Hallo zusammen,

ich bräuchte mal Eure Hilfe.
Ich habe mir auch einen Trojaner eingefangen.
Nach dem start von Windows XP kommt direkt die Meldung
>>Pc wird blockiert: Aus Sicherheitsgründen wurde ihr Windows System blockiert..... <<
Habe hier gelesen das es sich um einen hartnäckigen Trojaner handelt.

Habe OTL-Files erstellt.
Allerdings hat OTL mir beim zweiten mal wie ich Euer benutzerdefiniertes Script eingefügt habe keine extra.txt erzeugt, deshalb die vom ersten mal.

Die Dateien sind im abgesicherten Modus des "verseuchten" Kontos erstellt worden.

OTL:

OTL logfile created on: 22.12.2011 23:06:22 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Andreas\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 88,62% Memory free
5,09 Gb Paging File | 4,97 Gb Available in Paging File | 97,55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 195,31 Gb Total Space | 86,89 Gb Free Space | 44,49% Space Free | Partition Type: NTFS
Drive D: | 503,33 Gb Total Space | 393,11 Gb Free Space | 78,10% Space Free | Partition Type: NTFS
Drive E: | 698,63 Gb Total Space | 208,22 Gb Free Space | 29,80% Space Free | Partition Type: NTFS

Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.12.22 22:05:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andreas\Desktop\OTL.exe
PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011.06.06 11:55:32 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2010.11.08 16:15:40 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2010.07.07 23:52:44 | 000,555,624 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nView\nvShell.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.11.18 14:51:12 | 003,673,944 | ---- | M] () [Auto | Stopped] -- D:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.22 19:36:30 | 001,868,288 | ---- | M] (Bdrive Inc.) [Auto | Stopped] -- C:\Programme\MacroData Inc\NetDrive\ndsvc.exe -- (ndsvc)
SRV - [2011.03.15 13:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011.02.24 19:55:34 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.01.12 17:35:12 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.01.12 17:32:10 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.12.19 20:10:19 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.11.23 08:23:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () [Auto | Stopped] -- C:\Programme\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011.12.08 19:42:33 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.10.07 08:25:14 | 000,047,680 | ---- | M] (MacroData Inc.) [File_System | On_Demand | Stopped] -- C:\Programme\MacroData Inc\NetDrive\NDFS.sys -- (ndfs)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.10 13:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2010.04.27 15:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010.04.27 15:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010.04.27 15:57:24 | 000,031,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2010.04.27 15:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010.04.27 13:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2010.03.18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010.03.18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010.03.18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010.03.18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010.03.18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010.03.18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010.03.18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010.03.18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010.03.18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010.03.18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010.03.18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2010.03.18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010.03.18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2010.03.18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010.03.18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2010.03.18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010.03.18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2010.03.18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2010.02.24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.05.22 23:37:50 | 005,082,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.09.08 17:26:22 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Spyder3.sys -- (Spyder3)
DRV - [2008.08.05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.06.25 17:47:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.04.12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007.04.12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007.04.12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007.04.12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007.04.12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007.04.12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007.04.12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2006.01.04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004.08.13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.08.09 12:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.08.09 12:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.07.19 15:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.12.01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2001.08.17 14:02:40 | 000,035,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.croco-puzzle.com/Ostern2011/start.php
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.geocaching.com/my/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:2.0.5
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..keyword.URL: "hxxp://start.facemoods.com/results.php?f=5&a=ddr&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b9\extensions\\Components: C:\Programme\Mozilla Firefox 4.0 Beta 9\components [2011.11.11 10:30:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.11 10:30:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.11.11 10:30:58 | 000,000,000 | ---D | M]

[2010.11.18 22:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Extensions
[2011.12.17 21:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\4f3fnxr9.default\extensions
[2011.08.26 07:40:00 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\4f3fnxr9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011.01.09 22:31:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\4f3fnxr9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.11 07:31:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\4f3fnxr9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.13 01:28:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\4f3fnxr9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.12.17 21:20:54 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\4f3fnxr9.default\extensions\piclens@cooliris.com
[2011.02.17 12:48:38 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\4f3fnxr9.default\extensions\tineye@ideeinc.com
[2011.12.16 08:37:45 | 000,000,000 | ---D | M] (Echofon) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\4f3fnxr9.default\extensions\twitternotifier@naan.net
[2010.11.23 07:55:01 | 000,011,048 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\4f3fnxr9.default\searchplugins\geocachingcom-suche.xml
[2011.11.08 21:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\4F3FNXR9.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\4F3FNXR9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\4F3FNXR9.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.11.08 21:46:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 18:54:59 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 18:54:59 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.03 18:54:59 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.13 13:36:54 | 000,002,035 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2011.10.03 18:54:59 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 18:54:59 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 18:54:59 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alle meine Passworte] E:\Daten_2010\AmP.exe (Mirko Böer)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [facemoods] C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [Netdrive] C:\Programme\MacroData Inc\NetDrive\netdrive.exe (Bdrive Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [opera.exe] C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Opera\Opera\opera.exe ()
O4 - HKCU..\Run: [rfxsrvtray] D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O4 - HKCU..\Run: [SchlagerhoellenplayerTimer] C:\Programme\Schlagerhoellen-Player\phonostarTimer.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Spyder3Utility.lnk = C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03A31BC1-63B8-415C-AF08-6BC8C8D01112}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.18 21:35:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.03.18 17:57:07 | 000,000,000 | ---D | M] - E:\AutoClip -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found


CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011.12.22 22:31:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andreas\Desktop\OTL.exe
[2011.12.22 21:38:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Opera
[2011.12.17 21:20:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Desktop\sonstiges
[2011.12.16 10:10:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2011.12.16 10:10:04 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.12.16 10:10:01 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.12.07 21:09:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\CyberMistress
[2011.12.07 21:09:53 | 000,000,000 | ---D | C] -- C:\Programme\CyberMistress
[2010.03.18 19:18:32 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2010.03.18 18:59:50 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.12.22 23:04:34 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\defogger_reenable
[2011.12.22 23:01:26 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\Defogger.exe
[2011.12.22 22:25:23 | 000,477,286 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.12.22 22:25:23 | 000,435,742 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.12.22 22:25:23 | 000,091,402 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.12.22 22:25:23 | 000,068,638 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.12.22 22:21:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.22 22:08:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.22 22:05:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andreas\Desktop\OTL.exe
[2011.12.22 22:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.12.22 21:48:53 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.22 21:48:52 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job
[2011.12.19 16:31:51 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.18 15:51:42 | 000,031,043 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\BILDER_KALENDER2012.xml
[2011.12.16 09:46:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.12.16 08:09:48 | 001,554,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.14 22:36:57 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.09 07:25:33 | 000,100,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.08 19:42:33 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.12.01 22:34:49 | 000,000,120 | ---- | M] () -- C:\tw0001.dat
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.12.22 23:04:34 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\defogger_reenable
[2011.12.22 23:01:26 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\Defogger.exe
[2011.12.18 15:51:41 | 000,031,043 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\BILDER_KALENDER2012.xml
[2011.08.16 10:14:02 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\ChilkatCsv.dll
[2011.07.24 00:50:06 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.05.31 19:09:30 | 000,000,213 | ---- | C] () -- C:\WINDOWS\PCWGXDRV.INI
[2011.05.31 19:09:30 | 000,000,020 | ---- | C] () -- C:\WINDOWS\LOGINPUT.INI
[2011.03.16 11:52:33 | 002,648,064 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll
[2011.01.25 23:54:41 | 000,192,264 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.01.02 22:30:55 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.01.01 19:37:53 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.11.24 01:23:23 | 000,006,312 | ---- | C] () -- C:\WINDOWS\gwpreset.ini
[2010.11.24 01:23:23 | 000,001,424 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2010.11.22 22:23:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.11.20 10:20:43 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4B.DLL
[2010.11.19 13:45:52 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010.11.19 10:46:30 | 000,055,608 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.11.18 23:53:18 | 000,100,864 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.18 22:40:44 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010.11.18 22:40:18 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010.11.18 22:40:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010.11.18 22:24:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.11.18 21:56:57 | 000,038,373 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010.11.18 21:56:41 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010.11.18 21:56:27 | 000,038,013 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.11.18 21:56:26 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010.11.18 21:36:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.11.18 21:33:53 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.11.18 21:26:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.11.18 21:25:27 | 001,554,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.07.10 05:38:00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.03.18 19:59:54 | 000,050,439 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010.03.18 19:59:50 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010.03.18 19:19:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2010.03.18 19:17:50 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2010.03.18 19:07:54 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2010.03.18 19:07:54 | 000,051,787 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010.03.18 19:03:12 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2010.03.18 19:02:14 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2010.03.18 19:00:42 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2010.03.18 19:00:28 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2010.03.18 19:00:28 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2010.03.18 18:59:56 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010.03.18 18:59:56 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010.03.18 18:59:54 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2009.07.08 15:10:56 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2008.09.08 17:26:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\Spyder3.sys
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008.04.14 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 13:00:00 | 000,477,286 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.04.14 13:00:00 | 000,435,742 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.04.14 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 13:00:00 | 000,091,402 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.04.14 13:00:00 | 000,068,638 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.04.14 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.08.13 20:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007.04.12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll

========== LOP Check ==========

[2010.11.19 19:19:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2011.02.26 10:29:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avery
[2011.04.06 22:25:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2011.01.01 19:38:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.11.20 10:20:36 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.10.02 22:04:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CwGet
[2010.11.19 17:56:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GARMIN
[2011.10.11 18:12:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2010.12.31 12:46:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.12.31 12:40:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010.11.19 10:25:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.12.31 12:36:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011.09.11 09:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\.minecraft
[2010.11.19 19:20:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\ACD Systems
[2011.12.09 15:50:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Azureus
[2011.04.06 22:25:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Babylon
[2011.01.01 19:38:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Canneverbe Limited
[2010.12.24 09:40:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Dropbox
[2011.12.07 19:29:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\EurekaLog
[2011.01.28 09:02:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\facemoods.com
[2011.01.19 10:42:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\FinalMediaPlayer
[2010.11.19 14:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Foxit Software
[2010.11.19 17:57:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\GARMIN
[2011.05.26 15:10:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\GeoSetter
[2010.11.19 17:46:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\GSAK
[2011.08.16 10:19:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\GSAK8
[2011.03.30 19:46:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\gtk-2.0
[2010.12.05 19:23:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Imagenomic
[2011.02.04 19:28:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\inkscape
[2011.01.06 14:48:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mopsos
[2011.01.18 10:34:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\NetDrive
[2011.02.02 20:09:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Notepad++
[2011.12.22 21:38:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Opera
[2011.03.16 11:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\phonostar GmbH
[2011.10.13 19:46:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Schnellstart-DVD
[2011.09.30 14:46:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Stellarium
[2011.02.26 15:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\tb-logger
[2010.12.30 13:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\TeamViewer
[2011.03.16 11:52:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Tobit
[2010.12.31 12:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\TuneUp Software
[2010.12.20 11:48:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\TuxPaint
[2010.11.19 13:44:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Windows Desktop Search
[2011.01.02 22:49:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Windows Search
[2011.12.22 21:48:52 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\Final Media Player Update Checker.job
[2011.12.22 22:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2010.11.28 15:30:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.06.13 19:26:52 | 000,000,000 | ---D | M] -- C:\Garmin
[2011.12.19 19:41:48 | 000,000,000 | ---D | M] -- C:\GSAK
[2011.12.19 19:47:52 | 000,000,000 | ---D | M] -- C:\GSAK8
[2010.12.19 20:30:06 | 000,000,000 | ---D | M] -- C:\HELI-X30
[2010.11.18 21:57:17 | 000,000,000 | ---D | M] -- C:\Intel
[2010.12.11 00:02:18 | 000,000,000 | ---D | M] -- C:\MediaphorAG
[2010.11.19 09:48:58 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.12.16 10:10:04 | 000,000,000 | R--D | M] -- C:\Programme
[2010.12.11 09:38:53 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010.11.18 21:41:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.03.23 21:13:18 | 000,000,000 | ---D | M] -- C:\WebUpdater
[2011.12.22 22:13:24 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*.exe >

Invalid Environment Variable: LOCALAPPDATA

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]


< MD5 for: AFD.SYS >
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.14 13:00:00 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: EXPLORER.EXE >
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: IPSEC.SYS >
[2008.04.14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2008.04.14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys

< MD5 for: REGEDIT.EXE >
[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-14 21:37:14

< End of report >



Gruß Andreas

hi


achtung!

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O4 - HKCU..\Run: [opera.exe] C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Opera\Opera\opera.exe ()
:Files
C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Opera\Opera\opera.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

öffne arbeitsplatz, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

Hallo,
ich habe das Script durchlaufen lassen.
Hier die log-Datei.


>>>

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\opera.exe deleted successfully.
C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Opera\Opera\opera.exe moved successfully.
========== FILES ==========
File\Folder C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Opera\Opera\opera.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Andreas
->Flash cache emptied: 244451 bytes

User: Default User
->Flash cache emptied: 56502 bytes

User: Kinder
->Flash cache emptied: 1468 bytes

User: LocalService

User: NetworkService

User: Svenja
->Flash cache emptied: 1496 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Andreas
->Temp folder emptied: 67328084 bytes
->Temporary Internet Files folder emptied: 140540447 bytes
->Java cache emptied: 9524050 bytes
->FireFox cache emptied: 609256525 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Kinder
->Temp folder emptied: 1807710 bytes
->Temporary Internet Files folder emptied: 502421 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 243844387 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 45472636 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 246685513 bytes

User: Svenja
->Temp folder emptied: 1026165 bytes
->Temporary Internet Files folder emptied: 34552454 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46506569 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352202 bytes
%systemroot%\System32 .tmp files removed: 3771271 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1407900 bytes
RecycleBin emptied: 4361327190 bytes

Total Files Cleaned = 5.547,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12232011_114607

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

<<<<

ok dann weiter mit dem upload

MovedFiles im Upload bereich hochgeladen.

danke dir.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

• Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
  Tool
  
  Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  
• Hinweis:
  Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  
• Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Hallo,
hier die Log-Datei.

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 11-12-23.01 - Andreas 23.12.2011  13:53:40.1.4 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.3327.2588 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Andreas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Andreas\Anwendungsdaten\EurekaLog
c:\dokumente und einstellungen\Andreas\Anwendungsdaten\EurekaLog\EurekaLog.ini
c:\dokumente und einstellungen\Andreas\Anwendungsdaten\facemoods.com
c:\dokumente und einstellungen\Andreas\Eigene Dateien\ZDL30665.TMP
c:\dokumente und einstellungen\Kinder\Anwendungsdaten\facemoods.com
c:\dokumente und einstellungen\Svenja\Anwendungsdaten\facemoods.com
C:\index.htm
c:\programme\facemoods.com
c:\programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
c:\programme\facemoods.com\facemoods\1.4.17.3\facemoods.crx
c:\programme\facemoods.com\facemoods\1.4.17.3\facemoods.png
c:\programme\facemoods.com\facemoods\1.4.17.3\facemoodsApp.dll
c:\programme\facemoods.com\facemoods\1.4.17.3\facemoodsEng.dll
c:\programme\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
c:\programme\facemoods.com\facemoods\1.4.17.3\faCEmoodstlbr.dll
c:\programme\facemoods.com\facemoods\1.4.17.3\uninstall.exe
c:\windows\system32\oobe\isperror
c:\windows\system32\oobe\isperror\ispcnerr.htm
c:\windows\system32\oobe\isperror\ispdtone.htm
c:\windows\system32\oobe\isperror\isphdshk.htm
c:\windows\system32\oobe\isperror\ispins.htm
c:\windows\system32\oobe\isperror\ispnoanw.htm
c:\windows\system32\oobe\isperror\isppberr.htm
c:\windows\system32\oobe\isperror\ispphbsy.htm
c:\windows\system32\oobe\isperror\ispsbusy.htm
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-23 bis 2011-12-23  ))))))))))))))))))))))))))))))
.
.
2011-12-23 10:46 . 2011-12-23 10:59	--------	d-----w-	C:\_OTL
2011-12-22 20:50 . 2011-12-22 20:50	--------	d-sh--w-	c:\dokumente und einstellungen\Kinder\PrivacIE
2011-12-22 20:50 . 2011-12-22 21:05	--------	d-----w-	c:\dokumente und einstellungen\Kinder\Lokale Einstellungen\Anwendungsdaten\AskToolbar
2011-12-16 09:10 . 2011-12-16 09:10	--------	d-----w-	c:\programme\iPod
2011-12-16 09:10 . 2011-12-16 09:10	--------	d-----w-	c:\programme\iTunes
2011-12-07 20:09 . 2006-11-27 02:42	608448	----a-w-	c:\windows\system32\ComCtl32.ocx
2011-12-07 20:09 . 2006-05-13 10:53	108336	----a-w-	c:\windows\system32\mswinsck.ocx
2011-12-07 20:09 . 1998-06-24 00:00	209192	----a-w-	c:\windows\system32\tabctl32.ocx
2011-12-07 20:09 . 1998-06-24 00:00	203576	----a-w-	c:\windows\system32\RICHTX32.OCX
2011-12-07 20:09 . 2011-12-16 13:44	--------	d-----w-	c:\programme\CyberMistress
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 18:42 . 2011-10-16 09:21	134856	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-28 17:11 . 2011-08-14 12:11	664	----a-w-	c:\dokumente und einstellungen\Kinder\Lokale Einstellungen\Anwendungsdaten\d3d9caps.tmp
2011-11-23 14:40 . 2008-04-14 12:00	1859712	----a-w-	c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2008-04-14 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-14 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2008-04-14 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-04-14 12:00	385024	----a-w-	c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-14 12:00	1288704	----a-w-	c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-14 12:00	33280	----a-w-	c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 12:00	2151424	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-10-26 10:49 . 2008-04-14 07:30	2029568	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-10-24 13:29 . 2011-10-24 13:29	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2008-04-14 12:00	186880	----a-w-	c:\windows\system32\encdec.dll
2011-10-11 13:00 . 2011-10-16 09:21	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-16 09:21	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-10 14:22 . 2010-11-18 20:34	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-10-10 05:23 . 2011-05-14 07:13	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-28 07:06 . 2008-04-14 12:00	604160	----a-w-	c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-04-14 12:00	23040	----a-w-	c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2007-10-09 12:03	614912	----a-w-	c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2008-04-14 12:00	220160	----a-w-	c:\windows\system32\oleacc.dll
2011-11-08 20:46 . 2011-05-06 22:04	134104	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44	1400712	----a-w-	c:\programme\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SchlagerhoellenplayerTimer"="c:\programme\Schlagerhoellen-Player\phonostarTimer.exe" [2010-11-23 39936]
"rfxsrvtray"="d:\tobit radio.fx\Client\rfx-tray.exe" [2011-07-28 1851224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"Alle meine Passworte"="e:\da2b84~1\AMP.EXE" [2010-02-22 3676672]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Netdrive"="c:\programme\MacroData Inc\NetDrive\netdrive.exe" [2011-03-22 2557952]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-10-29 249064]
"PMBVolumeWatcher"="c:\programme\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Start WingMan Profiler"="c:\programme\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Spyder3Utility.lnk - c:\programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe [2010-7-26 7667970]
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Programme\\MacroData Inc\\NetDrive\\ndsvc.exe"=
"c:\\Programme\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\devolo\\dlan\\devolonetsvc.exe"=
"d:\\Tobit Radio.fx\\Server\\rfx-server.exe"=
"d:\\Tobit Radio.fx\\Client\\rfx-client.exe"=
"c:\\Programme\\Vuze\\Azureus.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"d:\\gamigo\\levelR\\LevelR.bin"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [16.10.2011 10:21 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [16.10.2011 10:21 86224]
R2 DevoloNetworkService;devolo Network Service;c:\programme\devolo\dlan\devolonetsvc.exe [19.07.2010 19:57 2231616]
R2 ndsvc;NetDrive Service;c:\programme\MacroData Inc\NetDrive\ndsvc.exe [22.03.2011 19:36 1868288]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [10.06.2010 13:32 35840]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\programme\Sony\PMB\PMBDeviceInfoProvider.exe [15.03.2011 13:44 428384]
R2 Radio.fx;Radio.fx Server;d:\tobit radio.fx\Server\rfx-server.exe [16.03.2011 11:52 3673944]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [12.01.2011 17:35 1051968]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [24.02.2010 13:41 10064]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [25.11.2010 01:25 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19.11.2010 13:46 1684736]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [18.03.2010 20:39 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [18.03.2010 20:39 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe [19.12.2010 20:10 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [18.03.2010 20:39 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [18.03.2010 20:39 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [18.03.2010 20:39 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [18.03.2010 20:39 100952]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [18.03.2010 20:39 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [18.03.2010 20:39 566360]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [25.11.2010 01:25 136176]
S3 ndfs;ndfs;c:\programme\MacroData Inc\NetDrive\NDFS.sys [07.10.2010 08:25 47680]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [08.09.2008 17:26 12288]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2011-12-23 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\programme\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-01-18 10:25]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-11-25 00:25]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-11-25 00:25]
.
2011-12-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.croco-puzzle.com/Ostern2011/start.php
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\4f3fnxr9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.geocaching.com/my/
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=ddr&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-facemoods - c:\programme\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
AddRemove-facemoods - c:\programme\facemoods.com\facemoods\1.4.17.3\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-23 13:57
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE? 
  CTHelper = CTHELPER.EXE? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD753LJ rev.1AA01113 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-10 
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!! 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Zeit der Fertigstellung: 2011-12-23  13:58:48
ComboFix-quarantined-files.txt  2011-12-23 12:58
.
Vor Suchlauf: 12 Verzeichnis(se), 96.119.386.112 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 96.388.018.176 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0C318BC07357F0777C1881E1205B7351
         

--- --- ---

download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
lösche niths, nur log posten

Hallo
und hier die Logdaten vom TDSS-Killer

17:05:44.0765 4536 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
17:05:44.0843 4536 ============================================================
17:05:44.0843 4536 Current date / time: 2011/12/23 17:05:44.0843
17:05:44.0843 4536 SystemInfo:
17:05:44.0843 4536
17:05:44.0843 4536 OS Version: 5.1.2600 ServicePack: 3.0
17:05:44.0843 4536 Product type: Workstation
17:05:44.0843 4536 ComputerName: ANDREAS-PC
17:05:44.0843 4536 UserName: Andreas
17:05:44.0843 4536 Windows directory: C:\WINDOWS
17:05:44.0843 4536 System windows directory: C:\WINDOWS
17:05:44.0843 4536 Processor architecture: Intel x86
17:05:44.0843 4536 Number of processors: 4
17:05:44.0843 4536 Page size: 0x1000
17:05:44.0843 4536 Boot type: Normal boot
17:05:44.0843 4536 ============================================================
17:05:45.0734 4536 Initialize success
17:06:12.0234 4672 ============================================================
17:06:12.0234 4672 Scan started
17:06:12.0234 4672 Mode: Manual; SigCheck; TDLFS;
17:06:12.0234 4672 ============================================================
17:06:14.0187 4672 Abiosdsk - ok
17:06:14.0203 4672 abp480n5 - ok
17:06:14.0218 4672 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:06:14.0781 4672 ACPI - ok
17:06:14.0812 4672 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:06:14.0921 4672 ACPIEC - ok
17:06:14.0921 4672 adpu160m - ok
17:06:14.0953 4672 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:06:15.0062 4672 aec - ok
17:06:15.0093 4672 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:06:15.0140 4672 AFD - ok
17:06:15.0140 4672 Aha154x - ok
17:06:15.0156 4672 aic78u2 - ok
17:06:15.0156 4672 aic78xx - ok
17:06:15.0171 4672 AliIde - ok
17:06:15.0218 4672 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
17:06:15.0328 4672 Ambfilt - ok
17:06:15.0343 4672 amsint - ok
17:06:15.0359 4672 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:06:15.0468 4672 Arp1394 - ok
17:06:15.0484 4672 asc - ok
17:06:15.0484 4672 asc3350p - ok
17:06:15.0484 4672 asc3550 - ok
17:06:15.0515 4672 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:06:15.0593 4672 AsyncMac - ok
17:06:15.0609 4672 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:06:15.0671 4672 atapi - ok
17:06:15.0687 4672 Atdisk - ok
17:06:15.0703 4672 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:06:15.0781 4672 Atmarpc - ok
17:06:15.0812 4672 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:06:15.0906 4672 audstub - ok
17:06:15.0906 4672 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:06:15.0953 4672 avgntflt - ok
17:06:15.0984 4672 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:06:16.0031 4672 avipbb - ok
17:06:16.0062 4672 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:06:16.0109 4672 avkmgr - ok
17:06:16.0140 4672 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:06:16.0218 4672 Beep - ok
17:06:16.0328 4672 catchme - ok
17:06:16.0359 4672 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:06:16.0453 4672 cbidf2k - ok
17:06:16.0453 4672 cd20xrnt - ok
17:06:16.0484 4672 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:06:16.0578 4672 Cdaudio - ok
17:06:16.0593 4672 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:06:16.0656 4672 Cdfs - ok
17:06:16.0703 4672 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:06:16.0765 4672 Cdrom - ok
17:06:16.0781 4672 Changer - ok
17:06:16.0796 4672 CmdIde - ok
17:06:16.0812 4672 COMMONFX (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\system32\drivers\COMMONFX.SYS
17:06:16.0828 4672 COMMONFX - ok
17:06:16.0828 4672 COMMONFX.DLL - ok
17:06:16.0843 4672 COMMONFX.SYS (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\System32\drivers\COMMONFX.SYS
17:06:16.0843 4672 COMMONFX.SYS - ok
17:06:16.0859 4672 Cpqarray - ok
17:06:16.0875 4672 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
17:06:16.0906 4672 CT20XUT.DLL ( UnsignedFile.Multi.Generic ) - warning
17:06:16.0906 4672 CT20XUT.DLL - detected UnsignedFile.Multi.Generic (1)
17:06:16.0937 4672 ctac32k (357c534b38019b597f51c8bf7186c118) C:\WINDOWS\system32\drivers\ctac32k.sys
17:06:16.0968 4672 ctac32k - ok
17:06:17.0000 4672 ctaud2k (691f8259a1f9c983356d8db2cde8043c) C:\WINDOWS\system32\drivers\ctaud2k.sys
17:06:17.0031 4672 ctaud2k - ok
17:06:17.0062 4672 CTAUDFX (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
17:06:17.0093 4672 CTAUDFX - ok
17:06:17.0109 4672 CTAUDFX.DLL - ok
17:06:17.0125 4672 CTAUDFX.SYS (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\System32\drivers\CTAUDFX.SYS
17:06:17.0125 4672 CTAUDFX.SYS - ok
17:06:17.0156 4672 ctdvda2k (8545d70b0335a05498f34e7e3f8ca9a2) C:\WINDOWS\system32\drivers\ctdvda2k.sys
17:06:17.0234 4672 ctdvda2k - ok
17:06:17.0265 4672 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
17:06:17.0296 4672 CTEAPSFX.DLL ( UnsignedFile.Multi.Generic ) - warning
17:06:17.0296 4672 CTEAPSFX.DLL - detected UnsignedFile.Multi.Generic (1)
17:06:17.0312 4672 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
17:06:17.0359 4672 CTEDSPFX.DLL ( UnsignedFile.Multi.Generic ) - warning
17:06:17.0359 4672 CTEDSPFX.DLL - detected UnsignedFile.Multi.Generic (1)
17:06:17.0390 4672 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
17:06:17.0421 4672 CTEDSPIO.DLL ( UnsignedFile.Multi.Generic ) - warning
17:06:17.0421 4672 CTEDSPIO.DLL - detected UnsignedFile.Multi.Generic (1)
17:06:17.0437 4672 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
17:06:17.0484 4672 CTEDSPSY.DLL ( UnsignedFile.Multi.Generic ) - warning
17:06:17.0484 4672 CTEDSPSY.DLL - detected UnsignedFile.Multi.Generic (1)
17:06:17.0484 4672 CTERFXFX (16f448354067914e7deaea709011bd60) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
17:06:17.0515 4672 CTERFXFX - ok
17:06:17.0515 4672 CTERFXFX.DLL - ok
17:06:17.0515 4672 CTERFXFX.SYS (16f448354067914e7deaea709011bd60) C:\WINDOWS\System32\drivers\CTERFXFX.SYS
17:06:17.0531 4672 CTERFXFX.SYS - ok
17:06:17.0562 4672 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
17:06:17.0640 4672 CTEXFIFX.DLL ( UnsignedFile.Multi.Generic ) - warning
17:06:17.0640 4672 CTEXFIFX.DLL - detected UnsignedFile.Multi.Generic (1)
17:06:17.0640 4672 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
17:06:17.0687 4672 CTHWIUT.DLL ( UnsignedFile.Multi.Generic ) - warning
17:06:17.0687 4672 CTHWIUT.DLL - detected UnsignedFile.Multi.Generic (1)
17:06:17.0687 4672 ctprxy2k (4d71541283aea28fb839007be90b5fc7) C:\WINDOWS\system32\drivers\ctprxy2k.sys
17:06:17.0703 4672 ctprxy2k - ok
17:06:17.0734 4672 CTSBLFX (64c83684661be137023f5186a612cf34) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
17:06:17.0765 4672 CTSBLFX - ok
17:06:17.0765 4672 CTSBLFX.DLL - ok
17:06:17.0781 4672 CTSBLFX.SYS (64c83684661be137023f5186a612cf34) C:\WINDOWS\System32\drivers\CTSBLFX.SYS
17:06:17.0812 4672 CTSBLFX.SYS - ok
17:06:17.0828 4672 ctsfm2k (632194572ebde8d461728cf382a7e964) C:\WINDOWS\system32\drivers\ctsfm2k.sys
17:06:17.0843 4672 ctsfm2k - ok
17:06:17.0859 4672 dac2w2k - ok
17:06:17.0859 4672 dac960nt - ok
17:06:17.0890 4672 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:06:17.0953 4672 Disk - ok
17:06:18.0000 4672 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
17:06:18.0109 4672 dmboot - ok
17:06:18.0125 4672 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
17:06:18.0203 4672 dmio - ok
17:06:18.0218 4672 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:06:18.0296 4672 dmload - ok
17:06:18.0343 4672 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:06:18.0421 4672 DMusic - ok
17:06:18.0437 4672 dpti2o - ok
17:06:18.0437 4672 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:06:18.0531 4672 drmkaud - ok
17:06:18.0546 4672 emupia (bacd9cc06d7a787e529e7ebf56b671aa) C:\WINDOWS\system32\drivers\emupia2k.sys
17:06:18.0578 4672 emupia - ok
17:06:18.0593 4672 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:06:18.0671 4672 Fastfat - ok
17:06:18.0687 4672 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:06:18.0765 4672 Fdc - ok
17:06:18.0781 4672 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
17:06:18.0859 4672 Fips - ok
17:06:18.0859 4672 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:06:18.0937 4672 Flpydisk - ok
17:06:18.0968 4672 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:06:19.0046 4672 FltMgr - ok
17:06:19.0062 4672 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:06:19.0140 4672 Fs_Rec - ok
17:06:19.0140 4672 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:06:19.0203 4672 Ftdisk - ok
17:06:19.0218 4672 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:06:19.0312 4672 gameenum - ok
17:06:19.0343 4672 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:06:19.0359 4672 GEARAspiWDM - ok
17:06:19.0375 4672 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:06:19.0453 4672 Gpc - ok
17:06:19.0468 4672 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
17:06:19.0515 4672 grmnusb - ok
17:06:19.0546 4672 ha10kx2k (70606233f3ed0e53cb3ea17f846d6a4f) C:\WINDOWS\system32\drivers\ha10kx2k.sys
17:06:19.0593 4672 ha10kx2k - ok
17:06:19.0609 4672 hap16v2k (a0c69ad2a61e576b0207acdd9626e167) C:\WINDOWS\system32\drivers\hap16v2k.sys
17:06:19.0640 4672 hap16v2k - ok
17:06:19.0671 4672 hap17v2k (2ee89452c574d259ada4fc9fc1c07243) C:\WINDOWS\system32\drivers\hap17v2k.sys
17:06:19.0703 4672 hap17v2k - ok
17:06:19.0734 4672 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:06:19.0828 4672 HDAudBus - ok
17:06:19.0859 4672 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:06:19.0953 4672 hidusb - ok
17:06:19.0968 4672 hpn - ok
17:06:20.0000 4672 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:06:20.0078 4672 HTTP - ok
17:06:20.0078 4672 i2omgmt - ok
17:06:20.0078 4672 i2omp - ok
17:06:20.0093 4672 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:06:20.0187 4672 i8042prt - ok
17:06:20.0203 4672 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:06:20.0281 4672 Imapi - ok
17:06:20.0296 4672 ini910u - ok
17:06:20.0406 4672 IntcAzAudAddService (0cacdcbbc8e6f11e2865c47bfc509848) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:06:20.0562 4672 IntcAzAudAddService - ok
17:06:20.0578 4672 IntelIde - ok
17:06:20.0578 4672 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:06:20.0656 4672 intelppm - ok
17:06:20.0687 4672 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:06:20.0781 4672 Ip6Fw - ok
17:06:20.0796 4672 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:06:20.0890 4672 IpFilterDriver - ok
17:06:20.0906 4672 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:06:20.0984 4672 IpInIp - ok
17:06:20.0984 4672 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:06:21.0078 4672 IpNat - ok
17:06:21.0078 4672 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:06:21.0171 4672 IPSec - ok
17:06:21.0203 4672 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:06:21.0250 4672 IRENUM - ok
17:06:21.0265 4672 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:06:21.0328 4672 isapnp - ok
17:06:21.0359 4672 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:06:21.0421 4672 Kbdclass - ok
17:06:21.0453 4672 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:06:21.0546 4672 kbdhid - ok
17:06:21.0578 4672 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:06:21.0656 4672 kmixer - ok
17:06:21.0671 4672 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:06:21.0718 4672 KSecDD - ok
17:06:21.0750 4672 L1e (93e64bab9dee162ca0ca5258d132a047) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
17:06:21.0796 4672 L1e - ok
17:06:21.0796 4672 lbrtfdc - ok
17:06:21.0828 4672 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:06:21.0906 4672 mnmdd - ok
17:06:21.0921 4672 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
17:06:22.0000 4672 Modem - ok
17:06:22.0046 4672 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
17:06:22.0125 4672 Monfilt - ok
17:06:22.0140 4672 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:06:22.0218 4672 Mouclass - ok
17:06:22.0250 4672 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:06:22.0343 4672 mouhid - ok
17:06:22.0343 4672 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:06:22.0421 4672 MountMgr - ok
17:06:22.0421 4672 mraid35x - ok
17:06:22.0437 4672 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:06:22.0531 4672 MRxDAV - ok
17:06:22.0562 4672 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:06:22.0593 4672 MRxSmb - ok
17:06:22.0625 4672 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:06:22.0687 4672 Msfs - ok
17:06:22.0718 4672 msgame (082a950191dde602bbea8ef4e5900251) C:\WINDOWS\system32\DRIVERS\msgame.sys
17:06:22.0812 4672 msgame - ok
17:06:22.0843 4672 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:06:22.0937 4672 MSKSSRV - ok
17:06:22.0953 4672 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:06:23.0031 4672 MSPCLOCK - ok
17:06:23.0046 4672 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:06:23.0140 4672 MSPQM - ok
17:06:23.0171 4672 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:06:23.0250 4672 mssmbios - ok
17:06:23.0281 4672 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:06:23.0328 4672 MTsensor - ok
17:06:23.0343 4672 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:06:23.0375 4672 Mup - ok
17:06:23.0437 4672 ndfs (b5b69ecec13a00588009e0c1040a86b0) C:\Programme\MacroData Inc\NetDrive\ndfs.sys
17:06:23.0468 4672 ndfs - ok
17:06:23.0484 4672 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:06:23.0546 4672 NDIS - ok
17:06:23.0578 4672 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:06:23.0609 4672 NdisTapi - ok
17:06:23.0640 4672 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:06:23.0718 4672 Ndisuio - ok
17:06:23.0734 4672 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:06:23.0812 4672 NdisWan - ok
17:06:23.0828 4672 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:06:23.0875 4672 NDProxy - ok
17:06:23.0890 4672 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:06:23.0953 4672 NetBIOS - ok
17:06:23.0968 4672 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:06:24.0062 4672 NetBT - ok
17:06:24.0093 4672 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:06:24.0171 4672 NIC1394 - ok
17:06:24.0187 4672 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:06:24.0250 4672 Npfs - ok
17:06:24.0265 4672 NPF_devolo (75ac610a7481cb1f343dc971249bcb19) C:\WINDOWS\system32\drivers\npf_devolo.sys
17:06:24.0281 4672 NPF_devolo ( UnsignedFile.Multi.Generic ) - warning
17:06:24.0281 4672 NPF_devolo - detected UnsignedFile.Multi.Generic (1)
17:06:24.0312 4672 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:06:24.0390 4672 Ntfs - ok
17:06:24.0421 4672 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:06:24.0500 4672 Null - ok
17:06:24.0687 4672 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:06:25.0000 4672 nv - ok
17:06:25.0031 4672 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:06:25.0140 4672 NwlnkFlt - ok
17:06:25.0156 4672 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:06:25.0250 4672 NwlnkFwd - ok
17:06:25.0281 4672 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:06:25.0359 4672 ohci1394 - ok
17:06:25.0390 4672 ossrv (ae896073e1bbf98fefc2ec52f62c0fba) C:\WINDOWS\system32\drivers\ctoss2k.sys
17:06:25.0421 4672 ossrv - ok
17:06:25.0453 4672 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
17:06:25.0531 4672 Parport - ok
17:06:25.0531 4672 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:06:25.0609 4672 PartMgr - ok
17:06:25.0625 4672 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:06:25.0718 4672 ParVdm - ok
17:06:25.0718 4672 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
17:06:25.0796 4672 PCI - ok
17:06:25.0796 4672 PCIDump - ok
17:06:25.0812 4672 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:06:25.0875 4672 PCIIde - ok
17:06:25.0890 4672 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:06:25.0984 4672 Pcmcia - ok
17:06:26.0000 4672 PDCOMP - ok
17:06:26.0000 4672 PDFRAME - ok
17:06:26.0000 4672 PDRELI - ok
17:06:26.0015 4672 PDRFRAME - ok
17:06:26.0015 4672 perc2 - ok
17:06:26.0015 4672 perc2hib - ok
17:06:26.0046 4672 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:06:26.0125 4672 PptpMiniport - ok
17:06:26.0156 4672 prodrv06 (18d9789a4664bf417eea944d2776091a) C:\WINDOWS\System32\drivers\prodrv06.sys
17:06:26.0218 4672 prodrv06 ( UnsignedFile.Multi.Generic ) - warning
17:06:26.0218 4672 prodrv06 - detected UnsignedFile.Multi.Generic (1)
17:06:26.0218 4672 prohlp02 (8cc9671a7ed2902e747ee0892e1c8575) C:\WINDOWS\system32\drivers\prohlp02.sys
17:06:26.0218 4672 prohlp02 ( UnsignedFile.Multi.Generic ) - warning
17:06:26.0218 4672 prohlp02 - detected UnsignedFile.Multi.Generic (1)
17:06:26.0234 4672 prosync1 (960bce3ed38761b446aabac06c76badf) C:\WINDOWS\system32\drivers\prosync1.sys
17:06:26.0234 4672 prosync1 ( UnsignedFile.Multi.Generic ) - warning
17:06:26.0234 4672 prosync1 - detected UnsignedFile.Multi.Generic (1)
17:06:26.0250 4672 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:06:26.0328 4672 PSched - ok
17:06:26.0343 4672 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:06:26.0437 4672 Ptilink - ok
17:06:26.0453 4672 ql1080 - ok
17:06:26.0453 4672 Ql10wnt - ok
17:06:26.0453 4672 ql12160 - ok
17:06:26.0468 4672 ql1240 - ok
17:06:26.0468 4672 ql1280 - ok
17:06:26.0484 4672 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:06:26.0578 4672 RasAcd - ok
17:06:26.0578 4672 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:06:26.0671 4672 Rasl2tp - ok
17:06:26.0671 4672 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:06:26.0765 4672 RasPppoe - ok
17:06:26.0765 4672 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:06:26.0828 4672 Raspti - ok
17:06:26.0843 4672 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:06:26.0921 4672 Rdbss - ok
17:06:26.0921 4672 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:06:27.0000 4672 RDPCDD - ok
17:06:27.0031 4672 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:06:27.0078 4672 RDPWD - ok
17:06:27.0109 4672 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:06:27.0187 4672 redbook - ok
17:06:27.0218 4672 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:06:27.0281 4672 Secdrv - ok
17:06:27.0312 4672 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:06:27.0390 4672 serenum - ok
17:06:27.0390 4672 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
17:06:27.0484 4672 Serial - ok
17:06:27.0515 4672 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
17:06:27.0515 4672 sfhlp01 ( UnsignedFile.Multi.Generic ) - warning
17:06:27.0515 4672 sfhlp01 - detected UnsignedFile.Multi.Generic (1)
17:06:27.0546 4672 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:06:27.0625 4672 Sfloppy - ok
17:06:27.0640 4672 Simbad - ok
17:06:27.0640 4672 Sparrow - ok
17:06:27.0671 4672 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:06:27.0750 4672 splitter - ok
17:06:27.0765 4672 Spyder3 (1c63fe706ab797bc3c24813ff969b4de) C:\WINDOWS\system32\DRIVERS\Spyder3.sys
17:06:27.0812 4672 Spyder3 - ok
17:06:27.0828 4672 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
17:06:27.0859 4672 sr - ok
17:06:27.0875 4672 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:06:27.0921 4672 Srv - ok
17:06:27.0937 4672 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:06:27.0968 4672 ssmdrv - ok
17:06:27.0984 4672 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
17:06:27.0984 4672 StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:06:27.0984 4672 StarOpen - detected UnsignedFile.Multi.Generic (1)
17:06:28.0000 4672 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:06:28.0078 4672 swenum - ok
17:06:28.0093 4672 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:06:28.0171 4672 swmidi - ok
17:06:28.0171 4672 symc810 - ok
17:06:28.0171 4672 symc8xx - ok
17:06:28.0187 4672 sym_hi - ok
17:06:28.0187 4672 sym_u3 - ok
17:06:28.0187 4672 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:06:28.0281 4672 sysaudio - ok
17:06:28.0328 4672 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:06:28.0390 4672 Tcpip - ok
17:06:28.0421 4672 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:06:28.0500 4672 TDPIPE - ok
17:06:28.0515 4672 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:06:28.0609 4672 TDTCP - ok
17:06:28.0609 4672 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:06:28.0703 4672 TermDD - ok
17:06:28.0703 4672 TosIde - ok
17:06:28.0796 4672 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
17:06:28.0796 4672 TuneUpUtilitiesDrv - ok
17:06:28.0828 4672 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:06:28.0921 4672 Udfs - ok
17:06:28.0921 4672 ultra - ok
17:06:28.0953 4672 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:06:29.0046 4672 Update - ok
17:06:29.0078 4672 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:06:29.0125 4672 USBAAPL - ok
17:06:29.0156 4672 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:06:29.0250 4672 usbehci - ok
17:06:29.0265 4672 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:06:29.0359 4672 usbhub - ok
17:06:29.0390 4672 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:06:29.0468 4672 usbprint - ok
17:06:29.0484 4672 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:06:29.0546 4672 usbscan - ok
17:06:29.0546 4672 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:06:29.0625 4672 usbstor - ok
17:06:29.0625 4672 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:06:29.0718 4672 usbuhci - ok
17:06:29.0750 4672 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:06:29.0828 4672 VgaSave - ok
17:06:29.0843 4672 ViaIde - ok
17:06:29.0859 4672 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
17:06:29.0921 4672 VolSnap - ok
17:06:29.0937 4672 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:06:30.0015 4672 Wanarp - ok
17:06:30.0046 4672 Wdf01000 (060e8cb99cc0a6751db5810c042b0d45) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:06:30.0093 4672 Wdf01000 - ok
17:06:30.0093 4672 WDICA - ok
17:06:30.0109 4672 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:06:30.0203 4672 wdmaud - ok
17:06:30.0234 4672 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\WINDOWS\system32\drivers\WmBEnum.sys
17:06:30.0250 4672 WmBEnum - ok
17:06:30.0265 4672 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\WINDOWS\system32\drivers\WmFilter.sys
17:06:30.0296 4672 WmFilter - ok
17:06:30.0312 4672 WmHidLo (1f596392149cac51f7c095af7d533934) C:\WINDOWS\system32\drivers\WmHidLo.sys
17:06:30.0328 4672 WmHidLo - ok
17:06:30.0359 4672 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\WINDOWS\system32\drivers\WmVirHid.sys
17:06:30.0390 4672 WmVirHid - ok
17:06:30.0390 4672 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\WINDOWS\system32\drivers\WmXlCore.sys
17:06:30.0421 4672 WmXlCore - ok
17:06:30.0484 4672 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:06:30.0531 4672 WpdUsb - ok
17:06:30.0546 4672 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:06:30.0562 4672 WudfPf - ok
17:06:30.0578 4672 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:06:30.0609 4672 WudfRd - ok
17:06:30.0609 4672 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
17:06:30.0796 4672 \Device\Harddisk0\DR0 - ok
17:06:30.0796 4672 MBR (0x1B8) (205060f860aa1ec25b607a1b5b40a40c) \Device\Harddisk1\DR1
17:06:30.0843 4672 \Device\Harddisk1\DR1 - ok
17:06:30.0859 4672 Boot (0x1200) (2c4b9b7bdcb9cf8ea7f230de5e8b5e6b) \Device\Harddisk0\DR0\Partition0
17:06:30.0859 4672 \Device\Harddisk0\DR0\Partition0 - ok
17:06:30.0875 4672 Boot (0x1200) (1b8c11e07ebac4ca3aa220e2b8ad2e34) \Device\Harddisk0\DR0\Partition1
17:06:30.0875 4672 \Device\Harddisk0\DR0\Partition1 - ok
17:06:30.0875 4672 Boot (0x1200) (03366f66e51380f9332195bff8da5808) \Device\Harddisk1\DR1\Partition0
17:06:30.0890 4672 \Device\Harddisk1\DR1\Partition0 - ok
17:06:30.0890 4672 ============================================================
17:06:30.0890 4672 Scan finished
17:06:30.0890 4672 ============================================================
17:06:31.0000 5792 Detected object count: 13
17:06:31.0000 5792 Actual detected object count: 13
17:07:22.0812 5792 CT20XUT.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:22.0812 5792 CT20XUT.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:07:22.0812 5792 CTEAPSFX.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:22.0812 5792 CTEAPSFX.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:07:22.0812 5792 CTEDSPFX.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:22.0812 5792 CTEDSPFX.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:07:22.0812 5792 CTEDSPIO.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:22.0812 5792 CTEDSPIO.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:07:22.0812 5792 CTEDSPSY.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:22.0812 5792 CTEDSPSY.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:07:22.0812 5792 CTEXFIFX.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:22.0812 5792 CTEXFIFX.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:07:22.0812 5792 CTHWIUT.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:22.0812 5792 CTHWIUT.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:07:22.0812 5792 NPF_devolo ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:22.0812 5792 NPF_devolo ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:07:22.0812 5792 prodrv06 ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:22.0812 5792 prodrv06 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:07:22.0812 5792 prohlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:22.0812 5792 prohlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:07:22.0812 5792 prosync1 ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:22.0812 5792 prosync1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:07:22.0812 5792 sfhlp01 ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:22.0812 5792 sfhlp01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:07:22.0812 5792 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:22.0812 5792 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

danke

malwarebytes:
Downloade Dir bitte Malwarebytes

• Installiere
  das Programm in den vorgegebenen Pfad.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche
  nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet
  ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste
  das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

So der Feiertagsstress ist vorbei. Die Famile liegt noch krank danieder,
da kann ich mich endlich wieder um meinen Rechner kümmern.

Hier die Logdatei:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122308

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.12.2011 22:40:12
mbam-log-2011-12-23 (22-40-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 536753
Laufzeit: 2 Stunde(n), 30 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (hxxp://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (hxxp://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (hxxp://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\dokumente und einstellungen\Andreas\eigene dateien\downloads\u1005.exe (Trojan.Agent) -> Quarantined and deleted successfully.

ok,
lade den CCleaner standard:
CCleaner Download - CCleaner 3.14.1616
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Hallo hier das File

2007 Microsoft Office system Microsoft Corporation 29.12.2011 12.0.6425.1000 notwendig
7-Zip 9.20 29.12.2011 notwendig
ACDSee Pro 2.5 ACD Systems International 19.11.2010 90,8MB 2.5.333 notwendig
Adobe AIR Adobe Systems Inc. 15.02.2011 2.5.1.17730 unbekannt
Adobe Color Common Settings Adobe Systems Incorporated 23.11.2010 1.0.1 unbekannt
Adobe Digital Editions 29.12.2011 unbekannt
Adobe ExtendScript Toolkit 2 Adobe Systems Incorporated 23.11.2010 2.0.2 unbekannt
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 29.12.2011 10.1.102.64 unnötig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 29.12.2011 11.0.1.152 notwendig
Adobe Photoshop CS3 Adobe Systems Incorporated 23.11.2010 10.0 notwendig
Adobe Reader X (10.1.1) - Deutsch Adobe Systems Incorporated 24.12.2011 179,3MB 10.01.2001 notwendig
Apple Application Support Apple Inc. 16.12.2011 62,8MB 02.01.2006 unbekannt
Apple Mobile Device Support Apple Inc. 25.11.2011 24,1MB 4.0.0.97 unbekannt
Apple Software Update Apple Inc. 04.07.2011 2,25MB 2.1.3.127 unbekannt
Avira Free Antivirus Avira 29.12.2011 12.0.0.872 notwendig
Bonjour Apple Inc. 11.11.2011 1,03MB 3.0.0.10 notwendig
Bonjour-Druckdienste Apple Inc. 09.01.2011 2,70MB 2.0.0.36 unnötig
Canon i850 29.12.2011 notwendig
CCleaner Piriform 29.12.2011 Mrz 14 notwendig
CDBurnerXP CDBurnerXP 23.12.2011 4.4.0.2838 notwendig
Colin McRae Rally 2005 29.12.2011 1.00.000 notwendig
ConvertHelper 2.2 DownloadHelper 25.11.2010 notwendig
Creative Software AutoUpdate Creative Technology Limited 29.12.2011 Jan 40 unnötig
Creative-Audiokonsole 29.12.2011 unnötig
Creative-Audiokonsole Creative Technology Limited 29.12.2011 Jan 33 unnötig
CrypTool 2.0 (beta) Deutsche Bank / Contributors 25.01.2011 29,3MB 2.0.3631 notwendig
CwGet V2.25 31.05.2011 notwendig
DesignPro 5 Avery Dennison 26.02.2011 5.3.705 notwendig
devolo dLAN Cockpit devolo AG 29.12.2011 1.0 notwendig
DivxToDVD 0.5.2b VSO-Software SARL 23.12.2011 0.5.2b notwendig
Download Center Software.com 29.12.2011 2, 0, 0, 450 unbekannt
Easytrans 29.12.2011 unnötig
ENIGMA 29.12.2011 notwendig
Final Media Player 2010 Bitberry Software 18.01.2011 unnötig
FLV Player 2.0 (build 25) Martijn de Visser 29.12.2011 2.0 (build 25) notwendig
Foxit Reader Foxit Corporation 29.12.2011 4.3.0.1110 unnötig
Foxit Toolbar Ask.com 19.11.2010 2,57MB 1.9.1.0 unnötig
Garmin MapSource Garmin Ltd or its subsidiaries 13.06.2011 43,6MB 6.15.11 notwendig
Garmin TOPO Nederland Garmin Fan, Inc. 23.12.2011 notwendig
Garmin Trip and Waypoint Manager v4 Garmin Ltd or its subsidiaries 23.03.2011 19,9MB 4.0.0.0 notwendig
Garmin Trip and Waypoint Manager v5 Garmin Ltd or its subsidiaries 19.11.2010 56,3MB 5.0.0.0 notwendig
Garmin USB Drivers Garmin Ltd or its subsidiaries 19.11.2010 0,12MB 2.3.0.0 notwendig
GeoSetter 3.4.16 Friedemann Schmidt 26.05.2011 notwendig
GIMP 2.6.11 The GIMP Team 05.12.2010 02.06.2011 notwendig
Google Earth Google 15.11.2011 92,8MB 6.1.0.5001 notwendig
GPSBabel 1.4.2 GPSBabel 18.04.2011 notwendig
GSAK 8.0.1.39 (patch) CWE computer services 25.12.2011 notwendig
HELI-X 3.0 Demo Michael Schreiner 19.12.2010 notwendig
Inkscape 0.48.0 29.12.2011 0.48.0 notwendig
IrfanView (remove only) Irfan Skiljan 29.12.2011 Apr 28 notwendig
iTunes Apple Inc. 16.12.2011 169,6MB 10.5.2.11 notwendig
Java(TM) 6 Update 24 Oracle 19.11.2010 91,0MB 6.0.240 notwendig
JDownloader AppWork UG (haftungsbeschränkt) 29.12.2011 unbekannt
Logitech Gaming Software 5.10 Logitech 13.09.2011 14,3MB 5.10.127 notwendig
Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 23.12.2011 1.51.2.1300 notwendig
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU Microsoft Corporation 25.11.2010 6,18MB 2.1.21022 unbekannt
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 12.10.2011 535MB 2.2.30729 unbekannt
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU Microsoft Corporation 25.11.2010 16,8MB 3.1.21022 unbekannt
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 28.11.2010 283MB 3.2.30729 unbekannt
Microsoft .NET Framework 3.5 Language Pack - DEU Microsoft Corporation 23.12.2011 unbekannt
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 28.11.2010 unbekannt
Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 28.11.2010 1 unbekannt
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1 Microsoft Corporation 12.01.2011 unbekannt
Microsoft Office File Validation Add-In Microsoft Corporation 15.09.2011 11,2MB 14.0.5130.5003 unbekannt
Microsoft Office FrontPage 2003 Microsoft Corporation 15.09.2011 360MB 11.0.8173.0 notwendig
Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation 28.11.2010 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 13.09.2011 5,28MB 8.0.61001 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 12.09.2011 9,65MB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 18.11.2010 10,2MB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 10,2MB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 17.10.2011 15,0MB 10.0.40219 unbekannt
MIDI4all Webdesign-Forum.de 18.03.2011 MIDI4all 1.5 unbekannt
MobileMe Control Panel Apple Inc. 11.11.2011 12,9MB 3.1.8.0 unbekannt
Mopsos 1.0.112 26.11.2010 Bornhaupt 06.01.2011 notwendig
Mozilla Firefox 4.0b9 (x86 de) Mozilla 29.12.2011 4.0b9 unnötig
Mozilla Firefox 8.0 (x86 de) Mozilla 29.12.2011 8.0 notwendig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 23.05.2011 1,42MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 23.05.2011 2,86MB 4.20.9876.0 unbekannt
MyTomTom 3.1.0.530 TomTom 29.12.2011 3.1.0.530 notwendig
NetDrive MacroData Inc. 29.12.2011 1.2.0.4 notwendig
Notepad++ 29.12.2011 05.08.2006 notwendig
NVIDIA Display Control Panel NVIDIA Corporation 29.12.2011 6.14.12.5896 unbekannt
NVIDIA Drivers NVIDIA Corporation 29.12.2011 1.10.62.40 unbekannt
NVIDIA nView Desktop Manager NVIDIA Corporation 29.12.2011 6.14.10.13527 unbekannt
PDFCreator Frank Heindörfer, Philip Chinery 24.07.2011 01.02.2001 notwendig
PMB Sony Corporation 26.05.2011 306MB 5.6.01.03300 notwendig
PSPad editor Jan Fiala 29.09.2011 notwendig
QuickTime Apple Inc. 11.11.2011 73,3MB 7.71.80.42 notwendig
Radio.fx Tobit.Software 29.12.2011 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 19.11.2010 5.10.0.5859 unbekannt
Safari Apple Inc. 11.11.2011 43,2MB 5.34.51.22 unnötig
Schlagerhöllen-Player Version 3.02.0 16.03.2011 unnötig
Security Update for Windows Search 4 - KB963093 Microsoft Corporation 19.11.2010 unbekannt
SpaceChem Zachtronics Industries 12.03.2011 1006 notwendig
Spoiler Sync aRRKS 25.10.2011 notwendig
Spyder3Pro 29.12.2011 notwendig
Stellarium 0.10.6.1 30.09.2011 notwendig
TB-Logger Seelenreiter 25.11.2010 0,13MB 1.0.0 notwendig
TeamViewer 6 TeamViewer GmbH 29.12.2011 6.0.9895 notwendig
Topo Deutschland v2 Garmin Deutschland GmbH 23.03.2011 1.587MB 2.00 notwendig
TuneUp Utilities TuneUp Software 24.02.2011 9.0.5110.1 notwendig
Tux Paint 0.9.21 New Breed Software 28.11.2010 notwendig
Tux Paint Stamps 2009-06-28 New Breed Software 28.11.2010 notwendig
Urwigo Urwigo 1.12.0.130 notwendig
Veetle TV 0.9.18 Veetle, Inc 23.12.2011 0.9.18 unbekannt
Visual Studio C++ 10.0 Runtime TomTom International B.V. 24.12.2011 8,00KB 10.0.0 unbekannt
VLC media player 1.1.11 VideoLAN 29.12.2011 01.01.2011 notwendig
Vuze Vuze Inc. 23.12.2011 04. Jun unnötig
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Garmin 29.12.2011 06/03/2009 2.3.0.0 notwendig
Windows Internet Explorer 8 Microsoft Corporation 18.11.2010 20.090.308.140.743 notwendig
Windows Media Format 11 runtime 29.12.2011 unbekannt
Windows Media Player 11 29.12.2011 notwendig
Windows Search 4.0 Microsoft Corporation 19.11.2010 04.00.6001.503 unbekannt
XMind XMind Ltd. 29.12.2011 03.02.2001 notwendig

deinstaliere:
Adobe alle mit unbekannt und unnötig gekennzeichneten.
Adobe Flash Player beide
Adobe - Andere Version des Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok


deinstaliere
Bonjour-Druckdienste
Creative alle
Download Center
Easytrans
Final Media
Foxit beide
Java
Download der kostenlosen Java-Software
downloade java jre instaliere es

deinstalire
JDownloader
Mozilla Firefox 4.0b9
Schlagerhöllen
TuneUp verzichte auf solchen unsinn, tunen kann es eh kaum, im und dafür aber viel versauen.
im besten fall wird das system nur langsamer, im schlimmsten nicht mehr bootbar.
Veetle TV
Vuze
Windows Search

ccleaner öffnen, analysieren, bereinigen

Hallo,
Danke schön alles ausgeführt.