mehrere Trojaner (Spy Banker, Stolen Data, Malware Gen/Trace, Trojan Passwords, Zbot)

Fratze666 · 30.11.2011, 00:54

Hallo,
ich helfe hier einer Freundin die mehrere Trojaner auf ihrem Rechner hat.

Vor eingen Tagen rief sie mich an, weil ihr PC nicht mehr startete (laut Telefon der Bundeskriminalamt-Trojaner).
Ich riet ihr im abgesichterten Modus zu starten und die Systemwiederherstellung zu benutzen, danach sollte sie ihren installierten Avira Virenscanner drüberlaufen lassen (davon habe ich leider keinen Log)
und danach Malwarebytes zu benutzen (Log im Anhang).
Ich hab ihr noch dringend nahegelegt an einem anderen "sauberen" Pc all ihre benutzten Passwörter zu ändern.
Dann sollte sie mit OTL einen Scan machen (die OTL im Text, die OTL Extras im Anhang)
Zuletzt hat sie nochmal mit Avira einen Scan gemacht (Log im Anhang)

Jetzt die Frage:
Kann man das System noch retten oder muss sie alles neu installieren?
(was aufgrund einiger Software aus Amerika ein größeres Problem für sie wäre)

Viele Grüße,
Frank

Code:

ATTFilter

OTL logfile created on: 24.11.2011 17:37:58 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 73,58% Memory free
4,84 Gb Paging File | 4,09 Gb Available in Paging File | 84,54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225,88 Gb Total Space | 6,32 Gb Free Space | 2,80% Space Free | Partition Type: NTFS
 
Computer Name: VALUED-C47410C8 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Common Files\aol\1231712899\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Program Files\intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\AOL 9.1\waol.exe (AOL, LLC.)
PRC - C:\Program Files\AOL 9.1\shellmon.exe (AOL, LLC.)
PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
MOD - C:\WINDOWS\twain_32\Samsung\CLX3170\SSOle.dll ()
MOD - C:\WINDOWS\twain_32\Samsung\CLX3170\NetModule.dll ()
MOD - C:\WINDOWS\twain_32\Samsung\CLX3170\IMFilter.dll ()
MOD - C:\Program Files\intel\WiFi\bin\iWMSProv.dll ()
MOD - C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Program Files\AOL 9.1\xmltok.dll ()
MOD - C:\Program Files\AOL 9.1\xmlparse.dll ()
MOD - C:\Program Files\AOL 9.1\zlib.dll ()
MOD - C:\WINDOWS\system32\sst1cl3.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (EvtEng) -- C:\Program Files\intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (WmcCds) Windows Media Connect (WMC) -- c:\Program Files\Windows Media Connect\mswmccds.exe (Microsoft Corporation)
SRV - (WmcCdsLs) Windows Media Connect (WMC) -- C:\Program Files\Windows Media Connect\mswmcls.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\AtiHdAud.sys (ATI Research Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (shpf) -- C:\WINDOWS\system32\DRIVERS\shpf.sys (Sony Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (5U875UVC) -- C:\WINDOWS\system32\drivers\5U875.sys (Ricoh co.,Ltd.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (MemAlloc) -- C:\WINDOWS\system32\drivers\MemAlloc.sys (Pinnacle Systems GmbH)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.com/vaiopeople
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.com/vaiopeople
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.com/vaiopeople
 
IE - HKU\S-1-5-21-1736020381-2874144102-3224925420-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.comodo.com/search/
IE - HKU\S-1-5-21-1736020381-2874144102-3224925420-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1736020381-2874144102-3224925420-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1736020381-2874144102-3224925420-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5047 [2011.11.22 21:36:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.14 10:25:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.10 23:42:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5047 [2011.11.22 21:36:48 | 000,000,000 | ---D | M]
 
[2009.01.11 22:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***\Application Data\Mozilla\Extensions
[2011.11.14 10:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.05.15 11:32:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.11.22 21:36:48 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5047
[2011.11.14 10:25:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.20 16:25:12 | 000,028,488 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2010.01.20 16:25:12 | 000,185,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2010.01.20 16:25:23 | 000,046,408 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll
[2008.08.16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008.08.16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008.08.16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010.01.20 16:25:27 | 000,099,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2008.05.21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008.05.21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008.05.21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2010.01.20 16:25:09 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.08.16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2008.08.16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2011.10.11 20:47:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.11 20:47:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.11 20:47:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 20:47:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.11 20:47:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.11 20:47:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.11.13 07:56:08 | 000,287,274 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.123haustiereundmehr.com
O1 - Hosts: 9902 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1736020381-2874144102-3224925420-1008\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [3170 Scan2PC] C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VMSwitch] C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
O4 - HKU\S-1-5-21-1736020381-2874144102-3224925420-1008..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKU\S-1-5-21-1736020381-2874144102-3224925420-1008..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1736020381-2874144102-3224925420-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1736020381-2874144102-3224925420-1008\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.fotokasten.de/javaapplet/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FE964C-593E-48BC-A6E0-9151928C1B5F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVDIdle Pro\DVDShell.dll (Fengtao Software Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.29 10:54:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{93648f4e-b02b-11dd-9986-00215d83ecf8}\Shell - "" = AutoRun
O33 - MountPoints2\{93648f4e-b02b-11dd-9986-00215d83ecf8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{93648f4e-b02b-11dd-9986-00215d83ecf8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{94f5df80-d1a7-11e0-9dd4-00214f56f1c9}\Shell - "" = AutoRun
O33 - MountPoints2\{94f5df80-d1a7-11e0-9dd4-00214f56f1c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{94f5df80-d1a7-11e0-9dd4-00214f56f1c9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{dd6749ca-14e8-11df-9b7d-00214f56f1c9}\Shell - "" = AutoRun
O33 - MountPoints2\{dd6749ca-14e8-11df-9b7d-00214f56f1c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dd6749ca-14e8-11df-9b7d-00214f56f1c9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.22 21:36:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5047
[2011.11.22 21:32:35 | 002,123,536 | ---- | C] (SANDBOXIE L.T.D) -- C:\Documents and Settings\***\Desktop\SandboxieInstall360.exe
[2011.11.22 21:25:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\***\Desktop\OTL.exe
[2011.11.22 19:35:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\components
[2011.11.21 22:11:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5045
[2011.11.19 14:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011.11.19 14:00:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5043
[2011.11.16 21:29:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5041
[2011.11.16 21:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
[2011.11.10 23:42:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011.11.10 23:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.11.10 23:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011.11.10 23:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.11.10 23:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.11.10 23:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.11.10 23:35:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2004.11.24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.24 08:12:45 | 000,053,391 | ---- | M] () -- C:\VETlog.dmp
[2011.11.24 08:11:38 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.24 08:10:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.23 18:31:31 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.23 18:15:01 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2011.11.23 07:23:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.11.22 23:56:53 | 018,199,202 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Hochzeit_ (432)_.jpg
[2011.11.22 23:25:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.22 21:32:36 | 002,123,536 | ---- | M] (SANDBOXIE L.T.D) -- C:\Documents and Settings\***\Desktop\SandboxieInstall360.exe
[2011.11.22 21:25:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\***\Desktop\OTL.exe
[2011.11.22 21:16:43 | 000,000,072 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
[2011.11.17 23:27:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.11.15 12:30:32 | 004,812,929 | ---- | M] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (1068).jpg
[2011.11.15 12:27:30 | 003,657,677 | ---- | M] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (958).jpg
[2011.11.15 12:24:36 | 003,529,865 | ---- | M] () -- C:\Documents and Settings\***\T+S Hochzeit Fotograf (971).jpg
[2011.11.15 12:21:58 | 003,696,815 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Hochzeit_ (432).jpg
[2011.11.15 11:37:40 | 002,096,133 | ---- | M] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (629)_20x25.jpg
[2011.11.15 09:25:55 | 002,143,335 | ---- | M] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (616)_20x25.jpg
[2011.11.10 23:42:08 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011.11.10 23:40:44 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011.11.10 23:40:44 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011.11.10 23:39:40 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011.11.10 19:56:08 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.11.07 23:29:24 | 000,000,067 | ---- | M] () -- C:\WINDOWS\DVDIdlePro.INI
[2011.11.07 19:15:45 | 002,640,719 | ---- | M] () -- C:\Documents and Settings\***\Desktop\UNKNOWN_PARAMETER_VALUE.pdf
[2011.11.07 19:13:03 | 002,640,719 | ---- | M] () -- C:\Documents and Settings\***\Desktop\UNKNOWN_PARAMETER_VALUE
[2011.11.01 23:00:37 | 000,444,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.11.01 23:00:37 | 000,072,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.22 23:48:25 | 018,199,202 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Hochzeit_ (432)_.jpg
[2011.11.16 21:28:41 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res
[2011.11.15 12:10:31 | 004,812,929 | ---- | C] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (1068).jpg
[2011.11.15 12:01:52 | 003,529,865 | ---- | C] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (971).jpg
[2011.11.15 11:54:29 | 003,696,815 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Hochzeit_ (432).jpg
[2011.11.15 11:52:03 | 003,657,677 | ---- | C] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (958).jpg
[2011.11.15 09:32:06 | 002,096,133 | ---- | C] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (629)_20x25.jpg
[2011.11.15 09:25:52 | 002,143,335 | ---- | C] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (616)_20x25.jpg
[2011.11.10 23:42:08 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011.11.10 23:39:40 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011.11.10 19:56:06 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011.11.07 19:15:19 | 002,640,719 | ---- | C] () -- C:\Documents and Settings\***\Desktop\UNKNOWN_PARAMETER_VALUE.pdf
[2011.11.07 19:12:39 | 002,640,719 | ---- | C] () -- C:\Documents and Settings\***\Desktop\UNKNOWN_PARAMETER_VALUE
[2010.08.08 17:04:43 | 000,113,768 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2010.08.08 17:04:36 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2010.08.08 17:04:36 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
[2010.08.08 17:04:36 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2010.08.08 17:04:36 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
[2010.08.08 17:04:36 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
[2010.08.08 17:03:17 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2010.08.08 17:02:44 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sst1cl3.dll
[2010.06.28 21:56:02 | 000,743,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.06.22 23:12:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.05.13 20:56:00 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.04.08 19:44:02 | 000,085,464 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.02.09 21:21:22 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009.12.24 14:51:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009.09.02 21:20:08 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2009.08.16 11:38:13 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5a.DLL
[2009.08.15 13:57:31 | 000,001,171 | ---- | C] () -- C:\WINDOWS\Stars.ini
[2009.07.27 18:11:34 | 000,128,000 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2009.07.27 18:11:34 | 000,006,006 | ---- | C] () -- C:\Program Files\UNWISE.INI
[2009.06.28 23:43:47 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\PUTTY.RND
[2009.04.29 21:23:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.02.07 16:05:00 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL
[2009.01.11 23:36:28 | 000,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.01.11 22:26:57 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.01.11 20:52:34 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDIdlePro.INI
[2009.01.11 20:46:36 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.26 11:35:32 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2008.12.19 15:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 17:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 17:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 17:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 17:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 16:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.11.12 07:04:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.11.11 22:02:15 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\fusioncache.dat
[2008.07.29 15:23:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.07.29 13:59:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008.07.29 13:22:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008.07.29 13:22:08 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008.07.29 13:22:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008.07.29 13:22:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008.07.29 13:22:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008.07.29 13:22:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008.07.29 11:29:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008.07.29 11:26:52 | 001,991,464 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2008.07.29 11:26:50 | 000,432,400 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2008.07.29 11:26:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll
[2008.07.29 11:12:04 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe
[2008.07.29 11:11:43 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008.07.29 11:11:43 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008.07.29 11:11:43 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008.07.29 11:11:42 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008.07.29 11:09:34 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2008.07.29 10:59:30 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2008.07.29 10:56:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.07.29 10:53:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.07.29 10:43:34 | 000,000,764 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.07.29 10:43:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.07.29 10:43:23 | 000,444,810 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.07.29 10:43:23 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.07.29 10:43:23 | 000,072,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.07.29 10:43:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.07.29 10:43:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2008.07.29 10:43:22 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2008.07.29 10:43:22 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008.07.29 10:43:20 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.07.29 10:43:20 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.07.29 10:43:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.07.29 10:43:15 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008.07.29 03:50:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.07.29 03:50:12 | 002,372,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.07.28 23:55:21 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2007.12.06 18:55:12 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2006.11.02 16:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004.10.03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003.01.07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.06.12 20:21:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001.11.14 20:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2010.08.08 17:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010.03.07 21:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010.03.07 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2009.12.25 23:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
[2009.06.03 21:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010.03.07 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 14
[2008.07.29 13:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2008.07.29 13:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009.09.05 12:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008.07.29 13:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010.04.05 20:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.19 12:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011.08.02 21:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Cisco
[2010.08.04 20:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Crossword Compiler Deutsch 8
[2011.11.23 22:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Dropbox
[2009.02.02 21:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\FinalBurner Video DVD
[2010.04.18 08:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\ICAClient
[2008.12.26 11:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\InterVideo
[2009.09.05 18:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Viewpoint
[2010.01.20 16:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\webex
[2008.11.11 22:02:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2008.11.11 22:02:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2008.11.11 22:02:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
 
========== Purity Check ==========
 
 

< End of report >

cosinus · 30.11.2011, 16:48

Zitat:

Database version: 8221

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.11.2011 07:24:58

Der Scan ist ja schon ne Woche her. Malwarebytes updaten und einen neuen Vollscan machen.-

Fratze666 · 30.11.2011, 20:16

Hier der Log von Malwarebytes:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8279

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30.11.2011 19:34:28
mbam-log-2011-11-30 (19-34-28).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 359344
Time elapsed: 1 hour(s), 47 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Öfter meldet sich Avira Antivirus und findet einen neuen Virus, immer mit einen andereren Namen.
Zwischenzeitlich wurde Firefox und Adobe deinstalliert (vor diesem Scan), dort wurde immer nach einem update/plugin für ppklite.api verlangt
(so wie ich das am Telefon verstanden habe).

cosinus · 30.11.2011, 21:55

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Fratze666 · 01.12.2011, 02:41

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a9294e145aaa774bbddf714299f46d20
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-01 01:06:44
# local_time=2011-12-01 02:06:44 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 100 104715 97587945 97340 0
# compatibility_mode=8192 67108863 100 0 3707 3707 0 0
# scanned=346399
# found=0
# cleaned=0
# scan_time=10223

cosinus · 01.12.2011, 10:37

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Fratze666 · 01.12.2011, 21:32

Hier der custom scan mit OTL:

Code:

ATTFilter

OTL logfile created on: 01.12.2011 13:38:13 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 80,07% Memory free
4,84 Gb Paging File | 4,33 Gb Available in Paging File | 89,50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225,88 Gb Total Space | 6,31 Gb Free Space | 2,79% Space Free | Partition Type: NTFS
 
Computer Name: VALUED-C47410C8 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Program Files\intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
MOD - C:\WINDOWS\twain_32\Samsung\CLX3170\SSOle.dll ()
MOD - C:\WINDOWS\twain_32\Samsung\CLX3170\NetModule.dll ()
MOD - C:\WINDOWS\twain_32\Samsung\CLX3170\IMFilter.dll ()
MOD - C:\Program Files\intel\WiFi\bin\iWMSProv.dll ()
MOD - C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\WINDOWS\system32\sst1cl3.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (EvtEng) -- C:\Program Files\intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (WmcCds) Windows Media Connect (WMC) -- c:\Program Files\Windows Media Connect\mswmccds.exe (Microsoft Corporation)
SRV - (WmcCdsLs) Windows Media Connect (WMC) -- C:\Program Files\Windows Media Connect\mswmcls.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\AtiHdAud.sys (ATI Research Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (shpf) -- C:\WINDOWS\system32\DRIVERS\shpf.sys (Sony Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (5U875UVC) -- C:\WINDOWS\system32\drivers\5U875.sys (Ricoh co.,Ltd.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (MemAlloc) -- C:\WINDOWS\system32\drivers\MemAlloc.sys (Pinnacle Systems GmbH)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.comodo.com/search/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5047 [2011.11.22 21:36:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5047 [2011.11.22 21:36:48 | 000,000,000 | ---D | M]
 
[2011.11.28 18:30:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.05.15 11:32:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.01.20 16:25:12 | 000,028,488 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2010.01.20 16:25:12 | 000,185,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2010.01.20 16:25:23 | 000,046,408 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll
[2008.08.16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008.08.16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008.08.16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010.01.20 16:25:27 | 000,099,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2008.05.21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008.05.21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008.05.21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2010.01.20 16:25:09 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.08.16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2008.08.16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
 
O1 HOSTS File: ([2011.11.28 22:57:16 | 000,439,837 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.123haustiereundmehr.com
O1 - Hosts: 15132 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [3170 Scan2PC] C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VMSwitch] C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.fotokasten.de/javaapplet/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FE964C-593E-48BC-A6E0-9151928C1B5F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVDIdle Pro\DVDShell.dll (Fengtao Software Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.29 10:54:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{93648f4e-b02b-11dd-9986-00215d83ecf8}\Shell - "" = AutoRun
O33 - MountPoints2\{93648f4e-b02b-11dd-9986-00215d83ecf8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{93648f4e-b02b-11dd-9986-00215d83ecf8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{94f5df80-d1a7-11e0-9dd4-00214f56f1c9}\Shell - "" = AutoRun
O33 - MountPoints2\{94f5df80-d1a7-11e0-9dd4-00214f56f1c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{94f5df80-d1a7-11e0-9dd4-00214f56f1c9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{dd6749ca-14e8-11df-9b7d-00214f56f1c9}\Shell - "" = AutoRun
O33 - MountPoints2\{dd6749ca-14e8-11df-9b7d-00214f56f1c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dd6749ca-14e8-11df-9b7d-00214f56f1c9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe - (Adobe Systems Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^Documents and Settings^***^Start Menu^Programs^Startup^Dropbox.lnk - C:\Documents and Settings\***\Application Data\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= -  File not found
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AOL Fast Start - hkey= - key= - C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
MsConfig - StartUpReg: HostManager - hkey= - key= - C:\Program Files\Common Files\aol\1231712899\ee\aolsoftware.exe (AOL LLC)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: PSQLLauncher - hkey= - key= - C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6738E118-3565-38FC-3C25-844E11A09D6F} - Microsoft Windows Media Player 6.4
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94AF73E3-9EB2-A660-2611-6EF35D9B7131} - Internet Explorer
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.30 23:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.28 22:51:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\***\Recent
[2011.11.28 16:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011.11.22 21:36:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5047
[2011.11.22 21:32:35 | 002,123,536 | ---- | C] (SANDBOXIE L.T.D) -- C:\Documents and Settings\***\Desktop\SandboxieInstall360.exe
[2011.11.22 21:25:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\***\Desktop\OTL.exe
[2011.11.22 19:35:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\components
[2011.11.21 22:11:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5045
[2011.11.19 14:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011.11.19 14:00:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5043
[2011.11.16 21:29:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5041
[2011.11.16 21:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
[2011.11.10 23:42:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011.11.10 23:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.11.10 23:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011.11.10 23:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.11.10 23:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.11.10 23:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2004.11.24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.01 13:21:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.01 13:21:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.30 17:44:24 | 000,053,391 | ---- | M] () -- C:\VETlog.dmp
[2011.11.28 22:57:16 | 000,439,837 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.11.28 22:54:09 | 000,200,040 | ---- | M] () -- C:\Documents and Settings\***\Desktop\cc_20111128_225249.reg
[2011.11.23 18:31:31 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.23 18:15:01 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2011.11.23 07:23:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.11.22 23:56:53 | 018,199,202 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Hochzeit_ (432)_.jpg
[2011.11.22 23:25:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.22 21:32:36 | 002,123,536 | ---- | M] (SANDBOXIE L.T.D) -- C:\Documents and Settings\***\Desktop\SandboxieInstall360.exe
[2011.11.22 21:25:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\***\Desktop\OTL.exe
[2011.11.22 21:16:43 | 000,000,072 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
[2011.11.17 23:27:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.11.15 12:30:32 | 004,812,929 | ---- | M] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (1068).jpg
[2011.11.15 12:27:30 | 003,657,677 | ---- | M] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (958).jpg
[2011.11.15 12:24:36 | 003,529,865 | ---- | M] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (971).jpg
[2011.11.15 12:21:58 | 003,696,815 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Hochzeit_ (432).jpg
[2011.11.15 11:37:40 | 002,096,133 | ---- | M] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (629)_20x25.jpg
[2011.11.15 09:25:55 | 002,143,335 | ---- | M] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (616)_20x25.jpg
[2011.11.10 23:42:08 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011.11.10 23:40:44 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011.11.10 23:40:44 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011.11.10 23:39:40 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011.11.07 23:29:24 | 000,000,067 | ---- | M] () -- C:\WINDOWS\DVDIdlePro.INI
[2011.11.01 23:00:37 | 000,444,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.11.01 23:00:37 | 000,072,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.28 22:53:03 | 000,200,040 | ---- | C] () -- C:\Documents and Settings\***\Desktop\cc_20111128_225249.reg
[2011.11.22 23:48:25 | 018,199,202 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Hochzeit_ (432)_.jpg
[2011.11.16 21:28:41 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res
[2011.11.15 12:10:31 | 004,812,929 | ---- | C] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (1068).jpg
[2011.11.15 12:01:52 | 003,529,865 | ---- | C] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (971).jpg
[2011.11.15 11:54:29 | 003,696,815 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Hochzeit_ (432).jpg
[2011.11.15 11:52:03 | 003,657,677 | ---- | C] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (958).jpg
[2011.11.15 09:32:06 | 002,096,133 | ---- | C] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (629)_20x25.jpg
[2011.11.15 09:25:52 | 002,143,335 | ---- | C] () -- C:\Documents and Settings\***\Desktop\T+S Hochzeit Fotograf (616)_20x25.jpg
[2011.11.10 23:42:08 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011.11.10 23:39:40 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010.08.08 17:04:43 | 000,113,768 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2010.08.08 17:04:36 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2010.08.08 17:04:36 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
[2010.08.08 17:04:36 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2010.08.08 17:04:36 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
[2010.08.08 17:04:36 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
[2010.08.08 17:03:17 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2010.08.08 17:02:44 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sst1cl3.dll
[2010.06.28 21:56:02 | 000,743,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.06.22 23:12:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.05.13 20:56:00 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.04.08 19:44:02 | 000,085,464 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.02.09 21:21:22 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009.12.24 14:51:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009.09.02 21:20:08 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2009.08.16 11:38:13 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5a.DLL
[2009.08.15 13:57:31 | 000,001,171 | ---- | C] () -- C:\WINDOWS\Stars.ini
[2009.07.27 18:11:34 | 000,128,000 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2009.07.27 18:11:34 | 000,006,006 | ---- | C] () -- C:\Program Files\UNWISE.INI
[2009.06.28 23:43:47 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\PUTTY.RND
[2009.04.29 21:23:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.02.07 16:05:00 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL
[2009.01.11 23:36:28 | 000,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.01.11 22:26:57 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.01.11 20:52:34 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDIdlePro.INI
[2009.01.11 20:46:36 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.26 11:35:32 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2008.12.19 15:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 17:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 17:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 17:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 17:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 16:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.11.12 07:04:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.11.11 22:02:15 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\fusioncache.dat
[2008.07.29 15:23:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.07.29 13:59:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008.07.29 13:22:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008.07.29 13:22:08 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008.07.29 13:22:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008.07.29 13:22:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008.07.29 13:22:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008.07.29 13:22:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008.07.29 11:29:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008.07.29 11:26:52 | 001,991,464 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2008.07.29 11:26:50 | 000,432,400 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2008.07.29 11:26:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll
[2008.07.29 11:12:04 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe
[2008.07.29 11:11:43 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008.07.29 11:11:43 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008.07.29 11:11:43 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008.07.29 11:11:42 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008.07.29 11:09:34 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2008.07.29 10:59:30 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2008.07.29 10:56:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.07.29 10:53:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.07.29 10:43:34 | 000,000,764 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.07.29 10:43:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.07.29 10:43:23 | 000,444,810 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.07.29 10:43:23 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.07.29 10:43:23 | 000,072,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.07.29 10:43:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.07.29 10:43:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2008.07.29 10:43:22 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2008.07.29 10:43:22 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008.07.29 10:43:20 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.07.29 10:43:20 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.07.29 10:43:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.07.29 10:43:15 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008.07.29 03:50:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.07.29 03:50:12 | 002,372,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.07.28 23:55:21 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2007.12.06 18:55:12 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2006.11.02 16:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004.10.03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003.01.07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.06.12 20:21:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001.11.14 20:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2010.08.08 17:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010.03.07 21:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010.03.07 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2009.12.25 23:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
[2009.06.03 21:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010.03.07 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 14
[2008.07.29 13:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2008.07.29 13:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009.09.05 12:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008.07.29 13:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010.04.05 20:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.19 12:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011.08.02 21:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Cisco
[2010.08.04 20:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Crossword Compiler Deutsch 8
[2011.11.23 22:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Dropbox
[2009.02.02 21:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\FinalBurner Video DVD
[2010.04.18 08:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\ICAClient
[2008.12.26 11:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\InterVideo
[2009.09.05 18:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Viewpoint
[2010.01.20 16:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\webex
[2008.11.11 22:02:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2008.11.11 22:02:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2008.11.11 22:02:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2008.11.13 07:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009.01.15 23:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2011.11.08 07:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2009.01.11 23:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2010.02.28 00:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008.11.12 06:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009.06.22 16:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008.11.13 07:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008.07.29 13:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009.01.11 23:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2008.11.12 06:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009.03.19 22:32:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008.11.12 22:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010.08.08 17:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010.03.07 21:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010.03.07 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2009.12.25 23:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
[2008.07.29 11:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2011.05.15 11:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011.08.24 21:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2009.06.03 21:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008.11.13 14:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2008.07.29 13:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2011.11.28 22:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010.03.07 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 14
[2010.11.12 08:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009.06.22 16:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2008.07.29 13:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2008.07.29 13:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009.09.05 12:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008.07.29 11:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008.07.29 13:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010.04.05 20:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.19 12:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2007.03.23 22:10:17 | 003,124,038 | ---- | M] (Microsoft Corporation                                                                                                                                                                                                                                                                                       ) -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
[2009.02.04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2011.01.13 16:37:42 | 000,922,960 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\waol-0.4340.130.1.exe
[2011.01.13 16:37:56 | 000,260,120 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\ecuinst.exe
[2011.01.13 16:37:56 | 000,035,664 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\postproc.exe
[2011.01.13 16:37:56 | 000,169,288 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\setup.exe
[2011.01.13 16:37:52 | 001,480,288 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\comps\acscore.exe
[2011.01.13 16:37:52 | 000,972,896 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\comps\acslaeu.exe
[2011.01.13 16:37:54 | 001,662,632 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\comps\acslang.exe
[2011.01.13 16:37:54 | 000,148,736 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\comps\acsrollb.exe
[2011.01.13 16:37:54 | 000,021,832 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\comps\acsshutd.exe
[2011.01.13 16:37:58 | 000,062,248 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\comps\ocpgc.exe
[2011.01.13 16:37:58 | 004,020,768 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\acs\comps\ocpinst.exe
[2011.01.13 16:38:00 | 001,048,160 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\browser\aolbwsrinst.exe
[2011.01.13 16:38:02 | 000,106,112 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\browser\aolbwsrlp.exe
[2011.01.13 16:38:02 | 002,605,008 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\flash\flashax.exe
[2011.01.13 16:38:00 | 001,113,240 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\msvcr9\msvc9rt.exe
[2011.01.13 16:37:56 | 000,849,235 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\muinst\muinst.exe
[2011.01.13 16:38:02 | 000,058,696 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\parcon\AOLParconLink.exe
[2011.01.13 16:38:00 | 000,711,040 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\sysinfo\SinfInst.exe
[2011.01.13 16:37:56 | 000,417,240 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\tb\tbsetup.exe
[2011.01.13 16:38:02 | 002,195,440 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\toolbar\aol_toolbar.exe
[2011.01.13 16:37:58 | 000,557,024 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\tpspd\wbsetup.exe
[2011.01.13 16:37:50 | 000,061,440 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\vwpt\VPPrePop.exe
[2011.01.13 16:37:50 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4552\comps\vwpt\Vwpt.exe
[2011.05.05 15:09:22 | 000,923,472 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\waol-0.4340.168.1.exe
[2011.05.05 15:08:54 | 000,260,120 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\acs\ecuinst.exe
[2011.05.05 15:08:54 | 000,035,664 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\acs\postproc.exe
[2011.05.05 15:08:54 | 000,169,288 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\acs\setup.exe
[2011.05.05 15:08:48 | 001,480,288 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\acs\comps\acscore.exe
[2011.05.05 15:08:48 | 000,972,896 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\acs\comps\acslaeu.exe
[2011.05.05 15:08:50 | 001,662,632 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\acs\comps\acslang.exe
[2011.05.05 15:08:50 | 000,148,736 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\acs\comps\acsrollb.exe
[2011.05.05 15:08:50 | 000,021,832 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\acs\comps\acsshutd.exe
[2011.05.05 15:08:50 | 000,062,248 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\acs\comps\ocpgc.exe
[2011.05.05 15:08:54 | 004,020,768 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\acs\comps\ocpinst.exe
[2011.05.05 15:08:54 | 001,051,256 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\browser\aolbwsrinst.exe
[2011.05.05 15:08:54 | 000,106,096 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\browser\aolbwsrlp.exe
[2011.05.05 15:08:54 | 002,605,008 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\flash\flashax.exe
[2011.05.05 15:08:56 | 001,113,240 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\msvcr9\msvc9rt.exe
[2011.05.05 15:08:56 | 000,849,235 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\muinst\muinst.exe
[2011.05.05 15:08:56 | 000,058,696 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\parcon\AOLParconLink.exe
[2011.05.05 15:08:56 | 000,711,040 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\sysinfo\SinfInst.exe
[2011.05.05 15:08:56 | 000,417,240 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\tb\tbsetup.exe
[2011.05.05 15:09:00 | 003,508,568 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\toolbar\aol_toolbar.exe
[2011.05.05 15:09:00 | 000,556,520 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\tpspd\wbsetup.exe
[2011.05.05 15:09:00 | 000,061,440 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\vwpt\VPPrePop.exe
[2011.05.05 15:09:00 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4570\comps\vwpt\Vwpt.exe
[2009.01.11 23:10:21 | 001,892,192 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\waol-0.4334.34.1.exe
[2009.01.11 23:18:05 | 008,139,800 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\acs\acssetup.exe
[2009.01.11 23:18:57 | 000,260,040 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\acs\ecuinst.exe
[2009.01.11 23:21:04 | 000,355,592 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\afix\afixinst.exe
[2009.01.11 23:11:44 | 000,127,224 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\afix\afixlang.exe
[2009.01.11 23:17:22 | 000,390,704 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\afix\WinsockFix.exe
[2009.01.11 23:16:30 | 000,223,152 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\afix\wsfinst.exe
[2009.01.11 23:16:34 | 000,142,040 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\aolload\alsetup.exe
[2009.01.11 23:19:55 | 002,439,824 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\ccu\ocpinsti.exe
[2009.01.11 23:13:25 | 001,134,216 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\flash\flash9ex.exe
[2009.01.11 23:11:21 | 000,586,815 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\muinst\muinst.exe
[2009.01.11 23:17:03 | 000,062,816 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\ocp\ocpgc.exe
[2009.01.11 23:14:44 | 001,475,416 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\ocp\ocpinst.exe
[2009.01.11 23:17:19 | 000,054,832 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\parcon\AOLParconLink.exe
[2009.01.11 23:14:25 | 000,099,256 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\sm\sminstlp.exe
[2009.01.11 23:20:09 | 000,175,280 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\sm\stmninst.exe
[2009.01.11 23:21:15 | 000,711,392 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\sysinfo\SinfInst.exe
[2009.01.11 23:09:44 | 000,359,184 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\tb\tbsetup.exe
[2009.01.11 23:16:49 | 001,104,960 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\toolbar\toolbar.exe
[2009.01.11 23:21:11 | 000,607,392 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\tpspd\wbsetup.exe
[2009.01.11 23:19:08 | 000,601,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\unagi\ampx.english.exe
[2009.01.11 23:17:02 | 000,061,440 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\vwpt\VPPrePop.exe
[2009.01.11 23:13:00 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.1\comps\vwpt\Vwpt.exe
[2011.11.10 23:35:16 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.5.0.142\SetupAdmin.exe
[2010.07.14 19:59:20 | 000,071,992 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
[2011.03.13 18:13:12 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.20.27\SetupAdmin.exe
[2011.08.10 17:52:35 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.34.50.0\SetupAdmin.exe
[2011.11.10 23:40:04 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.34.51.22\SetupAdmin.exe
[2009.03.29 10:19:17 | 002,906,215 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2008.07.25 08:04:05 | 004,700,656 | ---- | M] (Sonic Solutions) -- C:\Documents and Settings\All Users\Application Data\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe
 
< %APPDATA%\*. >
[2009.05.22 23:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Adobe
[2011.10.27 21:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\AdobeUM
[2009.01.11 23:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\AOL
[2011.10.27 21:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Apple Computer
[2011.02.15 20:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Avira
[2011.08.02 21:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Cisco
[2009.07.02 03:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Comodo
[2010.08.04 20:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Crossword Compiler Deutsch 8
[2009.12.26 00:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\DivX
[2011.11.23 22:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Dropbox
[2010.10.26 22:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\dvdcss
[2009.02.02 21:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\FinalBurner Video DVD
[2010.04.18 08:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\ICAClient
[2008.07.29 10:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Identities
[2008.07.29 13:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Intel
[2008.12.26 11:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\InterVideo
[2008.11.11 23:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Macromedia
[2008.11.12 06:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Malwarebytes
[2010.08.10 19:46:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\***\Application Data\Microsoft
[2011.11.28 18:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Mozilla
[2008.11.13 14:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Roxio
[2011.08.24 21:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Skype
[2011.08.24 21:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\skypePM
[2011.10.06 21:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Sonic Solutions
[2008.07.29 13:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Sony Corporation
[2008.11.12 06:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Sun
[2011.11.15 12:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\U3
[2009.09.05 18:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\Viewpoint
[2011.07.19 21:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\vlc
[2010.01.20 16:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Application Data\webex
 
< %APPDATA%\*.exe /s >
[2011.08.02 21:59:23 | 000,247,928 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\***\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\64bitProxy.exe
[2011.08.02 21:59:13 | 000,047,280 | ---- | M] (Cisco Systems, Inc.) -- C:\Documents and Settings\***\Application Data\Cisco\Cisco Secure Desktop\Cache\Temp8-P00h\CSDWebLaunch.exe
[2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\***\Application Data\Dropbox\bin\Dropbox.exe
[2011.05.25 21:07:42 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\***\Application Data\Dropbox\bin\Uninstall.exe
[2009.09.29 15:04:53 | 001,924,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\***\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2006.12.18 23:00:34 | 001,645,304 | ---- | M] () -- C:\Documents and Settings\***\Application Data\Sonic Solutions\Roxio Restore\RoxioRestore.exe
[2006.05.24 13:36:38 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\***\Application Data\U3\temp\cleanup.exe
[2008.02.25 20:47:34 | 003,489,792 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\***\Application Data\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2006.02.28 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\Program Files\I386\sp2.cab:AGP440.sys
[2006.02.28 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 13:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 13:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 08:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 08:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.02.28 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\Program Files\I386\sp2.cab:atapi.sys
[2006.02.28 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 13:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 13:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 08:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 08:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.02.28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 13:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 13:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006.02.28 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008.04.03 21:00:34 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=F489A11A103A76CA3E2D42BBCF16DAAD -- C:\Program Files\Protector Suite QL\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2008.05.21 21:05:59 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\Drivers\SATA Driver (Intel) (Non-RAID)\IaStor.sys
[2008.05.21 21:03:47 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\OemDir\iaStor.sys
[2008.05.21 21:03:47 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 13:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 13:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006.02.28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2006.02.28 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 13:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 13:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 13:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 13:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2006.02.28 13:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2006.02.28 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 13:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 13:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.02.28 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 13:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 13:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.07.29 03:49:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.07.29 03:49:36 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.07.29 03:49:36 | 000,909,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

cosinus · 02.12.2011, 12:39

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.comodo.com/search/
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.29 10:54:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{93648f4e-b02b-11dd-9986-00215d83ecf8}\Shell - "" = AutoRun
O33 - MountPoints2\{93648f4e-b02b-11dd-9986-00215d83ecf8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{93648f4e-b02b-11dd-9986-00215d83ecf8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{94f5df80-d1a7-11e0-9dd4-00214f56f1c9}\Shell - "" = AutoRun
O33 - MountPoints2\{94f5df80-d1a7-11e0-9dd4-00214f56f1c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{94f5df80-d1a7-11e0-9dd4-00214f56f1c9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{dd6749ca-14e8-11df-9b7d-00214f56f1c9}\Shell - "" = AutoRun
O33 - MountPoints2\{dd6749ca-14e8-11df-9b7d-00214f56f1c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dd6749ca-14e8-11df-9b7d-00214f56f1c9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
[2011.11.22 21:36:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5047
[2011.11.21 22:11:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5045
[2011.11.19 14:00:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5043
[2011.11.16 21:29:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5041
[2011.11.16 21:28:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
[2011.11.22 21:16:43 | 000,000,072 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Fratze666 · 03.12.2011, 01:18

Bisher schon mal vielen vielen Dank!
Hier der Log vom OTL-Fix:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93648f4e-b02b-11dd-9986-00215d83ecf8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93648f4e-b02b-11dd-9986-00215d83ecf8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93648f4e-b02b-11dd-9986-00215d83ecf8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93648f4e-b02b-11dd-9986-00215d83ecf8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93648f4e-b02b-11dd-9986-00215d83ecf8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93648f4e-b02b-11dd-9986-00215d83ecf8}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94f5df80-d1a7-11e0-9dd4-00214f56f1c9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94f5df80-d1a7-11e0-9dd4-00214f56f1c9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94f5df80-d1a7-11e0-9dd4-00214f56f1c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94f5df80-d1a7-11e0-9dd4-00214f56f1c9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94f5df80-d1a7-11e0-9dd4-00214f56f1c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94f5df80-d1a7-11e0-9dd4-00214f56f1c9}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd6749ca-14e8-11df-9b7d-00214f56f1c9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd6749ca-14e8-11df-9b7d-00214f56f1c9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd6749ca-14e8-11df-9b7d-00214f56f1c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd6749ca-14e8-11df-9b7d-00214f56f1c9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd6749ca-14e8-11df-9b7d-00214f56f1c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd6749ca-14e8-11df-9b7d-00214f56f1c9}\ not found.
File G:\LaunchU3.exe -a not found.
C:\WINDOWS\System32\5047\components folder moved successfully.
C:\WINDOWS\System32\5047 folder moved successfully.
C:\WINDOWS\System32\5045\components folder moved successfully.
C:\WINDOWS\System32\5045 folder moved successfully.
C:\WINDOWS\System32\5043\components folder moved successfully.
C:\WINDOWS\System32\5043 folder moved successfully.
C:\WINDOWS\System32\5041\components folder moved successfully.
C:\WINDOWS\System32\5041 folder moved successfully.
C:\WINDOWS\System32\kock folder moved successfully.
C:\WINDOWS\system32\blckdom.res moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: All Users
->Flash cache emptied: 35 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 4765446 bytes
->Flash cache emptied: 456 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 249446478 bytes
 
User: ***
->Temp folder emptied: 9244246 bytes
->Temporary Internet Files folder emptied: 344358 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1932431 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 247095 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 184731384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 430,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12022011_211525

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 03.12.2011, 14:24

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Fratze666 · 03.12.2011, 18:57

Code:

ATTFilter

16:48:02.0234 1620	TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
16:48:02.0609 1620	============================================================
16:48:02.0609 1620	Current date / time: 2011/12/03 16:48:02.0609
16:48:02.0609 1620	SystemInfo:
16:48:02.0609 1620	
16:48:02.0609 1620	OS Version: 5.1.2600 ServicePack: 3.0
16:48:02.0609 1620	Product type: Workstation
16:48:02.0609 1620	ComputerName: VALUED-C47410C8
16:48:02.0609 1620	UserName: ***
16:48:02.0609 1620	Windows directory: C:\WINDOWS
16:48:02.0609 1620	System windows directory: C:\WINDOWS
16:48:02.0609 1620	Processor architecture: Intel x86
16:48:02.0609 1620	Number of processors: 2
16:48:02.0609 1620	Page size: 0x1000
16:48:02.0609 1620	Boot type: Normal boot
16:48:02.0609 1620	============================================================
16:48:03.0140 1620	Initialize success
16:49:51.0125 1636	============================================================
16:49:51.0125 1636	Scan started
16:49:51.0125 1636	Mode: Manual; SigCheck; TDLFS; 
16:49:51.0125 1636	============================================================
16:49:51.0468 1636	5U875UVC        (7ce18fb5178885a1c8492bd6a1a0e4ff) C:\WINDOWS\system32\DRIVERS\5U875.sys
16:49:52.0109 1636	5U875UVC - ok
16:49:52.0156 1636	61883           (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
16:49:53.0484 1636	61883 - ok
16:49:53.0515 1636	Abiosdsk - ok
16:49:53.0531 1636	abp480n5 - ok
16:49:53.0593 1636	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:49:53.0703 1636	ACPI - ok
16:49:53.0734 1636	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:49:53.0843 1636	ACPIEC - ok
16:49:53.0890 1636	adfs            (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
16:49:53.0921 1636	adfs - ok
16:49:53.0937 1636	adpu160m - ok
16:49:53.0968 1636	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:49:54.0078 1636	aec - ok
16:49:54.0156 1636	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:49:54.0187 1636	AFD - ok
16:49:54.0203 1636	Aha154x - ok
16:49:54.0218 1636	aic78u2 - ok
16:49:54.0250 1636	aic78xx - ok
16:49:54.0281 1636	AliIde - ok
16:49:54.0296 1636	amsint - ok
16:49:54.0375 1636	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:49:54.0531 1636	Arp1394 - ok
16:49:54.0546 1636	asc - ok
16:49:54.0578 1636	asc3350p - ok
16:49:54.0609 1636	asc3550 - ok
16:49:54.0687 1636	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:49:54.0781 1636	AsyncMac - ok
16:49:54.0828 1636	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
16:49:54.0937 1636	atapi - ok
16:49:54.0953 1636	Atdisk - ok
16:49:55.0062 1636	ati2mtag        (a4d1c3cd20c8c595af1817bb5352ecd6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:49:55.0203 1636	ati2mtag - ok
16:49:55.0281 1636	AtiHdmiService  (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
16:49:55.0328 1636	AtiHdmiService - ok
16:49:55.0390 1636	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:49:55.0515 1636	Atmarpc - ok
16:49:55.0546 1636	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:49:55.0671 1636	audstub - ok
16:49:55.0703 1636	Avc             (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
16:49:55.0812 1636	Avc - ok
16:49:55.0875 1636	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
16:49:55.0875 1636	avgio - ok
16:49:55.0921 1636	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:49:55.0968 1636	avgntflt - ok
16:49:56.0015 1636	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:49:56.0031 1636	avipbb - ok
16:49:56.0078 1636	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:49:56.0187 1636	Beep - ok
16:49:56.0250 1636	btaudio         (5bcf6090b825def29065bdbd59691dbe) C:\WINDOWS\system32\drivers\btaudio.sys
16:49:56.0281 1636	btaudio - ok
16:49:56.0328 1636	BTDriver        (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
16:49:56.0343 1636	BTDriver - ok
16:49:56.0406 1636	BTKRNL          (ef5e0de0a7ca2977a9255f36f4d915ab) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
16:49:56.0453 1636	BTKRNL - ok
16:49:56.0500 1636	BTWDNDIS        (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
16:49:56.0515 1636	BTWDNDIS - ok
16:49:56.0546 1636	btwhid          (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys
16:49:56.0562 1636	btwhid - ok
16:49:56.0593 1636	BTWUSB          (053dc5be74621b63bb48c2b86bafc7b0) C:\WINDOWS\system32\Drivers\btwusb.sys
16:49:56.0625 1636	BTWUSB - ok
16:49:56.0671 1636	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:49:56.0828 1636	cbidf2k - ok
16:49:56.0890 1636	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:49:57.0000 1636	CCDECODE - ok
16:49:57.0015 1636	cd20xrnt - ok
16:49:57.0062 1636	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:49:57.0156 1636	Cdaudio - ok
16:49:57.0187 1636	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:49:57.0296 1636	Cdfs - ok
16:49:57.0328 1636	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:49:57.0421 1636	Cdrom - ok
16:49:57.0437 1636	Changer - ok
16:49:57.0468 1636	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:49:57.0578 1636	CmBatt - ok
16:49:57.0609 1636	CmdIde - ok
16:49:57.0625 1636	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:49:57.0734 1636	Compbatt - ok
16:49:57.0765 1636	Cpqarray - ok
16:49:57.0781 1636	dac2w2k - ok
16:49:57.0796 1636	dac960nt - ok
16:49:57.0828 1636	DgiVecp - ok
16:49:57.0875 1636	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:49:57.0984 1636	Disk - ok
16:49:58.0031 1636	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:49:58.0187 1636	dmboot - ok
16:49:58.0218 1636	DMICall         (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
16:49:58.0312 1636	DMICall - ok
16:49:58.0359 1636	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:49:58.0453 1636	dmio - ok
16:49:58.0500 1636	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:49:58.0593 1636	dmload - ok
16:49:58.0625 1636	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:49:58.0718 1636	DMusic - ok
16:49:58.0750 1636	dpti2o - ok
16:49:58.0781 1636	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:49:58.0875 1636	drmkaud - ok
16:49:58.0937 1636	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:49:59.0046 1636	Fastfat - ok
16:49:59.0093 1636	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:49:59.0203 1636	Fdc - ok
16:49:59.0234 1636	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:49:59.0343 1636	Fips - ok
16:49:59.0359 1636	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:49:59.0453 1636	Flpydisk - ok
16:49:59.0484 1636	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:49:59.0578 1636	FltMgr - ok
16:49:59.0625 1636	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:49:59.0718 1636	Fs_Rec - ok
16:49:59.0750 1636	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:49:59.0843 1636	Ftdisk - ok
16:49:59.0890 1636	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:49:59.0906 1636	GEARAspiWDM - ok
16:49:59.0937 1636	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:50:00.0031 1636	Gpc - ok
16:50:00.0093 1636	HdAudAddService (56bf27d7a539f9e6bbc1de201aba0edf) C:\WINDOWS\system32\drivers\AtiHdAud.sys
16:50:00.0140 1636	HdAudAddService - ok
16:50:00.0171 1636	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:50:00.0281 1636	HDAudBus - ok
16:50:00.0328 1636	hpn - ok
16:50:00.0375 1636	HSFHWAZL        (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
16:50:00.0421 1636	HSFHWAZL - ok
16:50:00.0484 1636	HSF_DPV         (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
16:50:00.0593 1636	HSF_DPV - ok
16:50:00.0687 1636	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:50:00.0750 1636	HTTP - ok
16:50:00.0765 1636	i2omgmt - ok
16:50:00.0796 1636	i2omp - ok
16:50:00.0843 1636	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:50:00.0937 1636	i8042prt - ok
16:50:01.0140 1636	ialm            (f592a1b020723cfbd3d2722514066449) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:50:01.0578 1636	ialm - ok
16:50:01.0625 1636	iaStor          (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
16:50:01.0640 1636	iaStor - ok
16:50:01.0718 1636	IFXTPM          (667cfdb801df771f47b7c39373c2d850) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
16:50:01.0765 1636	IFXTPM - ok
16:50:01.0812 1636	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:50:01.0921 1636	Imapi - ok
16:50:01.0953 1636	ini910u - ok
16:50:02.0109 1636	IntcAzAudAddService (c73a4a48fbb3d00c7dbc6fe4f5e3675f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:50:02.0359 1636	IntcAzAudAddService - ok
16:50:02.0406 1636	IntelIde - ok
16:50:02.0453 1636	intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:50:02.0546 1636	intelppm - ok
16:50:02.0593 1636	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:50:02.0750 1636	Ip6Fw - ok
16:50:02.0796 1636	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:50:02.0906 1636	IpFilterDriver - ok
16:50:02.0953 1636	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:50:03.0062 1636	IpInIp - ok
16:50:03.0093 1636	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:50:03.0203 1636	IpNat - ok
16:50:03.0250 1636	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:50:03.0328 1636	IPSec - ok
16:50:03.0359 1636	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:50:03.0453 1636	IRENUM - ok
16:50:03.0500 1636	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:50:03.0593 1636	isapnp - ok
16:50:03.0625 1636	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:50:03.0718 1636	Kbdclass - ok
16:50:03.0734 1636	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:50:03.0859 1636	kmixer - ok
16:50:03.0906 1636	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:50:04.0000 1636	KSecDD - ok
16:50:04.0031 1636	lbrtfdc - ok
16:50:04.0078 1636	LStone - ok
16:50:04.0125 1636	MarvinBus       (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
16:50:04.0156 1636	MarvinBus ( UnsignedFile.Multi.Generic ) - warning
16:50:04.0156 1636	MarvinBus - detected UnsignedFile.Multi.Generic (1)
16:50:04.0187 1636	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:50:04.0203 1636	mdmxsdk - ok
16:50:04.0234 1636	MemAlloc        (3b41963835bd160678a53cb95191b211) C:\WINDOWS\system32\DRIVERS\memalloc.sys
16:50:04.0250 1636	MemAlloc ( UnsignedFile.Multi.Generic ) - warning
16:50:04.0250 1636	MemAlloc - detected UnsignedFile.Multi.Generic (1)
16:50:04.0281 1636	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:50:04.0406 1636	mnmdd - ok
16:50:04.0468 1636	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:50:04.0578 1636	Modem - ok
16:50:04.0609 1636	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:50:04.0718 1636	Mouclass - ok
16:50:04.0734 1636	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:50:04.0828 1636	MountMgr - ok
16:50:04.0843 1636	mraid35x - ok
16:50:04.0859 1636	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:50:04.0968 1636	MRxDAV - ok
16:50:05.0015 1636	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:50:05.0093 1636	MRxSmb - ok
16:50:05.0203 1636	MSDV            (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
16:50:05.0312 1636	MSDV - ok
16:50:05.0328 1636	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:50:05.0437 1636	Msfs - ok
16:50:05.0468 1636	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:50:05.0562 1636	MSKSSRV - ok
16:50:05.0578 1636	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:50:05.0687 1636	MSPCLOCK - ok
16:50:05.0703 1636	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:50:05.0796 1636	MSPQM - ok
16:50:05.0828 1636	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:50:05.0921 1636	mssmbios - ok
16:50:05.0968 1636	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:50:06.0062 1636	MSTEE - ok
16:50:06.0109 1636	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:50:06.0171 1636	Mup - ok
16:50:06.0218 1636	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:50:06.0328 1636	NABTSFEC - ok
16:50:06.0375 1636	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:50:06.0484 1636	NDIS - ok
16:50:06.0531 1636	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:50:06.0640 1636	NdisIP - ok
16:50:06.0687 1636	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:50:06.0718 1636	NdisTapi - ok
16:50:06.0734 1636	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:50:06.0828 1636	Ndisuio - ok
16:50:06.0875 1636	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:50:06.0968 1636	NdisWan - ok
16:50:07.0015 1636	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:50:07.0046 1636	NDProxy - ok
16:50:07.0078 1636	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:50:07.0171 1636	NetBIOS - ok
16:50:07.0203 1636	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:50:07.0312 1636	NetBT - ok
16:50:07.0484 1636	NETw5x32        (0888844230083ce3b47395102bca8207) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
16:50:07.0765 1636	NETw5x32 - ok
16:50:07.0828 1636	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:50:07.0921 1636	NIC1394 - ok
16:50:07.0984 1636	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:50:08.0140 1636	Npfs - ok
16:50:08.0171 1636	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:50:08.0312 1636	Ntfs - ok
16:50:08.0375 1636	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:50:08.0484 1636	Null - ok
16:50:08.0531 1636	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:50:08.0640 1636	NwlnkFlt - ok
16:50:08.0687 1636	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:50:08.0796 1636	NwlnkFwd - ok
16:50:08.0843 1636	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:50:08.0953 1636	ohci1394 - ok
16:50:09.0000 1636	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:50:09.0140 1636	Parport - ok
16:50:09.0171 1636	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:50:09.0296 1636	PartMgr - ok
16:50:09.0343 1636	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:50:09.0484 1636	ParVdm - ok
16:50:09.0500 1636	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:50:09.0625 1636	PCI - ok
16:50:09.0640 1636	PCIDump - ok
16:50:09.0656 1636	PCIIde - ok
16:50:09.0687 1636	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:50:09.0796 1636	Pcmcia - ok
16:50:09.0812 1636	PDCOMP - ok
16:50:09.0828 1636	PDFRAME - ok
16:50:09.0828 1636	PDRELI - ok
16:50:09.0843 1636	PDRFRAME - ok
16:50:09.0859 1636	perc2 - ok
16:50:09.0875 1636	perc2hib - ok
16:50:09.0937 1636	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:50:10.0031 1636	PptpMiniport - ok
16:50:10.0062 1636	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:50:10.0156 1636	PSched - ok
16:50:10.0187 1636	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:50:10.0296 1636	Ptilink - ok
16:50:10.0312 1636	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:50:10.0328 1636	PxHelp20 - ok
16:50:10.0359 1636	ql1080 - ok
16:50:10.0390 1636	Ql10wnt - ok
16:50:10.0406 1636	ql12160 - ok
16:50:10.0421 1636	ql1240 - ok
16:50:10.0421 1636	ql1280 - ok
16:50:10.0453 1636	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:50:10.0562 1636	RasAcd - ok
16:50:10.0656 1636	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:50:10.0750 1636	Rasl2tp - ok
16:50:10.0781 1636	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:50:10.0875 1636	RasPppoe - ok
16:50:10.0890 1636	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:50:11.0000 1636	Raspti - ok
16:50:11.0031 1636	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:50:11.0125 1636	Rdbss - ok
16:50:11.0171 1636	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:50:11.0265 1636	RDPCDD - ok
16:50:11.0312 1636	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:50:11.0421 1636	rdpdr - ok
16:50:11.0468 1636	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:50:11.0500 1636	RDPWD - ok
16:50:11.0546 1636	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:50:11.0640 1636	redbook - ok
16:50:11.0703 1636	rimsptsk        (f2993908be03181c781228daadc55230) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
16:50:11.0750 1636	rimsptsk - ok
16:50:11.0828 1636	RimUsb          (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
16:50:11.0875 1636	RimUsb - ok
16:50:11.0906 1636	risdptsk        (cd6e3947724b337f9bc1524b710231eb) C:\WINDOWS\system32\DRIVERS\risdptsk.sys
16:50:11.0937 1636	risdptsk - ok
16:50:12.0015 1636	s24trans        (2bc0b847cbcfe62a79b18ce0b440334d) C:\WINDOWS\system32\DRIVERS\s24trans.sys
16:50:12.0062 1636	s24trans - ok
16:50:12.0140 1636	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:50:12.0343 1636	Secdrv - ok
16:50:12.0421 1636	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
16:50:12.0531 1636	Serial - ok
16:50:12.0562 1636	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
16:50:12.0671 1636	Sfloppy - ok
16:50:12.0718 1636	shpf            (fd165f1309e8da2a969fbbb16635e459) C:\WINDOWS\system32\DRIVERS\shpf.sys
16:50:12.0718 1636	shpf - ok
16:50:12.0750 1636	Simbad - ok
16:50:12.0781 1636	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:50:12.0875 1636	SLIP - ok
16:50:12.0921 1636	SNC             (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
16:50:12.0953 1636	SNC - ok
16:50:12.0984 1636	Sparrow - ok
16:50:13.0031 1636	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:50:13.0125 1636	splitter - ok
16:50:13.0156 1636	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:50:13.0265 1636	sr - ok
16:50:13.0312 1636	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:50:13.0390 1636	Srv - ok
16:50:13.0453 1636	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:50:13.0468 1636	ssmdrv - ok
16:50:13.0484 1636	SSPORT - ok
16:50:13.0531 1636	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:50:13.0671 1636	streamip - ok
16:50:13.0703 1636	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:50:13.0828 1636	swenum - ok
16:50:13.0859 1636	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:50:14.0000 1636	swmidi - ok
16:50:14.0046 1636	symc810 - ok
16:50:14.0078 1636	symc8xx - ok
16:50:14.0093 1636	sym_hi - ok
16:50:14.0125 1636	sym_u3 - ok
16:50:14.0187 1636	SynTP           (e63c8d007005465d5d393d1a29dac97e) C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:50:14.0234 1636	SynTP - ok
16:50:14.0296 1636	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:50:14.0390 1636	sysaudio - ok
16:50:14.0453 1636	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:50:14.0531 1636	Tcpip - ok
16:50:14.0593 1636	TcUsb           (72b9e77565da5fa564581976e000d29b) C:\WINDOWS\system32\Drivers\tcusb.sys
16:50:14.0625 1636	TcUsb - ok
16:50:14.0656 1636	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:50:14.0812 1636	TDPIPE - ok
16:50:14.0875 1636	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:50:14.0984 1636	TDTCP - ok
16:50:15.0015 1636	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:50:15.0109 1636	TermDD - ok
16:50:15.0156 1636	TosIde - ok
16:50:15.0187 1636	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:50:15.0281 1636	Udfs - ok
16:50:15.0312 1636	ultra - ok
16:50:15.0359 1636	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:50:15.0484 1636	Update - ok
16:50:15.0546 1636	USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:50:15.0578 1636	USBAAPL ( UnsignedFile.Multi.Generic ) - warning
16:50:15.0578 1636	USBAAPL - detected UnsignedFile.Multi.Generic (1)
16:50:15.0640 1636	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:50:15.0734 1636	usbccgp - ok
16:50:15.0765 1636	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:50:15.0859 1636	usbehci - ok
16:50:15.0906 1636	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:50:16.0000 1636	usbhub - ok
16:50:16.0046 1636	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:50:16.0125 1636	usbprint - ok
16:50:16.0203 1636	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:50:16.0296 1636	usbscan - ok
16:50:16.0328 1636	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:50:16.0437 1636	usbstor - ok
16:50:16.0468 1636	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:50:16.0562 1636	usbuhci - ok
16:50:16.0593 1636	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:50:16.0703 1636	VgaSave - ok
16:50:16.0718 1636	ViaIde - ok
16:50:16.0750 1636	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:50:16.0843 1636	VolSnap - ok
16:50:16.0906 1636	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:50:16.0984 1636	Wanarp - ok
16:50:17.0031 1636	wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
16:50:17.0078 1636	wanatw - ok
16:50:17.0093 1636	WDICA - ok
16:50:17.0140 1636	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:50:17.0234 1636	wdmaud - ok
16:50:17.0296 1636	winachsf        (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:50:17.0343 1636	winachsf - ok
16:50:17.0468 1636	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:50:17.0578 1636	WSTCODEC - ok
16:50:17.0640 1636	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:50:17.0703 1636	WudfPf - ok
16:50:17.0750 1636	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:50:17.0796 1636	WudfRd - ok
16:50:17.0859 1636	yukonwxp        (175e7dbc9db42113decdeb566cc4c098) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
16:50:17.0937 1636	yukonwxp - ok
16:50:18.0000 1636	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:50:18.0281 1636	\Device\Harddisk0\DR0 - ok
16:50:18.0281 1636	Boot (0x1200)   (1da4558f1b8f420afc5d304789ed3818) \Device\Harddisk0\DR0\Partition0
16:50:18.0281 1636	\Device\Harddisk0\DR0\Partition0 - ok
16:50:18.0296 1636	============================================================
16:50:18.0296 1636	Scan finished
16:50:18.0296 1636	============================================================
16:50:18.0421 2596	Detected object count: 3
16:50:18.0421 2596	Actual detected object count: 3
16:50:47.0796 2596	MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:47.0796 2596	MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:50:47.0812 2596	MemAlloc ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:47.0812 2596	MemAlloc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:50:47.0828 2596	USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
16:50:47.0828 2596	USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 04.12.2011, 18:27

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Fratze666 · 07.12.2011, 19:02

Ein paar Tage verspätet, sorry

Hier der Log vom ComboFix:

Code:

ATTFilter

ComboFix 11-12-04.04 - *** 05.12.2011  11:36:55.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.3069.2356 [GMT 1:00]
ausgeführt von:: c:\documents and settings\***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\INSTALL.LOG
c:\windows\iun6002.exe
c:\windows\kb835221.exe
c:\windows\setup.exe
c:\windows\stepbystepinteractivetraining-kb923723-x86-enu.exe
c:\windows\system32\components
c:\windows\system32\components\AcroFF.txt
c:\windows\system32\Thumbs.db
c:\windows\windows-kb870669-x86-enu.exe
c:\windows\windowsinstaller-kb893803-v2-x86.exe
c:\windows\windowsmedia6-kb925398-x86-enu.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-05 bis 2011-12-05  ))))))))))))))))))))))))))))))
.
.
2011-12-02 20:15 . 2011-12-02 20:15	--------	d-----w-	C:\_OTL
2011-11-30 22:14 . 2011-11-30 22:14	--------	d-----w-	c:\program files\ESET
2011-11-22 19:37 . 2011-11-22 19:37	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-11-10 22:39 . 2011-11-10 22:39	--------	d-----w-	c:\program files\iPod
2011-11-10 22:39 . 2011-11-10 22:39	--------	d-----w-	c:\program files\iTunes
2011-11-10 22:35 . 2011-11-10 22:35	--------	d-----w-	c:\program files\Bonjour
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 13:29 . 2011-10-24 13:29	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-10-10 14:22 . 2008-07-29 09:53	692736	------w-	c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-07-29 09:43	599040	----a-w-	c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 17:59	611328	----a-w-	c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2008-07-29 09:43	220160	----a-w-	c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2008-07-29 09:43	20480	----a-w-	c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2008-07-29 09:43	1858944	------w-	c:\windows\system32\win32k.sys
1998-02-10 16:34 . 2009-07-27 17:11	128000	----a-w-	c:\program files\UNWISE.EXE
2010-01-20 15:25 . 2010-01-20 15:25	28488	----a-w-	c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-01-20 15:25 . 2010-01-20 15:25	185240	----a-w-	c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-01-20 15:25 . 2010-01-20 15:25	46408	----a-w-	c:\program files\mozilla firefox\plugins\atmccli.dll
2008-08-16 16:42 . 2008-08-16 16:42	13112	----a-w-	c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 16:42 . 2008-08-16 16:42	70456	----a-w-	c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 16:42 . 2008-08-16 16:42	91448	----a-w-	c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 16:42 . 2008-08-16 16:42	20800	----a-w-	c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 16:43 . 2008-08-16 16:43	206136	----a-w-	c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 16:42 . 2008-08-16 16:42	31032	----a-w-	c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 16:42 . 2008-08-16 16:42	40248	----a-w-	c:\program files\mozilla firefox\plugins\icalogon.dll
2010-01-20 15:25 . 2010-01-20 15:25	99224	----a-w-	c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-09-25 16:41 . 2009-09-25 16:41	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2008-05-21 07:41 . 2008-05-21 07:41	479232	----a-w-	c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 07:41 . 2008-05-21 07:41	548864	----a-w-	c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 07:41 . 2008-05-21 07:41	626688	----a-w-	c:\program files\mozilla firefox\plugins\msvcr80.dll
2009-09-25 16:41 . 2009-09-25 16:41	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-06-05 12:58 . 2008-06-05 12:58	648504	----a-w-	c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 16:42 . 2008-08-16 16:42	23864	----a-w-	c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\***\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\***\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\***\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\***\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-04-03 20:10	2957312	----a-w-	c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-04-03 20:10	2957312	----a-w-	c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-14 1032192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-23 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-23 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-23 141848]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2008-03-26 217088]
"VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2008-05-15 534368]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2008-05-14 503808]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-05-16 315392]
"imekrmig7.0"="c:\program files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-19 25440]
"IMSCMig"="c:\progra~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE" [2007-04-03 17248]
"CJIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-23 66400]
"PHIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-23 98656]
"IMJPMIG9.0"="c:\progra~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE" [2007-04-19 125792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-05-01 1347584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-05-01 1191936]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-12-09 606208]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-06-11 503808]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDIDL~1\DVDShell.dll" [2004-10-09 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-03-25 19:53	73728	------w-	c:\windows\system32\VESWinlogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^***^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\***\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 10:06	40048	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 13:58	611712	----a-w-	c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2007-10-27 17:44	50528	----a-w-	c:\program files\AOL 9.1\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34	41824	----a-w-	c:\program files\Common Files\aol\1231712899\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 17:06	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42	1695232	------w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2008-04-03 19:36	48904	----a-w-	c:\program files\Protector Suite QL\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1231712899\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Documents and Settings\\***\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [29.07.2008 11:10 22560]
R1 MemAlloc;MemAlloc;c:\windows\system32\drivers\MemAlloc.sys [03.06.2009 20:11 5543]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22.06.2009 16:19 136360]
R3 5U875UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U875.sys [29.07.2008 11:30 71296]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [29.07.2008 10:44 41216]
S1 LStone;Pinnacle Systems Studio AV/DV Overlay;c:\windows\system32\DRIVERS\lstone2k.sys --> c:\windows\system32\DRIVERS\lstone2k.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2008-11-11 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-07-29 12:42]
.
2008-11-11 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-07-29 12:42]
.
2008-11-11 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-07-29 12:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
AddRemove-Memory Stick Icon1.0 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-05 11:43
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(7628)
c:\windows\system32\WININET.dll
c:\documents and settings\***\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\Protector Suite QL\farchns.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-05  11:47:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-05 10:47
.
Vor Suchlauf: 6.944.583.680 bytes free
Nach Suchlauf: 6.760.984.576 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 3B41F130833D23C90308DB62A871D02F

cosinus · 07.12.2011, 20:04

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Fratze666 · 12.12.2011, 04:37

Hallo, war das ganze WE unterwegs, komme daher erst jetzt zum antworten.
Hier schon mal die GMER und OSAM Logs, den aswMBR Log habe ich noch nicht, reiche ich aber schnellstmöglich nach.

Welche Einträge müssen denn bei OSAM deaktiviert werden?
...kann man das jetzt schon sagen, oder benötigt man dazu auch die Auswertung von aswMBR?

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-09 19:28:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000
Running: 16q0ilpe.exe; Driver: C:\DOCUME~1\***\LOCALS~1\Temp\kwlcqaow.sys


---- System - GMER 1.0.15 ----

SSDT            9E8AC6CC                                                                                                                                                                                  ZwClose
SSDT            9E8AC686                                                                                                                                                                                  ZwCreateKey
SSDT            9E8AC6D6                                                                                                                                                                                  ZwCreateSection
SSDT            9E8AC67C                                                                                                                                                                                  ZwCreateThread
SSDT            9E8AC68B                                                                                                                                                                                  ZwDeleteKey
SSDT            9E8AC695                                                                                                                                                                                  ZwDeleteValueKey
SSDT            9E8AC6C7                                                                                                                                                                                  ZwDuplicateObject
SSDT            9E8AC69A                                                                                                                                                                                  ZwLoadKey
SSDT            9E8AC668                                                                                                                                                                                  ZwOpenProcess
SSDT            9E8AC66D                                                                                                                                                                                  ZwOpenThread
SSDT            9E8AC6A4                                                                                                                                                                                  ZwReplaceKey
SSDT            9E8AC69F                                                                                                                                                                                  ZwRestoreKey
SSDT            9E8AC6DB                                                                                                                                                                                  ZwSetContextThread
SSDT            9E8AC690                                                                                                                                                                                  ZwSetValueKey
SSDT            9E8AC677                                                                                                                                                                                  ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                                                                                                  section is writeable [0xB7A5D000, 0x188AF6, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\Explorer.EXE[3192] kernel32.dll!CreateProcessW                                                                                                                                 7C802336 5 Bytes  JMP 51981D1D C:\PROGRA~1\DVDIDL~1\DVDShell.dll (DVDIdle Pro Shell Module/Fengtao Software Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]                                                                   [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                                      [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                                                                     [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                                                                     [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                                                                       [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                                                                       [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                                        [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                                       [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                                                                      [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]                                                                      [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                                         [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                                                                      [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                                                                        [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                                                                        [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                                                     [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                                                                       [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                                        [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                                                                       [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                                        [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                                                                       [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                                       [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]                                                                    [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                                                                    [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                                                                      [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                                                                      [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                                                                       [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                                        [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                                       [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA]                                                                      [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                                       [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                                                      [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                                                                      [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                                                                    [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA]                                                                    [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                                                                        [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                                                                        [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                                                                      [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA]                                                                      [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                                         [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA]                                                                        [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                                         [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]                                                                     [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                                      [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]                                                                     [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW]                                                                      [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA]                                                                    [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA]                                                                      [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[324] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                                       [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                                                                                                   SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                                                                                                   SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device                                                                                                                                                                                                    mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Documents and Settings\All Users\Documents\Pinnacle\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook  1
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                                                                                         
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                                                                                          Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                                                                                        C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b                                                                        0xC8 0x28 0x51 0xAF ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                                                                                         
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                                                                                          Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                                                                                        C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b                                                                        0x6A 0x9C 0xD6 0x61 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                                                                                         
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                                                                                          Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                                                                                        C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016                                                                        0x25 0xDA 0xEC 0x7E ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                                                                                         
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                                                                                          Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                                                                                        C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48                                                                        0x86 0x8C 0x21 0x01 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                                                                                         
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                                                                                          Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                                                                                        C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472                                                                        0xF5 0x1D 0x4D 0x73 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                                                                                         
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                                                                                          Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                                                                                        C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d                                                                        0xDF 0x20 0x58 0x62 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                                                                                         
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                                                                                          Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                                                                                        C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b                                                                        0xFB 0xA7 0x78 0xE6 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                                                                                         
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                                                                                          Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                                                                                        C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d                                                                        0xAA 0x52 0xC6 0x00 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                                                                                         
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                                                                                          Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                                                                                        C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3                                                                        0xF6 0x0F 0x4E 0x58 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                                                                                         
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                                                                                          Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                                                                                        C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b                                                                        0xB1 0xCD 0x45 0x5A ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                                                                                         
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                                                                                          Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                                                                                        C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6                                                                        0xE3 0x0E 0x66 0xD5 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                                                                                         
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                                                                                          Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                                                                                        C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2                                                                        0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:47:21 on 09.12.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"ssmgr.cpl" - "Samsung" - C:\WINDOWS\system32\ssmgr.cpl
"VCCenter.cpl" - "Sony Corporation" - C:\WINDOWS\system32\VCCenter.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"ContentDirectory" - "Microsoft Corporation" - c:\program files\windows media connect\mswmccpl.dll
"ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Program Files\Protector Suite QL\infopnl.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
"VAIO Recovery Wizard" - "Sony Electronics, Inc" - C:\WINDOWS\Sonysys\VAIO Recovery\Recoveryapplet.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfs" (adfs) - "Adobe Systems, Inc." - C:\WINDOWS\system32\drivers\adfs.sys
"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\WINDOWS\System32\Drivers\usbaapl.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DgiVecp" (DgiVecp) - ? - C:\WINDOWS\system32\Drivers\DgiVecp.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"kwlcqaow" (kwlcqaow) - ? - C:\DOCUME~1\***\LOCALS~1\Temp\kwlcqaow.sys  (Hidden registry entry, rootkit activity | File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MemAlloc" (MemAlloc) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\DRIVERS\memalloc.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"Pinnacle Marvin Bus" (MarvinBus) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\DRIVERS\MarvinBus.sys
"Pinnacle Systems Studio AV/DV Overlay" (LStone) - ? - C:\WINDOWS\System32\DRIVERS\lstone2k.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Sony HDD Protection Filter Driver" (shpf) - "Sony Corporation" - C:\WINDOWS\System32\DRIVERS\shpf.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"SSPORT" (SSPORT) - ? - C:\WINDOWS\system32\Drivers\SSPORT.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "{F9DB5320-233E-11D1-9F84-707F02C10627}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{93994DE8-8239-4655-B1D1-5F4E91300429} "DVDIdleShell Class" - "Fengtao Software Inc." - C:\PROGRA~1\DVDIDL~1\DVDShell.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Program Files\Pinnacle\Studio 14\Programs\BlueShellExt.dll  (File found, but it contains no detailed information)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "Display Panning CPL Extension" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu" - ? -   (File not found | COM-object registry key not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\WINDOWS\system32\btncopy.dll
{6af09ec9-b429-11d4-a1fb-0090960218cb} "My Bluetooth Places" - "Broadcom Corporation." - C:\WINDOWS\system32\BTNEIG~1.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E} "Safearchive ContextMenu Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA} "Safearchive ExtractIcon Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{66C99756-1C92-4d3e-BA69-9400A6F731F5} "Safearchive PropertySheetHandler Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{055EF591-5C38-49a0-9BDA-51B1D69D0BF4} "Safearchive ShellFolder Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shell extensions for file compression" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMPanel.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx / hxxp://www.fotokasten.de/javaapplet/ImageUploader5.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{6F750203-1362-4815-A476-88533DE61D0C} "Kodak Gallery Easy Upload Manager Class" - "KODAK EASYSHARE Gallery" - C:\WINDOWS\Downloaded Program Files\axofupld.dll / hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
{AE7CD045-E861-484f-8273-0445EE161910} "AcroIEToolbarHelper Class" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-----( %UserProfile%\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Documents and Settings\***\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"3170 Scan2PC" - ? - "C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CJIMETIPSYNC" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
"imekrmig7.0" - "Microsoft Corporation" - "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
"IMJPMIG9.0" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
"IMSCMig" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
"IntelWireless" - "Intel(R) Corporation" - "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
"IntelZeroConfig" - "Intel(R) Corporation" - "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
"ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
"PHIMETIPSYNC" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
"Samsung PanelMgr" - ? - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
"SonyPowerCfg" - "Sony Corporation" - "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"Switcher.exe" - "Sony Corporation" - "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
"VAIO Recovery" - "Sony Electronics Inc" - C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
"VMSwitch" - "Sony Corporation" - "C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
"IntelNetProvCredMan" - "Intel(R) Corporation" - C:\WINDOWS\system32\netprovcredman.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll
"Bluetooth Printer Port" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"AOL Connectivity Service" (AOL ACS) - "AOL LLC" - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"Intel® PROSet/Wireless WiFi Service" (S24EventMonitor) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jqs.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Media Connect (WMC)" (WmcCds) - "Microsoft Corporation" - c:\program files\windows media connect\mswmccds.exe
"Windows Media Connect (WMC) Helper" (WmcCdsLs) - "Microsoft Corporation" - C:\Program Files\Windows Media Connect\mswmcls.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"VESWinlogon" - "Sony Corporation" - C:\WINDOWS\system32\VESWinlogon.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

mehrere Trojaner (Spy Banker, Stolen Data, Malware Gen/Trace, Trojan Passwords, Zbot)

Log-Analyse und Auswertung: mehrere Trojaner (Spy Banker, Stolen Data, Malware Gen/Trace, Trojan Passwords, Zbot)