[2012.09.19 22:27:37 | 000,002,223 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\BabylonMngr.xml

[2012.04.23 21:12:27 | 000,002,036 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\search-here.xml

[2012.04.16 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.09.19 22:27:37 | 000,000,000 | ---D | M] (Browser Manager) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\BROWSER MANAGER\2.2.643.41\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION

[2012.08.05 19:58:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.19 22:26:27 | 000,002,360 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml

[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: Babylon Search

CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

 

O1 HOSTS File: ([2012.09.19 20:41:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKCU..\Run: [SDP] C:\Programme\FilesFrog Update Checker\update_checker.exe (Somoto)

O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-48S0V.exe ()

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O15 - HKLM\..Trusted Domains: ewe.de ([gate] https in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9D581F-CC17-4ACE-B151-662E2C1ED90D}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C4ECB1-DF1F-47F5-AEE4-0BE78D45AF19}: DhcpNameServer = 10.160.34.1 10.160.34.2

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.03 05:19:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.09.19 22:53:12 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.09.19 22:31:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes

[2012.09.19 22:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.09.19 22:30:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Programme\FilesFrog Update Checker

[2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\FilesFrog Update Checker

[2012.09.19 22:27:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Start Menu

[2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager

[2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BabylonToolbar

[2012.09.19 22:26:44 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar

[2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Babylon

[2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon

[2012.09.19 20:49:47 | 000,693,265 | ---- | C] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe

[2012.09.19 17:43:11 | 000,000,000 | ---D | C] -- C:\avast! sandbox

[2012.09.19 17:38:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012.09.19 17:38:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012.09.19 17:38:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012.09.19 17:38:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012.09.19 17:35:38 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.09.19 17:35:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Verwaltung

[2012.09.19 17:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2012.09.18 20:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome

[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Programme\Google

[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google

[2012.09.18 20:47:28 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012.09.18 20:47:28 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012.09.18 20:47:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus

[2012.09.18 20:47:27 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012.09.18 20:47:27 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012.09.18 20:47:27 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012.09.18 20:47:27 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012.09.18 20:47:27 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012.09.18 20:47:27 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012.09.18 20:47:15 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012.09.18 20:47:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software

[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software

[2012.09.18 20:16:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2012.09.18 19:51:18 | 000,000,000 | ---D | C] -- C:\QUARANTINE

[2012.09.18 18:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\2012_09 Hamburg Arena Polo

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.09.19 23:14:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Browser Manager.job

[2012.09.19 23:03:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.09.19 23:03:00 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.09.19 22:54:19 | 000,531,650 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.09.19 22:54:19 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.09.19 22:54:19 | 000,107,066 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.09.19 22:54:19 | 000,089,478 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.09.19 22:50:15 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012.09.19 22:49:56 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job

[2012.09.19 22:49:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.09.19 22:42:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.09.19 22:33:07 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-48S0V.exe

[2012.09.19 22:33:07 | 000,012,842 | ---- | M] () -- C:\WINDOWS\is-48S0V.msg

[2012.09.19 22:33:07 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.19 22:33:07 | 000,000,414 | ---- | M] () -- C:\WINDOWS\is-48S0V.lst

[2012.09.19 22:27:41 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk

[2012.09.19 22:26:45 | 000,000,315 | ---- | M] () -- C:\user.js

[2012.09.19 20:49:50 | 000,693,265 | ---- | M] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe

[2012.09.19 20:46:52 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe

[2012.09.19 20:41:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012.09.19 20:34:49 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk

[2012.09.18 21:49:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.09.18 21:45:43 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable

[2012.09.18 20:55:11 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012.09.18 20:52:44 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk

[2012.09.18 20:47:28 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk

[2012.09.18 20:22:02 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata

[2012.09.18 19:51:18 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf

[2012.09.18 18:52:46 | 000,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012.08.21 11:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.09.19 22:33:07 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-48S0V.exe

[2012.09.19 22:33:07 | 000,012,842 | ---- | C] () -- C:\WINDOWS\is-48S0V.msg

[2012.09.19 22:33:07 | 000,000,414 | ---- | C] () -- C:\WINDOWS\is-48S0V.lst

[2012.09.19 22:30:58 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.19 22:27:41 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk

[2012.09.19 22:27:38 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Browser Manager.job

[2012.09.19 22:26:45 | 000,000,315 | ---- | C] () -- C:\user.js

[2012.09.19 20:46:52 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe

[2012.09.19 20:34:49 | 000,000,941 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk

[2012.09.19 17:38:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012.09.19 17:38:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012.09.19 17:38:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012.09.19 17:38:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012.09.19 17:38:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012.09.18 21:45:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable

[2012.09.18 20:52:44 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk

[2012.09.18 20:47:30 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.09.18 20:47:30 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.09.18 20:47:28 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk

[2012.09.18 20:47:27 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012.09.18 20:22:02 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata

[2012.09.18 19:51:08 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf

[2012.04.22 21:37:08 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.04.13 17:46:48 | 000,120,824 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2011.09.20 16:20:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2011.02.27 09:21:40 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin

[2011.02.27 09:21:40 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin

[2011.02.27 09:21:38 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin

[2011.02.27 09:00:22 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll

[2011.02.27 08:58:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config

 
 ========== ZeroAccess Check ==========

 

[2012.03.12 17:39:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 

< End of report >

--- --- ---

Problemlage kann ich so nicht beurteilen. Hab auch ein bisschen den Überblick verloren.

Gruß

frglaner

Hallo Schrauber,

Display bleibt jetzt blau nach dem Hochfahren (weißer Bildschirm mit ursprünglichem Eintrag "Webseite kann nicht..." erscheint nicht mehr). Task-Manager kann angesteuert werden. Sonst geht nix...

Gruß
frglaner

Bitte starte mal OTl, setze bei Extra Registrierung den Button auf Benutze Safe List und klick Scan, poste beide Logfiles.

Start > ausführen:

sfc /scannow

Also hier die Logs:OTL Logfile:

Code:

OTL logfile created on: 20.9.2012 16:04:12 - Run 7

OTL by OldTimer - Version 3.2.63.0     Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy

 

2,94 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 77,88% Memory free

4,79 Gb Paging File | 4,26 Gb Available in Paging File | 89,02% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 89,43 Gb Total Space | 74,39 Gb Free Space | 83,19% Space Free | Partition Type: NTFS

 

Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator.

Cannot determine boot mode. | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

PRC - [2012.09.18 21:48:21 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\OTL.exe

PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe

PRC - [2012.08.05 19:58:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe

PRC - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe

PRC - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe

PRC - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) -- C:\Programme\Netwatch\NetWatch.exe

PRC - [2010.08.25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe

PRC - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe

PRC - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe

PRC - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe

PRC - [2009.01.16 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe

PRC - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe

PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe

PRC - [2008.04.13 22:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.09.20 08:28:32 | 001,811,968 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12092000\algo.dll

MOD - [2012.09.19 22:28:30 | 001,811,456 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091901\algo.dll

MOD - [2012.09.19 22:27:36 | 002,098,200 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll

MOD - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

MOD - [2012.09.06 07:25:54 | 000,467,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-14.0.1.dll

MOD - [2012.08.05 19:58:18 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2010.02.17 12:20:36 | 000,065,576 | R--- | M] () -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll

MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU

MOD - [2009.01.16 17:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll

MOD - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe

MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)

SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012.08.05 19:58:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.04.29 13:14:11 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)

SRV - [2011.05.23 12:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)

SRV - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)

SRV - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe -- (WMCoreService)

SRV - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) [Auto | Running] -- C:\Programme\Netwatch\NetWatch.exe -- (NetWatch)

SRV - [2010.08.25 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)

SRV - [2010.08.25 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)

SRV - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)

SRV - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)

SRV - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1e5132.sys -- (e1express)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys -- (catchme)

DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011.05.27 11:06:16 | 001,970,726 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2011.05.13 21:51:18 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2011.03.08 11:25:58 | 000,144,984 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)

DRV - [2011.02.28 15:24:02 | 000,087,592 | R--- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\h36wgps.sys -- (h36wgps)

DRV - [2011.02.11 14:46:36 | 000,149,960 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys -- (Mbm4NUn)

DRV - [2011.02.11 14:46:36 | 000,138,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys -- (Mbm4mdm)

DRV - [2011.02.11 14:46:36 | 000,132,808 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys -- (Mbm4mgmt)

DRV - [2011.02.11 14:46:36 | 000,024,904 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys -- (Mbm4NNd5)

DRV - [2011.02.11 14:46:34 | 000,122,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4bus.sys -- (Mbm4bus)

DRV - [2011.02.11 14:46:34 | 000,014,920 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys -- (Mbm4mdfl)

DRV - [2011.02.09 14:26:44 | 000,023,640 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci)

DRV - [2011.01.06 14:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)

DRV - [2011.01.06 14:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2010.12.21 01:27:06 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)

DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)

DRV - [2010.10.15 01:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)

DRV - [2010.09.02 09:41:18 | 002,699,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2010.08.25 21:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2010.08.25 21:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2010.08.25 21:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2010.08.25 21:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2010.08.25 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)

DRV - [2010.08.25 21:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2010.07.22 23:52:36 | 000,932,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2010.07.22 23:52:30 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2010.01.26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2009.04.21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)

DRV - [2008.07.23 11:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)

DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)

DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = EWE AG - Strom, Erdgas und Telekommunikation aus einer Hand

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = Babylon Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search

IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114435&tt=120912_ccp_3812_8&babsrc=SP_ss&mntrId=28821cc0000000000000028037ec0200

IE - HKCU\..\SearchScopes\{5D55F36D-DE86-4F4A-AD35-65AC5342BF52}: "URL" = hxxp://de.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=114435&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=28821cc0000000000000028037ec0200"

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.18 20:47:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.05 19:58:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.09.19 22:27:37 | 000,000,000 | ---D | M]

 

[2012.04.16 21:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions

[2012.09.19 22:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions

[2012.09.19 22:36:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\ffxtlbr@babylon.com

[2012.08.04 22:30:10 | 000,021,674 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\addon@defaulttab.com.xpi

[2012.08.05 11:09:31 | 000,314,397 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi

[2012.09.19 22:27:37 | 000,002,223 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\BabylonMngr.xml

[2012.04.23 21:12:27 | 000,002,036 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\search-here.xml

[2012.04.16 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.09.19 22:27:37 | 000,000,000 | ---D | M] (Browser Manager) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\BROWSER MANAGER\2.2.643.41\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION

[2012.08.05 19:58:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.19 22:26:27 | 000,002,360 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml

[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: Babylon Search

CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

 

O1 HOSTS File: ([2012.09.19 20:41:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKCU..\Run: [SDP] C:\Programme\FilesFrog Update Checker\update_checker.exe (Somoto)

O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-48S0V.exe ()

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O15 - HKLM\..Trusted Domains: ewe.de ([gate] https in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.6.108.140 212.6.108.141

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9D581F-CC17-4ACE-B151-662E2C1ED90D}: DhcpNameServer = 212.6.108.140 212.6.108.141

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C4ECB1-DF1F-47F5-AEE4-0BE78D45AF19}: DhcpNameServer = 10.160.34.1 10.160.34.2

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.03 05:19:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.09.19 23:40:33 | 000,000,000 | ---D | C] -- C:\avast! sandbox

[2012.09.19 22:53:12 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.09.19 22:31:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes

[2012.09.19 22:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.09.19 22:30:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Programme\FilesFrog Update Checker

[2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\FilesFrog Update Checker

[2012.09.19 22:27:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Start Menu

[2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager

[2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BabylonToolbar

[2012.09.19 22:26:44 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar

[2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Babylon

[2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon

[2012.09.19 20:49:47 | 000,693,265 | ---- | C] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe

[2012.09.19 17:38:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012.09.19 17:38:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012.09.19 17:38:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012.09.19 17:38:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012.09.19 17:35:38 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.09.19 17:35:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Verwaltung

[2012.09.19 17:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2012.09.18 20:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome

[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Programme\Google

[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google

[2012.09.18 20:47:28 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012.09.18 20:47:28 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012.09.18 20:47:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus

[2012.09.18 20:47:27 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012.09.18 20:47:27 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012.09.18 20:47:27 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012.09.18 20:47:27 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012.09.18 20:47:27 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012.09.18 20:47:27 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012.09.18 20:47:15 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012.09.18 20:47:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software

[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software

[2012.09.18 20:16:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2012.09.18 19:51:18 | 000,000,000 | ---D | C] -- C:\QUARANTINE

[2012.09.18 18:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\2012_09 Hamburg Arena Polo

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.09.20 16:09:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Browser Manager.job

[2012.09.20 16:03:05 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.09.20 15:53:01 | 000,531,650 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.09.20 15:53:01 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.09.20 15:53:01 | 000,107,066 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.09.20 15:53:01 | 000,089,478 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.09.20 15:49:00 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012.09.20 15:48:34 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.09.20 15:48:34 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job

[2012.09.20 15:48:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.09.20 07:15:49 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.09.19 22:33:07 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-48S0V.exe

[2012.09.19 22:33:07 | 000,012,842 | ---- | M] () -- C:\WINDOWS\is-48S0V.msg

[2012.09.19 22:33:07 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.19 22:33:07 | 000,000,414 | ---- | M] () -- C:\WINDOWS\is-48S0V.lst

[2012.09.19 22:27:41 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk

[2012.09.19 22:26:45 | 000,000,315 | ---- | M] () -- C:\user.js

[2012.09.19 20:49:50 | 000,693,265 | ---- | M] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe

[2012.09.19 20:46:52 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe

[2012.09.19 20:41:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012.09.19 20:34:49 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk

[2012.09.18 21:49:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.09.18 21:45:43 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable

[2012.09.18 20:55:11 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012.09.18 20:52:44 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk

[2012.09.18 20:47:28 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk

[2012.09.18 20:22:02 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata

[2012.09.18 19:51:18 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf

[2012.09.18 18:52:46 | 000,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.09.20 15:48:48 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Browser Manager.job

[2012.09.19 22:33:07 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-48S0V.exe

[2012.09.19 22:33:07 | 000,012,842 | ---- | C] () -- C:\WINDOWS\is-48S0V.msg

[2012.09.19 22:33:07 | 000,000,414 | ---- | C] () -- C:\WINDOWS\is-48S0V.lst

[2012.09.19 22:30:58 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.19 22:27:41 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk

[2012.09.19 22:26:45 | 000,000,315 | ---- | C] () -- C:\user.js

[2012.09.19 20:46:52 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe

[2012.09.19 20:34:49 | 000,000,941 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk

[2012.09.19 17:38:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012.09.19 17:38:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012.09.19 17:38:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012.09.19 17:38:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012.09.19 17:38:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012.09.18 21:45:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable

[2012.09.18 20:52:44 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk

[2012.09.18 20:47:30 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.09.18 20:47:30 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.09.18 20:47:28 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk

[2012.09.18 20:47:27 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012.09.18 20:22:02 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata

[2012.09.18 19:51:08 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf

[2012.04.22 21:37:08 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.04.13 17:46:48 | 000,120,824 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2011.09.20 16:20:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2011.02.27 09:21:40 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin

[2011.02.27 09:21:40 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin

[2011.02.27 09:21:38 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin

[2011.02.27 09:00:22 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll

[2011.02.27 08:58:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config

 
 ========== ZeroAccess Check ==========

 

[2012.03.12 17:39:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL Extras logfile created on: 20.9.2012 16:04:12 - Run 7

OTL by OldTimer - Version 3.2.63.0     Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy

 

2,94 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 77,88% Memory free

4,79 Gb Paging File | 4,26 Gb Available in Paging File | 89,02% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 89,43 Gb Total Space | 74,39 Gb Free Space | 83,19% Space Free | Partition Type: NTFS

 

Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator.

Cannot determine boot mode. | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\McAfee\Common Framework\FrameworkService.exe" = C:\Programme\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)

"C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe" = C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe:*:Enabled:Final Media Player Update Checker -- (Bitberry Software)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise

"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{646E8C34-C88B-42F9-9F41-985A801219E1}" = HP Mobile Broadband Drivers

"{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}" = McAfee Agent

"{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU

"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E0824C9B-F196-4667-8CE8-3A0B685B0820}" = HP HotKey Support

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = BabylonObjectInstaller

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{F48BE301-EC78-4686-B580-EE4934558798}" = Broadcom 2070 Bluetooth 3.0

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"avast" = avast! Free Antivirus

"BabylonToolbar" = Babylon toolbar on IE

"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32

"ESET Online Scanner" = ESET Online Scanner v3

"FilesFrog Update Checker" = FilesFrog Update Checker

"FinalMediaPlayer_is1" = Final Media Player 2011

"Google Chrome" = Google Chrome

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"PROPLUS" = Microsoft Office Professional Plus 2007

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Trusted Software Assistant_is1" = File Type Assistant

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"winusb0100" = Microsoft WinUsb 1.0

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 12.3.2012 13:38:43 | Computer Name = CNU2023M8L | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

 - Tried to start a service that wasn't the latest version of CLR Optimization service.

 Will shutdown 

 

Error - 27.4.2012 14:11:42 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 24.5.2012 12:40:39 | Computer Name = CNU2023M8L | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung hpCMSrv.exe, Version 4.1.22.1, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.

 

Error - 29.5.2012 05:23:00 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 29.5.2012 05:23:10 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 29.5.2012 05:23:26 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ Application Events ]

Error - 12.3.2012 13:38:43 | Computer Name = CNU2023M8L | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

 - Tried to start a service that wasn't the latest version of CLR Optimization service.

 Will shutdown 

 

Error - 27.4.2012 14:11:42 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 24.5.2012 12:40:39 | Computer Name = CNU2023M8L | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung hpCMSrv.exe, Version 4.1.22.1, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.

 

Error - 29.5.2012 05:23:00 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 29.5.2012 05:23:10 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 29.5.2012 05:23:26 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ Application Events ]

Error - 12.3.2012 13:38:43 | Computer Name = CNU2023M8L | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

 - Tried to start a service that wasn't the latest version of CLR Optimization service.

 Will shutdown 

 

Error - 27.4.2012 14:11:42 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 24.5.2012 12:40:39 | Computer Name = CNU2023M8L | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung hpCMSrv.exe, Version 4.1.22.1, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.

 

Error - 29.5.2012 05:23:00 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 29.5.2012 05:23:10 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 29.5.2012 05:23:26 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ System Events ]

Error - 20.9.2012 01:16:18 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   aswSnx  aswTdi  mfehidk

 

Error - 20.9.2012 01:21:36 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12

Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_161D103C&REV_30\4&3277fbd5&0&00E2)

 wurde ohne vorbereitende Maßnahmen vom System entfernt.

 

Error - 20.9.2012 01:21:36 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12

Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_161D103C&REV_30\4&3277fbd5&0&01E2)

 wurde ohne vorbereitende Maßnahmen vom System entfernt.

 

Error - 20.9.2012 01:21:37 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12

Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_161D103C&REV_30\4&3277fbd5&0&02E2)

 wurde ohne vorbereitende Maßnahmen vom System entfernt.

 

Error - 20.9.2012 09:48:59 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7001

Description = Der Dienst "McAfee Validation Trust Protection Service" ist vom Dienst

 "McAfee Inc. mfehidk" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%31

 

Error - 20.9.2012 09:48:59 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7001

Description = Der Dienst "McAfee McShield" ist vom Dienst "McAfee Validation Trust

 Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:

   %%1068

 

Error - 20.9.2012 09:48:59 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   aswSnx  aswTdi  mfehidk

 

Error - 20.9.2012 09:54:04 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12

Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_161D103C&REV_30\4&3277fbd5&0&00E2)

 wurde ohne vorbereitende Maßnahmen vom System entfernt.

 

Error - 20.9.2012 09:54:04 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12

Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_161D103C&REV_30\4&3277fbd5&0&01E2)

 wurde ohne vorbereitende Maßnahmen vom System entfernt.

 

Error - 20.9.2012 09:54:04 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12

Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_161D103C&REV_30\4&3277fbd5&0&02E2)

 wurde ohne vorbereitende Maßnahmen vom System entfernt.

 

 

< End of report >

--- --- ---

Also hier die Logs:OTL Logfile:

Code:

OTL logfile created on: 20.9.2012 16:04:12 - Run 7

OTL by OldTimer - Version 3.2.63.0     Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy

 

2,94 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 77,88% Memory free

4,79 Gb Paging File | 4,26 Gb Available in Paging File | 89,02% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 89,43 Gb Total Space | 74,39 Gb Free Space | 83,19% Space Free | Partition Type: NTFS

 

Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator.

Cannot determine boot mode. | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

PRC - [2012.09.18 21:48:21 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads\OTL.exe

PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe

PRC - [2012.08.05 19:58:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe

PRC - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe

PRC - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe

PRC - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) -- C:\Programme\Netwatch\NetWatch.exe

PRC - [2010.08.25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe

PRC - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe

PRC - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe

PRC - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe

PRC - [2009.01.16 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe

PRC - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe

PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe

PRC - [2008.04.13 22:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.09.20 08:28:32 | 001,811,968 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12092000\algo.dll

MOD - [2012.09.19 22:28:30 | 001,811,456 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12091901\algo.dll

MOD - [2012.09.19 22:27:36 | 002,098,200 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll

MOD - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

MOD - [2012.09.06 07:25:54 | 000,467,968 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-14.0.1.dll

MOD - [2012.08.05 19:58:18 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2010.02.17 12:20:36 | 000,065,576 | R--- | M] () -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll

MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU

MOD - [2009.01.16 17:00:00 | 000,057,344 | ---- | M] () -- C:\Programme\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll

MOD - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe

MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Programme\McAfee\Common Framework\cryptocme2.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012.09.19 22:27:36 | 001,701,400 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)

SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012.08.05 19:58:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.04.29 13:14:11 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2011.05.27 11:06:16 | 000,282,709 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)

SRV - [2011.05.23 12:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)

SRV - [2011.05.21 17:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011.05.13 22:00:36 | 000,317,496 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)

SRV - [2011.03.03 11:32:10 | 000,842,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Programme\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe -- (WMCoreService)

SRV - [2010.10.26 14:37:16 | 000,045,056 | ---- | M] (EWE Aktiengesellschaft) [Auto | Running] -- C:\Programme\Netwatch\NetWatch.exe -- (NetWatch)

SRV - [2010.08.25 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)

SRV - [2010.08.25 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)

SRV - [2010.08.25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)

SRV - [2010.08.25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)

SRV - [2009.12.03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2009.01.16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1e5132.sys -- (e1express)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\User\LOKALE~1\Temp\catchme.sys -- (catchme)

DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011.05.27 11:06:16 | 001,970,726 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2011.05.13 21:51:18 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2011.03.08 11:25:58 | 000,144,984 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)

DRV - [2011.02.28 15:24:02 | 000,087,592 | R--- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\h36wgps.sys -- (h36wgps)

DRV - [2011.02.11 14:46:36 | 000,149,960 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NUn.sys -- (Mbm4NUn)

DRV - [2011.02.11 14:46:36 | 000,138,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdm.sys -- (Mbm4mdm)

DRV - [2011.02.11 14:46:36 | 000,132,808 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mgmt.sys -- (Mbm4mgmt)

DRV - [2011.02.11 14:46:36 | 000,024,904 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4NNd5.sys -- (Mbm4NNd5)

DRV - [2011.02.11 14:46:34 | 000,122,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4bus.sys -- (Mbm4bus)

DRV - [2011.02.11 14:46:34 | 000,014,920 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mbm4mdfl.sys -- (Mbm4mdfl)

DRV - [2011.02.09 14:26:44 | 000,023,640 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci)

DRV - [2011.01.06 14:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)

DRV - [2011.01.06 14:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2010.12.21 01:27:06 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)

DRV - [2010.10.19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)

DRV - [2010.10.15 01:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)

DRV - [2010.09.02 09:41:18 | 002,699,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2010.08.25 21:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2010.08.25 21:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2010.08.25 21:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2010.08.25 21:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2010.08.25 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)

DRV - [2010.08.25 21:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2010.07.22 23:52:36 | 000,932,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2010.07.22 23:52:30 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2010.01.26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2009.04.21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)

DRV - [2008.07.23 11:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)

DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)

DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = EWE AG - Strom, Erdgas und Telekommunikation aus einer Hand

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = Babylon Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search

IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114435&tt=120912_ccp_3812_8&babsrc=SP_ss&mntrId=28821cc0000000000000028037ec0200

IE - HKCU\..\SearchScopes\{5D55F36D-DE86-4F4A-AD35-65AC5342BF52}: "URL" = hxxp://de.search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=114435&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=28821cc0000000000000028037ec0200"

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.18 20:47:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.05 19:58:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.09.19 22:27:37 | 000,000,000 | ---D | M]

 

[2012.04.16 21:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions

[2012.09.19 22:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions

[2012.09.19 22:36:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\ffxtlbr@babylon.com

[2012.08.04 22:30:10 | 000,021,674 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\addon@defaulttab.com.xpi

[2012.08.05 11:09:31 | 000,314,397 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi

[2012.09.19 22:27:37 | 000,002,223 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\BabylonMngr.xml

[2012.04.23 21:12:27 | 000,002,036 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\avh78h5o.default\searchplugins\search-here.xml

[2012.04.16 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.09.19 22:27:37 | 000,000,000 | ---D | M] (Browser Manager) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\BROWSER MANAGER\2.2.643.41\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION

[2012.08.05 19:58:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.19 22:26:27 | 000,002,360 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml

[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: Babylon Search

CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

 

O1 HOSTS File: ([2012.09.19 20:41:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKCU..\Run: [SDP] C:\Programme\FilesFrog Update Checker\update_checker.exe (Somoto)

O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-48S0V.exe ()

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O15 - HKLM\..Trusted Domains: ewe.de ([gate] https in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.6.108.140 212.6.108.141

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9D581F-CC17-4ACE-B151-662E2C1ED90D}: DhcpNameServer = 212.6.108.140 212.6.108.141

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C4ECB1-DF1F-47F5-AEE4-0BE78D45AF19}: DhcpNameServer = 10.160.34.1 10.160.34.2

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.03 05:19:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.09.19 23:40:33 | 000,000,000 | ---D | C] -- C:\avast! sandbox

[2012.09.19 22:53:12 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.09.19 22:31:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes

[2012.09.19 22:30:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.09.19 22:30:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.09.19 22:30:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Programme\FilesFrog Update Checker

[2012.09.19 22:27:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\FilesFrog Update Checker

[2012.09.19 22:27:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Start Menu

[2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Browser Manager

[2012.09.19 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\BabylonToolbar

[2012.09.19 22:26:44 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar

[2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Babylon

[2012.09.19 22:26:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon

[2012.09.19 20:49:47 | 000,693,265 | ---- | C] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe

[2012.09.19 17:38:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012.09.19 17:38:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012.09.19 17:38:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012.09.19 17:38:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012.09.19 17:35:38 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.09.19 17:35:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Verwaltung

[2012.09.19 17:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2012.09.18 20:52:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome

[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Programme\Google

[2012.09.18 20:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Google

[2012.09.18 20:47:28 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012.09.18 20:47:28 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012.09.18 20:47:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus

[2012.09.18 20:47:27 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012.09.18 20:47:27 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012.09.18 20:47:27 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012.09.18 20:47:27 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012.09.18 20:47:27 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012.09.18 20:47:27 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012.09.18 20:47:15 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012.09.18 20:47:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software

[2012.09.18 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software

[2012.09.18 20:16:52 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2012.09.18 19:51:18 | 000,000,000 | ---D | C] -- C:\QUARANTINE

[2012.09.18 18:34:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\User\Eigene Dateien\2012_09 Hamburg Arena Polo

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.09.20 16:09:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Browser Manager.job

[2012.09.20 16:03:05 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.09.20 15:53:01 | 000,531,650 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.09.20 15:53:01 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.09.20 15:53:01 | 000,107,066 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.09.20 15:53:01 | 000,089,478 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.09.20 15:49:00 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012.09.20 15:48:34 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.09.20 15:48:34 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job

[2012.09.20 15:48:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.09.20 07:15:49 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.09.19 22:33:07 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-48S0V.exe

[2012.09.19 22:33:07 | 000,012,842 | ---- | M] () -- C:\WINDOWS\is-48S0V.msg

[2012.09.19 22:33:07 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.19 22:33:07 | 000,000,414 | ---- | M] () -- C:\WINDOWS\is-48S0V.lst

[2012.09.19 22:27:41 | 000,000,816 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk

[2012.09.19 22:26:45 | 000,000,315 | ---- | M] () -- C:\user.js

[2012.09.19 20:49:50 | 000,693,265 | ---- | M] (Farbar) -- C:\Dokumente und Einstellungen\User\Desktop\FSS.exe

[2012.09.19 20:46:52 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe

[2012.09.19 20:41:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012.09.19 20:34:49 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk

[2012.09.18 21:49:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.09.18 21:45:43 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\User\defogger_reenable

[2012.09.18 20:55:11 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012.09.18 20:52:44 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk

[2012.09.18 20:47:28 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk

[2012.09.18 20:22:02 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata

[2012.09.18 19:51:18 | 000,076,339 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf

[2012.09.18 18:52:46 | 000,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.09.20 15:48:48 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\Browser Manager.job

[2012.09.19 22:33:07 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-48S0V.exe

[2012.09.19 22:33:07 | 000,012,842 | ---- | C] () -- C:\WINDOWS\is-48S0V.msg

[2012.09.19 22:33:07 | 000,000,414 | ---- | C] () -- C:\WINDOWS\is-48S0V.lst

[2012.09.19 22:30:58 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.19 22:27:41 | 000,000,816 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Check for Updates.lnk

[2012.09.19 22:26:45 | 000,000,315 | ---- | C] () -- C:\user.js

[2012.09.19 20:46:52 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\SystemLook.exe

[2012.09.19 20:34:49 | 000,000,941 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Desktop\Verknüpfung mit ComboFix.lnk

[2012.09.19 17:38:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012.09.19 17:38:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012.09.19 17:38:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012.09.19 17:38:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012.09.19 17:38:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012.09.18 21:45:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\User\defogger_reenable

[2012.09.18 20:52:44 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk

[2012.09.18 20:47:30 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.09.18 20:47:30 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.09.18 20:47:28 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk

[2012.09.18 20:47:27 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012.09.18 20:22:02 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata

[2012.09.18 19:51:08 | 000,076,339 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mpvgdkqmnyddzcf

[2012.04.22 21:37:08 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.04.13 17:46:48 | 000,120,824 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2011.09.20 16:20:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2011.02.27 09:21:40 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin

[2011.02.27 09:21:40 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin

[2011.02.27 09:21:38 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin

[2011.02.27 09:00:22 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll

[2011.02.27 08:58:12 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config

 
 ========== ZeroAccess Check ==========

 

[2012.03.12 17:39:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL Extras logfile created on: 20.9.2012 16:04:12 - Run 7

OTL by OldTimer - Version 3.2.63.0     Folder = C:\Dokumente und Einstellungen\User\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy

 

2,94 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 77,88% Memory free

4,79 Gb Paging File | 4,26 Gb Available in Paging File | 89,02% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 89,43 Gb Total Space | 74,39 Gb Free Space | 83,19% Space Free | Partition Type: NTFS

 

Computer Name: CNU2023M8L | User Name: User | Logged in as Administrator.

Cannot determine boot mode. | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\McAfee\Common Framework\FrameworkService.exe" = C:\Programme\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)

"C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe" = C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe:*:Enabled:Final Media Player Update Checker -- (Bitberry Software)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise

"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{646E8C34-C88B-42F9-9F41-985A801219E1}" = HP Mobile Broadband Drivers

"{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}" = McAfee Agent

"{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU

"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E0824C9B-F196-4667-8CE8-3A0B685B0820}" = HP HotKey Support

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = BabylonObjectInstaller

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{F48BE301-EC78-4686-B580-EE4934558798}" = Broadcom 2070 Bluetooth 3.0

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"avast" = avast! Free Antivirus

"BabylonToolbar" = Babylon toolbar on IE

"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32

"ESET Online Scanner" = ESET Online Scanner v3

"FilesFrog Update Checker" = FilesFrog Update Checker

"FinalMediaPlayer_is1" = Final Media Player 2011

"Google Chrome" = Google Chrome

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"PROPLUS" = Microsoft Office Professional Plus 2007

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Trusted Software Assistant_is1" = File Type Assistant

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"winusb0100" = Microsoft WinUsb 1.0

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 12.3.2012 13:38:43 | Computer Name = CNU2023M8L | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

 - Tried to start a service that wasn't the latest version of CLR Optimization service.

 Will shutdown 

 

Error - 27.4.2012 14:11:42 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 24.5.2012 12:40:39 | Computer Name = CNU2023M8L | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung hpCMSrv.exe, Version 4.1.22.1, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.

 

Error - 29.5.2012 05:23:00 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 29.5.2012 05:23:10 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 29.5.2012 05:23:26 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ Application Events ]

Error - 12.3.2012 13:38:43 | Computer Name = CNU2023M8L | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

 - Tried to start a service that wasn't the latest version of CLR Optimization service.

 Will shutdown 

 

Error - 27.4.2012 14:11:42 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 24.5.2012 12:40:39 | Computer Name = CNU2023M8L | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung hpCMSrv.exe, Version 4.1.22.1, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.

 

Error - 29.5.2012 05:23:00 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 29.5.2012 05:23:10 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 29.5.2012 05:23:26 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ Application Events ]

Error - 12.3.2012 13:38:43 | Computer Name = CNU2023M8L | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

 - Tried to start a service that wasn't the latest version of CLR Optimization service.

 Will shutdown 

 

Error - 27.4.2012 14:11:42 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 24.5.2012 12:40:39 | Computer Name = CNU2023M8L | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung hpCMSrv.exe, Version 4.1.22.1, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.

 

Error - 29.5.2012 05:23:00 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 29.5.2012 05:23:10 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 29.5.2012 05:23:26 | Computer Name = CNU2023M8L | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OIS.EXE, Version 12.0.6413.1000, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ System Events ]

Error - 20.9.2012 01:16:18 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   aswSnx  aswTdi  mfehidk

 

Error - 20.9.2012 01:21:36 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12

Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_161D103C&REV_30\4&3277fbd5&0&00E2)

 wurde ohne vorbereitende Maßnahmen vom System entfernt.

 

Error - 20.9.2012 01:21:36 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12

Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_161D103C&REV_30\4&3277fbd5&0&01E2)

 wurde ohne vorbereitende Maßnahmen vom System entfernt.

 

Error - 20.9.2012 01:21:37 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12

Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_161D103C&REV_30\4&3277fbd5&0&02E2)

 wurde ohne vorbereitende Maßnahmen vom System entfernt.

 

Error - 20.9.2012 09:48:59 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7001

Description = Der Dienst "McAfee Validation Trust Protection Service" ist vom Dienst

 "McAfee Inc. mfehidk" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%31

 

Error - 20.9.2012 09:48:59 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7001

Description = Der Dienst "McAfee McShield" ist vom Dienst "McAfee Validation Trust

 Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:

   %%1068

 

Error - 20.9.2012 09:48:59 | Computer Name = CNU2023M8L | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   aswSnx  aswTdi  mfehidk

 

Error - 20.9.2012 09:54:04 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12

Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_161D103C&REV_30\4&3277fbd5&0&00E2)

 wurde ohne vorbereitende Maßnahmen vom System entfernt.

 

Error - 20.9.2012 09:54:04 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12

Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_161D103C&REV_30\4&3277fbd5&0&01E2)

 wurde ohne vorbereitende Maßnahmen vom System entfernt.

 

Error - 20.9.2012 09:54:04 | Computer Name = CNU2023M8L | Source = PlugPlayManager | ID = 12

Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_161D103C&REV_30\4&3277fbd5&0&02E2)

 wurde ohne vorbereitende Maßnahmen vom System entfernt.

 

 

< End of report >

--- --- ---
Warum das immer zwei Mal kommt ist mir schleierhaft...

sfc /scannow ausgeführt mit nicht nachvollziehbarem Ergebnis. ?

Gruß

frglaner

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.