Ukash Bundespolizeivirus paysafecard (auf Windows XP)

Regression · 14.03.2012, 23:48

Guten Abend!
Wie zahlreiche Leute vor mir hat auch mich soeben der 100€ Ukash Virus erwischt. Und wie auch der Kollegen von vor einigen Minuten bin auch ich auf iLoad geraten und-zack! hier bin ich nun

Ich hoffe sehr, hier finden sich an paar erfahrene Ukash-Killer, die mir weiterhelfen können

Danke schonmal im Voraus und hier Extras&OTL.Txt als Codes und Anhang - weiß nicht, wie ihr das lieber habt.

Liebe Grüße,
Regression

Extras.Txt:

Code:

ATTFilter

OTL Extras logfile created on: 14.03.2012 23:23:03 - Run 1
OTL by OldTimer - Version 3.2.37.0     Folder = C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,73 Mb Total Physical Memory | 748,75 Mb Available Physical Memory | 73,21% Memory free
2,40 Gb Paging File | 2,31 Gb Available in Paging File | 96,09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 87,90 Gb Total Space | 16,36 Gb Free Space | 18,61% Space Free | Partition Type: NTFS
Drive D: | 87,90 Gb Total Space | 4,07 Gb Free Space | 4,63% Space Free | Partition Type: NTFS
Drive E: | 57,09 Gb Total Space | 48,85 Gb Free Space | 85,58% Space Free | Partition Type: NTFS
Drive G: | 149,04 Gb Total Space | 89,41 Gb Free Space | 59,99% Space Free | Partition Type: NTFS
 
Computer Name: DACHGESCHOSS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "D:\Programme\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe" = C:\Programme\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe:*:Enabled:EpsonNet Setup
"C:\Programme\Epson Software\Event Manager\EEventManager.exe" = C:\Programme\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth
"C:\Programme\Winamp\winamp.exe" = C:\Programme\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\Bianca\Anwendungsdaten\Spotify\spotify.exe" = C:\Dokumente und Einstellungen\Bianca\Anwendungsdaten\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"D:\Programme\jAlbum\jAlbum.exe" = D:\Programme\jAlbum\jAlbum.exe:*:Enabled:jAlbum
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"F:\Network\EpsonNetSetup\ENEasyApp.exe" = F:\Network\EpsonNetSetup\ENEasyApp.exe:*:Enabled:EpsonNet Setup
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05709317-05C6-BED8-3DE2-AB2D8EEAA485}" = twhirl
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{2B7E302B-9360-4A45-9A21-472D26A1EC47}" = DHP-302
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E15666-43C1-91A7-0281-498F9D383B2C}" = simfy
"{3A4FB885-E21E-48E9-9AFF-FF37D1ECB45F}" = Multimedia office keyboard
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B0E58BD-1F06-4A17-80FB-7C93C5FD039B}" = Lyrics Plugin for iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6091F327-2B13-4193-A6F1-4B2271613A74}_is1" = Feed Notifier 2.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{6E6F96BF-82BD-4EA7-96C9-CEF827A3B161}" = Collage Maker
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A556A5AD-2A0D-48ED-A8E8-EA524CA0D366}_is1" = LyricsFetcher v0.7
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 10.0.650.0
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"C-Media Audio" = C-Media 3D Audio
"conduitEngine" = Conduit Engine 
"Corel Applications" = Corel(R) Applications
"de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1" = twhirl
"DesktopIconAmazon" = Desktop Icon für Amazon
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus Office BX310FN_TX510FN Benutzerhandbuch" = Epson Stylus Office BX310FN_TX510FN Handbuch
"EPSON SX235 Series" = EPSON SX235 Series Printer Uninstall
"ewidoantispyware4" = ewido anti-spyware 4.0
"facemoods" = Facemoods Toolbar
"foobar2000" = foobar2000 v1.0.3
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.3
"Free Studio_is1" = Free Studio version 5.1.4
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.0
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GSview 4.9" = GSview 4.9
"ie8" = Windows Internet Explorer 8
"Indeo® Software" = Indeo® Software
"InstallShield_{2B7E302B-9360-4A45-9A21-472D26A1EC47}" = DHP-302
"IrfanView" = IrfanView (remove only)
"iScrobbler" = iScrobbler
"LastFM_is1" = Last.fm 1.5.4.27091
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MP3 Remix for Winamp" = MP3 Remix for Winamp
"MP3 WAV Converter 2.65" = MP3 WAV Converter 2.65
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Neopets" = Neopets 
"NVIDIA Display Driver" = NVIDIA Display Driver
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a
"PosteRazor_is1" = PosteRazor
"Q10" = Q10 Editor
"Screenshot Utility_is1" = Screenshot Utility version 1.0
"Simfy" = simfy
"Some PDF to Txt Converter_is1" = Some PDF to Txt Converter 1.5
"ST6UNST #1" = iPodLibrary v1.2b
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"TagScanner_is1" = TagScanner 5.1.597
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VisiPics_is1" = VisiPics V1.30
"VLC media player" = VLC media player 1.1.8
"Wallpaper Changer_is1" = Wallpaper Changer (Remove only)
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.02.2012 05:22:37 | Computer Name = DACHGESCHOSS | Source = .NET Runtime | ID = 1026
Description = Application: SciLors GrooveDownloader.vshost.exe Framework Version:
 v4.0.30319 Description: The process was terminated due to an unhandled exception.
Exception
 Info: System.IO.FileNotFoundException Stack:    at Microsoft.VisualStudio.HostingProcess.EntryPoint.Main()

 
Error - 22.02.2012 12:58:57 | Computer Name = DACHGESCHOSS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung finepixviewer.exe, Version 5.5.3.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 22.02.2012 13:02:33 | Computer Name = DACHGESCHOSS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung finepixviewer.exe, Version 5.5.3.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 26.02.2012 16:55:46 | Computer Name = DACHGESCHOSS | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AcroRd32.exe, Version 10.1.1.33, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 28.02.2012 06:22:23 | Computer Name = DACHGESCHOSS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iron.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul npswf32.dll, Version 11.0.1.152, Fehleradresse 0x001ac714.
 
Error - 01.03.2012 04:14:29 | Computer Name = DACHGESCHOSS | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung FinePixViewer.exe, Version 5.5.3.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 01.03.2012 12:09:24 | Computer Name = DACHGESCHOSS | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung gimp-2.6.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 05.03.2012 04:32:04 | Computer Name = DACHGESCHOSS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung winamp.exe, Version 5.6.1.3133, fehlgeschlagenes
 Modul dsp_pacemaker.dll, Version 1.3.2.0, Fehleradresse 0x00006f53.
 
Error - 08.03.2012 15:44:06 | Computer Name = DACHGESCHOSS | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iron.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul npswf32.dll, Version 11.0.1.152, Fehleradresse 0x001ac714.
 
Error - 10.03.2012 04:07:35 | Computer Name = DACHGESCHOSS | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iTunes.exe, Version 10.6.0.40, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 14.03.2012 17:31:46 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google
 Update Service (gupdate).
 
Error - 14.03.2012 17:31:46 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 14.03.2012 17:31:46 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Machine
 Debug Manager.
 
Error - 14.03.2012 17:31:46 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Machine Debug Manager" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 14.03.2012 17:36:03 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google
 Update Service (gupdate).
 
Error - 14.03.2012 17:36:03 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 14.03.2012 18:02:17 | Computer Name = DACHGESCHOSS | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ewido anti-spyware 4.0 driver  Fips  intelppm
 
Error - 14.03.2012 18:02:34 | Computer Name = DACHGESCHOSS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 14.03.2012 18:19:13 | Computer Name = DACHGESCHOSS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 14.03.2012 18:20:20 | Computer Name = DACHGESCHOSS | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
 
< End of report >

Und OTL.Txt:

Code:

ATTFilter

OTL logfile created on: 14.03.2012 23:23:03 - Run 1
OTL by OldTimer - Version 3.2.37.0     Folder = C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,73 Mb Total Physical Memory | 748,75 Mb Available Physical Memory | 73,21% Memory free
2,40 Gb Paging File | 2,31 Gb Available in Paging File | 96,09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 87,90 Gb Total Space | 16,36 Gb Free Space | 18,61% Space Free | Partition Type: NTFS
Drive D: | 87,90 Gb Total Space | 4,07 Gb Free Space | 4,63% Space Free | Partition Type: NTFS
Drive E: | 57,09 Gb Total Space | 48,85 Gb Free Space | 85,58% Space Free | Partition Type: NTFS
Drive G: | 149,04 Gb Total Space | 89,41 Gb Free Space | 59,99% Space Free | Partition Type: NTFS
 
Computer Name: DACHGESCHOSS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.14 23:20:15 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Desktop\OTL.exe
PRC - [2011.06.15 20:56:45 | 000,864,664 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.06.15 20:56:44 | 001,355,968 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.05 18:04:58 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.06.15 20:56:53 | 000,271,856 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\RPAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.02.27 00:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.06.15 20:56:44 | 001,355,968 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.01.13 02:00:00 | 000,156,160 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV - [2011.01.13 02:00:00 | 000,125,440 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2006.06.16 15:38:44 | 000,172,032 | ---- | M] (Anti-Malware Development a.s.) [Auto | Stopped] -- C:\Programme\ewido anti-spyware 4.0\guard.exe -- (ewido anti-spyware 4.0 guard)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2010.06.09 20:56:48 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2008.04.13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006.06.16 15:38:54 | 000,003,968 | ---- | M] () [Kernel | System | Stopped] -- C:\Programme\ewido anti-spyware 4.0\guard.sys -- (ewido anti-spyware 4.0 driver)
DRV - [2004.08.03 23:38:56 | 000,327,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2003.07.02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Programme\BitDefender\BitDefender 2010\bdaphffext\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.08 20:44:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.03.08 20:44:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.03.08 20:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.03.08 20:44:19 | 000,000,000 | ---D | M]
 
[2012.02.12 15:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.14 09:41:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.26 11:52:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.13 10:58:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2010.03.16 10:55:22 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 10:55:22 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.07 16:54:59 | 000,002,048 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.03.16 10:55:22 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.16 10:55:22 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.16 10:55:22 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2001.08.18 20:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [facemoods] C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [FUFAXSTM] C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Wallpaper]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ExifLauncher2.lnk = D:\Programme\QuickDCF2.exe (FUJIFILM Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Mozilla Thunderbird (2).lnk = C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Multimedia office keyboard.lnk = C:\Programme\Multimedia office keyboard\driver\OEMDriver.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271189193484 (WUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D613512D-69CA-4093-BFAD-DEB17341F5EE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\x-mem1 {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\WowCtl2.dll (EzTools Software)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O27 - HKLM IFEO\chrome.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\opera.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\safari.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Programme\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.03 19:58:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: SSHNAS -  File not found
 
MsConfig - StartUpReg: Firefox - hkey= - key= - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.14 23:20:22 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Desktop\OTL.exe
[2012.03.14 23:19:05 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Eigene Dateien
[2012.03.14 23:12:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Anwendungsdaten\Adobe
[2012.03.14 23:03:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Lokale Einstellungen\Anwendungsdaten\Chromium
[2012.03.14 23:02:51 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\IETldCache
[2012.03.14 23:02:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2012.03.14 23:02:11 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Anwendungsdaten\Microsoft
[2012.03.14 23:02:11 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\SendTo
[2012.03.14 23:02:11 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Anwendungsdaten
[2012.03.14 23:02:11 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Startmenü\Programme\Zubehör
[2012.03.14 23:02:11 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Startmenü
[2012.03.14 23:02:11 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Startmenü\Programme\Autostart
[2012.03.14 23:02:11 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Cookies
[2012.03.14 23:02:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Vorlagen
[2012.03.14 23:02:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Recent
[2012.03.14 23:02:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Netzwerkumgebung
[2012.03.14 23:02:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Lokale Einstellungen
[2012.03.14 23:02:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Druckumgebung
[2012.03.14 23:02:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Anwendungsdaten\Macromedia
[2012.03.14 23:02:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Favoriten
[2012.03.14 23:02:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Desktop
[2012.03.08 21:18:19 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2012.03.08 20:43:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.14 23:20:15 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Desktop\OTL.exe
[2012.03.14 23:02:33 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012.03.14 23:01:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.14 21:05:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Epson Printer Software Downloader.job
[2012.03.11 12:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Datenträgerbereinigung.job
[2012.03.09 12:30:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.08 21:19:05 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012.03.08 20:21:04 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.14 23:02:12 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\Startmenü\Programme\Remoteunterstützung.lnk
[2012.03.08 21:19:05 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2011.09.15 21:44:01 | 000,470,309 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1957994488-1417001333-839522115-1003-0.dat
[2011.09.04 23:14:21 | 000,378,634 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.04.07 14:55:32 | 020,586,196 | ---- | C] () -- C:\Programme\vlc-1.1.8-win32.exe
[2011.03.04 11:55:17 | 000,103,232 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.03.02 16:18:21 | 000,000,197 | ---- | C] () -- C:\WINDOWS\Assimil_d_fi.INI
[2011.03.02 16:18:08 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010.12.28 16:06:10 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\PDF2TXT.DAT
[2010.10.13 22:34:55 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.09.26 16:28:12 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010.09.26 16:28:12 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010.08.10 22:55:12 | 000,240,768 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.06.29 16:47:25 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010.06.27 13:06:59 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2010.06.14 17:51:24 | 000,001,528 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.05.18 21:08:33 | 001,133,418 | ---- | C] () -- C:\Programme\abcaudio_setup.exe
[2010.04.22 22:25:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010.04.22 07:45:17 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.04.21 19:20:28 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010.04.21 19:20:26 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010.04.21 19:20:26 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010.04.21 19:20:26 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010.04.21 19:20:25 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010.04.21 19:20:25 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010.04.21 19:20:25 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010.04.21 19:20:25 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010.04.21 19:20:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010.04.21 19:20:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010.04.21 19:20:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010.04.21 19:20:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010.04.21 19:20:23 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010.04.21 19:20:23 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010.04.21 19:20:23 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010.04.21 19:20:23 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010.04.21 19:20:22 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010.04.21 19:20:22 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010.04.21 19:20:22 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010.04.13 20:03:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2010.04.13 20:03:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010.04.13 20:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
 
========== LOP Check ==========
 
[2010.04.13 20:20:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender
[2010.06.11 22:23:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2012.01.04 20:42:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2010.12.26 00:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm
[2010.10.06 17:07:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
[2010.09.25 22:34:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MP3 Remix
[2010.07.05 21:50:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PferdeHof
[2010.03.11 11:36:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\The Journal
[2010.04.21 20:05:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2011.03.21 14:20:45 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010.11.28 20:26:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.04.11 20:53:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.12.26 14:47:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012.03.14 23:02:33 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012.03.11 12:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\Datenträgerbereinigung.job
[2012.03.14 21:05:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Epson Printer Software Downloader.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012.03.08 21:19:51 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2012.03.14 23:02:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2010.06.12 11:15:22 | 000,000,000 | ---D | M] -- C:\Eigene Dateien
[2010.03.05 17:14:41 | 000,000,000 | -HSD | M] -- C:\found.000
[2010.08.31 09:28:27 | 000,000,000 | ---D | M] -- C:\My Music
[2011.03.10 20:46:33 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.03.08 21:18:19 | 000,000,000 | ---D | M] -- C:\Programme
[2010.06.12 12:46:43 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010.05.15 07:14:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.11 08:14:56 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2004.07.31 15:17:04 | 001,133,418 | ---- | M] () -- C:\Programme\abcaudio_setup.exe
[2011.04.07 14:56:03 | 020,586,196 | ---- | M] () -- C:\Programme\vlc-1.1.8-win32.exe
[2008.08.09 18:08:22 | 000,177,152 | ---- | M] () -- C:\Programme\WaveGain.exe
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.05.20 19:34:24 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010.05.20 19:34:24 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 02:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.05.20 19:34:24 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010.05.20 19:34:24 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.03 23:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.03 23:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.03 23:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.03 23:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.03 23:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.03 23:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2004.03.29 06:45:36 | 000,073,600 | R--- | M] (VIA Technologies inc,.ltd) MD5=65864ABA65EEE06EA586009301834E43 -- C:\WINDOWS\system32\drivers\viamraid.sys
 
< MD5 for: WINLOGON.EXE  >
[2004.08.03 23:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.18 20:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.18 20:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2010.03.03 20:43:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.03.03 20:43:31 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.03.03 20:43:31 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[11 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.03.14 23:19:21 | 000,786,432 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\NTUSER.DAT
[2012.03.14 23:20:22 | 000,397,312 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\NTUSER.DAT.LOG
[2012.03.14 23:02:13 | 000,000,020 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator.DACHGESCHOSS.001\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2010.12.31 15:03:39 | 001,855,104 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >

Chris4You · 15.03.2012, 08:50

Hi,

ist das OTL-Log vom verseuchten Konto?

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
O27 - HKLM IFEO\chrome.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\opera.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\safari.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

Regression · 15.03.2012, 09:49

Erstmal Vielen Dank für deine schnelle und kompetente Hilfe

Ja, den OTL-Log habe ich über den abgesicherten Modus (den mit dem Netzwerk) von dem betroffenem Konto (das gleichzeitig Adminstrator ist) gemacht. Sonst gibt es nur noch ein weiteres Konto, was ich vor Jahren mal erstellt habe und seitdem nie wieder genutzt hab.

Ich habe also deine erste Anweisung ausgeführt: Nachdem ich auf Run Fixes geklickt habe und es eine Zeit dauerte, hab ich mich vom PC entfernt. Als ich dann zurück kam sah ich die Meldung, dass OTL einen Neustart bräuchte, dem ich dann zugestimmt habe. Der Computer ist dann im Normalmodus ordentlich hochgefahren und nachdem ich meine Genehmigung für OTL mit 'Ausführen' gegeben habe, öffnete sich folgende txt Datei betitelt mit "03152012_0856212 .

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe\ deleted successfully.
C:\Programme\Internet Explorer\iexplore.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe\ deleted successfully.
File C:\Programme\Internet Explorer\iexplore.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe\ deleted successfully.
File C:\Programme\Internet Explorer\iexplore.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe\ deleted successfully.
File C:\Programme\Internet Explorer\iexplore.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 413019 bytes
 
User: Administrator.DACHGESCHOSS
->Temporary Internet Files folder emptied: 32768 bytes
 
User: Administrator.DACHGESCHOSS.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 276283 bytes
 
User: Administrator.DACHGESCHOSS.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57912 bytes
 
User: All Users
 
User: Bianca
->Temp folder emptied: 3215058772 bytes
->Temporary Internet Files folder emptied: 1542288127 bytes
->Java cache emptied: 53642820 bytes
->FireFox cache emptied: 315258845 bytes
->Flash cache emptied: 292974 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Gast
 
User: Hilfeassistent
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 154200457 bytes
 
User: SUPPORT_388945a0
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1335785 bytes
%systemroot%\System32 .tmp files removed: 5558695 bytes
%systemroot%\System32\dllcache .tmp files removed: 1180672 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53139073 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 5.095,00 mb
 
 
OTL by OldTimer - Version 3.2.37.0 log created on 03152012_085621

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

(Als Anhang kann ich die Datei hier komischerweise nicht anhängen, ich hoffe das geht auch so?)

Ist das nun das gleiche wie das Ergebnisfenster, von dem du gesprochen hast? Wenn nicht, müsstest du mir vielleicht erklären, wie ich jetzt noch da rankommen kann, da sich bei mir sonst nichts geöffnet hat :/

Und Malwarebytes ist gerade fleißig am arbeiten - sobald er fertig ist, werde ich die Ergebnisse hier nachtragen.

lg

Chris4You · 15.03.2012, 10:16

Hi,

ist das richtige log...

chris

Regression · 15.03.2012, 16:46

Hier wie versprochen der Log:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.15.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bianca :: DACHGESCHOSS [administrator]

Protection: Enabled

15.03.2012 09:34:19
mbam-log-2012-03-15 (16-37-02).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 375867
Time elapsed: 2 hour(s), 7 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKCU\Software\WEK9EMDHI9 (Trojan.Agent) -> No action taken.
HKCU\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vasja (Trojan.RansomP.Gen) -> Data: C:\DOKUME~1\Bianca\LOKALE~1\Temp\mor.exe -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\Dokumente und Einstellungen\file.exe (Heuristics.Shuriken) -> No action taken.
C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads\refog_setup_free_kl_615.exe (Spyware.KGBSpy) -> No action taken.
C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads\SoftonicDownloader_for_collage-maker.exe (PUP.BundleOffer.Downloader.S) -> No action taken.
C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads\lyricsfetcher.exe (PUP.BundleOffer.Downloader.S) -> No action taken.
C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads\BflixInstaller.exe (Affiliate.Downloader) -> No action taken.
G:\Sicherung\Downloads\BflixInstaller.exe (Affiliate.Downloader) -> No action taken.
G:\Sicherung\Downloads\refog_setup_free_kl_615.exe (Spyware.KGBSpy) -> No action taken.
G:\Sicherung\Downloads\SoftonicDownloader_for_collage-maker.exe (PUP.BundleOffer.Downloader.S) -> No action taken.
G:\Sicherung 15.5.2011\Downloads\BflixInstaller.exe (Affiliate.Downloader) -> No action taken.
G:\Sicherung 15.5.2011\Downloads\refog_setup_free_kl_615.exe (Spyware.KGBSpy) -> No action taken.

(end)

War denn mein Virus schon dabei oder wird das noch eine längere Geschichte?

Chris4You · 15.03.2012, 20:32

Hi,

ooch, da waren noch ein paar andere dabei...

Alles gefundene von MAM löschen lassen!

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren!

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.

Vista und Win7 User mit Rechtsklick "als Administrator starten"

Das Tool braucht nur eine Sekunde.

Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste bitte den Inhalt des .txt Dokumentes

chris

Regression · 15.03.2012, 21:25

Gmer:
Zunächst habe ich versucht im Normalmodus zu scannen. Hat nicht geklappt, ich habe sofort blauen Bildschirm gehabt, der mir sagte, dass er zum Schutz des Pcs runterfährt oder sowas. Beim 2. Versuch das gleiche.

Dann hab ich es im abgesichterten Modus versucht. Hier schien der Scan auch zu starten und in der Liste links erschienen einige Einträge jedoch ging es dann plötzlich nicht mehr weiter. Die gerade gescannte Datei unten veränderte sich nicht mehr und egal wohin ich auf dem Bildschirm klickte, passierte nichts außer einem Windows-Pling-Ton und mir bliebt nichts anderes übrig, als abzuschalten

Soll ich vielleicht nochmal scannen und die bis zum Festhängen aufgelisteten Dateien aufschreiben? Weiß ja nicht, ob das was hilft, ansonsten hast du ja vielleicht einen Rat, wie es doch noch klappt.

MBR-Check

Alles geklappt, hier der Log:

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Professional
Windows Information:		Service Pack 3 (build 2600)
Logical Drives Mask:		0x0000007d

Kernel Drivers (total 121):
  0x804D7000 \WINDOWS\system32\ntoskrnl.exe
  0x806EF000 \WINDOWS\system32\hal.dll
  0xF7D63000 \WINDOWS\system32\KDCOM.DLL
  0xF7C73000 \WINDOWS\system32\BOOTVID.dll
  0xF7813000 ACPI.sys
  0xF7D65000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
  0xF7802000 pci.sys
  0xF7863000 isapnp.sys
  0xF7873000 ohci1394.sys
  0xF7883000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
  0xF7E2B000 pciide.sys
  0xF7AE3000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
  0xF7D67000 viaide.sys
  0xF7893000 MountMgr.sys
  0xF77E3000 ftdisk.sys
  0xF7D69000 dmload.sys
  0xF77BD000 dmio.sys
  0xF7AEB000 PartMgr.sys
  0xF78A3000 VolSnap.sys
  0xF77A5000 atapi.sys
  0xF7793000 viamraid.sys
  0xF777B000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
  0xF78B3000 disk.sys
  0xF78C3000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
  0xF775B000 fltmgr.sys
  0xF7749000 sr.sys
  0xF78D3000 Lbd.sys
  0xF78E3000 PxHelp20.sys
  0xF7732000 KSecDD.sys
  0xF76A5000 Ntfs.sys
  0xF7678000 NDIS.sys
  0xF7AF3000 viaagp1.sys
  0xF765E000 Mup.sys
  0xF6A86000 \SystemRoot\System32\DRIVERS\intelppm.sys
  0xF5E92000 \SystemRoot\system32\DRIVERS\ati2mtaa.sys
  0xF5E7E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF7C2B000 \SystemRoot\System32\DRIVERS\usbuhci.sys
  0xF5E5A000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
  0xF7C33000 \SystemRoot\System32\DRIVERS\usbehci.sys
  0xF6A76000 \SystemRoot\System32\DRIVERS\nic1394.sys
  0xF6A66000 \SystemRoot\System32\DRIVERS\cdrom.sys
  0xF6A26000 \SystemRoot\System32\DRIVERS\redbook.sys
  0xF5E37000 \SystemRoot\System32\DRIVERS\ks.sys
  0xF7C3B000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0xF7C43000 \SystemRoot\System32\DRIVERS\fdc.sys
  0xF5E23000 \SystemRoot\System32\DRIVERS\parport.sys
  0xF7CFB000 \SystemRoot\System32\DRIVERS\gameenum.sys
  0xF6A56000 \SystemRoot\System32\DRIVERS\i8042prt.sys
  0xF7C4B000 \SystemRoot\System32\DRIVERS\kbdclass.sys
  0xF6A46000 \SystemRoot\System32\DRIVERS\serial.sys
  0xF7CFF000 \SystemRoot\System32\DRIVERS\serenum.sys
  0xF5D5C000 \SystemRoot\system32\drivers\cmuda.sys
  0xF5D38000 \SystemRoot\system32\drivers\portcls.sys
  0xF6A36000 \SystemRoot\system32\drivers\drmk.sys
  0xF6A16000 \SystemRoot\System32\DRIVERS\fetnd5b.sys
  0xF7F4D000 \SystemRoot\System32\DRIVERS\audstub.sys
  0xF6A06000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
  0xF7D03000 \SystemRoot\System32\DRIVERS\ndistapi.sys
  0xF5D21000 \SystemRoot\System32\DRIVERS\ndiswan.sys
  0xF7A43000 \SystemRoot\System32\DRIVERS\raspppoe.sys
  0xF7A53000 \SystemRoot\System32\DRIVERS\raspptp.sys
  0xF7C53000 \SystemRoot\System32\DRIVERS\TDI.SYS
  0xF5D10000 \SystemRoot\System32\DRIVERS\psched.sys
  0xF7A63000 \SystemRoot\System32\DRIVERS\msgpc.sys
  0xF7C5B000 \SystemRoot\System32\DRIVERS\ptilink.sys
  0xF7C63000 \SystemRoot\System32\DRIVERS\raspti.sys
  0xF5CE0000 \SystemRoot\System32\DRIVERS\rdpdr.sys
  0xF7A73000 \SystemRoot\System32\DRIVERS\termdd.sys
  0xF7C6B000 \SystemRoot\System32\DRIVERS\mouclass.sys
  0xF7DA9000 \SystemRoot\System32\DRIVERS\swenum.sys
  0xF5C17000 \SystemRoot\System32\DRIVERS\update.sys
  0xF6420000 \SystemRoot\System32\DRIVERS\mssmbios.sys
  0xF7A93000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF5F12000 \SystemRoot\System32\DRIVERS\usbhub.sys
  0xF7DAF000 \SystemRoot\System32\DRIVERS\USBD.SYS
  0xF7BD3000 \SystemRoot\System32\DRIVERS\flpydisk.sys
  0xF7DED000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7F3D000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7DEF000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF7C13000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF7C0B000 \SystemRoot\System32\drivers\vga.sys
  0xF7DF1000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7DF3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF7BAB000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF7BB3000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF7616000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0xF04A0000 \SystemRoot\System32\DRIVERS\ipsec.sys
  0xF0447000 \SystemRoot\System32\DRIVERS\tcpip.sys
  0xF041F000 \SystemRoot\System32\DRIVERS\netbt.sys
  0xF03FD000 \SystemRoot\System32\drivers\afd.sys
  0xF79F3000 \SystemRoot\System32\DRIVERS\netbios.sys
  0xF03D2000 \SystemRoot\System32\DRIVERS\rdbss.sys
  0xF033A000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
  0xF247F000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF0314000 \SystemRoot\System32\DRIVERS\ipnat.sys
  0xF246F000 \SystemRoot\System32\DRIVERS\wanarp.sys
  0xF245F000 \SystemRoot\System32\DRIVERS\arp1394.sys
  0xF7F6E000 \??\C:\Programme\ewido anti-spyware 4.0\guard.sys
  0xF7D17000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xF243F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xF15FA000 \SystemRoot\System32\DRIVERS\mouhid.sys
  0xB3493000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xB3765000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0xB25BA000 \SystemRoot\System32\Drivers\dump_viamraid.sys
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xB363E000 \SystemRoot\System32\drivers\Dxapi.sys
  0xB3585000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF7E37000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\ati2dvaa.dll
  0xBF06F000 \SystemRoot\System32\ATMFD.DLL
  0xF7626000 \??\C:\WINDOWS\system32\drivers\mbam.sys
  0xEE264000 \SystemRoot\System32\DRIVERS\ndisuio.sys
  0xB2555000 \SystemRoot\system32\drivers\wdmaud.sys
  0xED8E0000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB22F8000 \SystemRoot\System32\DRIVERS\mrxdav.sys
  0xF7D9F000 \SystemRoot\System32\Drivers\ParVdm.SYS
  0xB2160000 \SystemRoot\System32\DRIVERS\srv.sys
  0xB1C47000 \SystemRoot\System32\Drivers\HTTP.sys
  0xB1E70000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 55):
       0 System Idle Process
       4 System
     664 C:\WINDOWS\system32\smss.exe
     724 csrss.exe
     748 C:\WINDOWS\system32\winlogon.exe
     792 C:\WINDOWS\system32\services.exe
     804 C:\WINDOWS\system32\lsass.exe
     960 C:\WINDOWS\system32\svchost.exe
    1080 svchost.exe
    1176 C:\WINDOWS\system32\svchost.exe
    1236 svchost.exe
    1364 svchost.exe
    1576 C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
    1648 C:\WINDOWS\explorer.exe
    1728 C:\WINDOWS\system32\spoolsv.exe
    1968 C:\WINDOWS\system32\rundll32.exe
    1980 C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe
    1988 C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    1996 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
    2004 C:\Programme\DivX\DivX Update\DivXUpdate.exe
    2012 C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
     180 C:\Programme\iTunes\iTunesHelper.exe
     196 C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
     216 C:\WINDOWS\system32\ctfmon.exe
     288 D:\Programme\QuickDCF2.exe
     296 C:\Programme\Mozilla Thunderbird\thunderbird.exe
     308 C:\Programme\Multimedia office keyboard\driver\OEMDriver.exe
     324 D:\Programme\Feed Notifier\notifier.exe
    1012 svchost.exe
    1132 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1204 C:\Programme\Bonjour\mDNSResponder.exe
    1476 C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50ST7.EXE
    1544 C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50RP7.EXE
    1768 C:\Programme\ewido anti-spyware 4.0\guard.exe
    1592 C:\Programme\Java\jre6\bin\jqs.exe
     652 C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
    1252 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
     500 C:\WINDOWS\system32\svchost.exe
    2296 C:\WINDOWS\system32\wuauclt.exe
    2512 C:\Programme\iPod\bin\iPodService.exe
    2548 unsecapp.exe
    3112 wmiprvse.exe
    3156 C:\WINDOWS\system32\wscntfy.exe
    3392 alg.exe
    3576 D:\Programme\SRWare Iron\iron.exe
    2992 C:\WINDOWS\system32\wbem\wmiapsrv.exe
    1860 D:\Programme\SRWare Iron\iron.exe
    3408 D:\Programme\SRWare Iron\iron.exe
    3492 D:\Programme\SRWare Iron\iron.exe
    3508 D:\Programme\SRWare Iron\iron.exe
    3512 D:\Programme\SRWare Iron\iron.exe
    3708 C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
    3028 D:\Programme\SRWare Iron\iron.exe
    2388 D:\Programme\SRWare Iron\iron.exe
    4072 C:\Dokumente und Einstellungen\Bianca\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000015`f94d2200  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000002b`f299c600  (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: ST3250318AS, Rev: CC38
PhysicalDrive1 Model Number: ST3160021AS, Rev: 3.05

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
    149 GB  \\.\PhysicalDrive1   Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

Chris4You · 15.03.2012, 21:44

Hi,

dann schauen wir mal per OSAM bzw. TDSS-Killer nach:

OSAM
OSAM
Prüft Programme/Treiber die gestartet werden online.
Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread.

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

Regression · 15.03.2012, 22:08

Na das hat jetzt aber Beides auf Anhieb geklappt!
OSAM:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:57:47 on 15.03.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: SRWare SRWare Iron 10.0.650.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\WINDOWS\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"Epson Printer Software Downloader.job" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPAPDL\E_SAPDL2.EXE
"Ad-Aware Update (Weekly).job" - "Lavasoft                                                              " - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"ewido anti-spyware 4.0 driver" (ewido anti-spyware 4.0 driver) - ? - C:\Programme\ewido anti-spyware 4.0\guard.sys  (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"NTSIM" (NTSIM) - "VIA Networking Technologies, Inc.       " - C:\WINDOWS\System32\ntsim.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} "EzTools Wow2 Memory Map Asyncronous Pluggable Protocol Class" - "EzTools Software" - C:\WINDOWS\system32\WowCtl2.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "CShellExecuteHookImpl Object" - "Anti-Malware Development a.s." - C:\Programme\ewido anti-spyware 4.0\shellexecutehook.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Winamp Toolbar" - "AOL LLC." - C:\Programme\Winamp Toolbar\winamptb.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
DirectAnimation Java Classes "DirectAnimation Java Classes" - ? -   (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\dajava.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? -   (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\xmldso.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} "facemoods Toolbar" - "facemoods.com" - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" - "AOL LLC." - C:\Programme\Winamp Toolbar\winamptb.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{64182481-4F71-486b-A045-B233BD0DA8FC} "CescrtHlpr Object" - "facemoods.com BHO" - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar Loader" - "AOL LLC." - C:\Programme\Winamp Toolbar\winamptb.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"ExifLauncher2.lnk" - "FUJIFILM Corporation" - D:\Programme\QuickDCF2.exe  (Shortcut exists | File exists)
"Mozilla Thunderbird (2).lnk" - "Mozilla Messaging" - C:\Programme\Mozilla Thunderbird\thunderbird.exe  (Shortcut exists | File exists)
"Multimedia office keyboard.lnk" - ? - C:\Programme\Multimedia office keyboard\driver\OEMDriver.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Bianca\Startmenü\Programme\Autostart\desktop.ini
"Feed Notifier.lnk" - ? - D:\Programme\Feed Notifier\notifier.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"EEventManager" - "SEIKO EPSON CORPORATION" - C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
"facemoods" - "facemoods.com" - "C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
"FUFAXSTM" - "SEIKO EPSON CORPORATION" - "C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe"
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"EpsonNet Print Port" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\enppmon.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"ewido anti-spyware 4.0 guard" (ewido anti-spyware 4.0 guard) - "Anti-Malware Development a.s." - C:\Programme\ewido anti-spyware 4.0\guard.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Und TDSS-Killer

Code:

ATTFilter

22:03:02.0437 2900	TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
22:03:02.0609 2900	============================================================
22:03:02.0609 2900	Current date / time: 2012/03/15 22:03:02.0609
22:03:02.0609 2900	SystemInfo:
22:03:02.0609 2900	
22:03:02.0609 2900	OS Version: 5.1.2600 ServicePack: 3.0
22:03:02.0609 2900	Product type: Workstation
22:03:02.0609 2900	ComputerName: DACHGESCHOSS
22:03:02.0609 2900	UserName: Bianca
22:03:02.0609 2900	Windows directory: C:\WINDOWS
22:03:02.0609 2900	System windows directory: C:\WINDOWS
22:03:02.0609 2900	Processor architecture: Intel x86
22:03:02.0609 2900	Number of processors: 1
22:03:02.0609 2900	Page size: 0x1000
22:03:02.0609 2900	Boot type: Normal boot
22:03:02.0609 2900	============================================================
22:03:03.0500 2900	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:03:03.0515 2900	Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:03:03.0515 2900	\Device\Harddisk0\DR0:
22:03:03.0515 2900	MBR used
22:03:03.0515 2900	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAFCA613
22:03:03.0531 2900	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xAFCA691, BlocksNum 0xAFCA613
22:03:03.0546 2900	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15F94CE3, BlocksNum 0x722B9DD
22:03:03.0546 2900	\Device\Harddisk1\DR1:
22:03:03.0546 2900	MBR used
22:03:03.0546 2900	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
22:03:03.0656 2900	Initialize success
22:03:03.0656 2900	============================================================
22:03:47.0718 3420	============================================================
22:03:47.0718 3420	Scan started
22:03:47.0718 3420	Mode: Manual; SigCheck; TDLFS; 
22:03:47.0718 3420	============================================================
22:03:47.0906 3420	Abiosdsk - ok
22:03:47.0953 3420	abp480n5 - ok
22:03:48.0000 3420	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:03:48.0296 3420	ACPI - ok
22:03:48.0375 3420	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:03:48.0531 3420	ACPIEC - ok
22:03:48.0578 3420	adpu160m - ok
22:03:48.0625 3420	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:03:48.0796 3420	aec - ok
22:03:48.0875 3420	AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
22:03:48.0906 3420	AFD - ok
22:03:48.0953 3420	Aha154x - ok
22:03:49.0000 3420	aic78u2 - ok
22:03:49.0046 3420	aic78xx - ok
22:03:49.0109 3420	AliIde - ok
22:03:49.0140 3420	amsint - ok
22:03:49.0218 3420	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:03:49.0390 3420	Arp1394 - ok
22:03:49.0421 3420	asc - ok
22:03:49.0468 3420	asc3350p - ok
22:03:49.0515 3420	asc3550 - ok
22:03:49.0609 3420	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:03:49.0765 3420	AsyncMac - ok
22:03:49.0812 3420	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:03:49.0984 3420	atapi - ok
22:03:50.0015 3420	Atdisk - ok
22:03:50.0093 3420	ati2mtaa        (effa0596bb3097f5dcb80096d0355b01) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
22:03:50.0281 3420	ati2mtaa - ok
22:03:50.0359 3420	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:03:50.0531 3420	Atmarpc - ok
22:03:50.0609 3420	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:03:50.0781 3420	audstub - ok
22:03:50.0828 3420	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:03:50.0984 3420	Beep - ok
22:03:51.0046 3420	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:03:51.0218 3420	cbidf2k - ok
22:03:51.0281 3420	cd20xrnt - ok
22:03:51.0328 3420	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:03:51.0515 3420	Cdaudio - ok
22:03:51.0546 3420	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:03:51.0765 3420	Cdfs - ok
22:03:51.0843 3420	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:03:52.0031 3420	Cdrom - ok
22:03:52.0062 3420	Changer - ok
22:03:52.0125 3420	CmdIde - ok
22:03:52.0218 3420	cmuda           (ddcde8ced6e753f9ebbd07659f808d9d) C:\WINDOWS\system32\drivers\cmuda.sys
22:03:52.0281 3420	cmuda - ok
22:03:52.0390 3420	Cpqarray - ok
22:03:52.0437 3420	dac2w2k - ok
22:03:52.0468 3420	dac960nt - ok
22:03:52.0546 3420	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:03:52.0734 3420	Disk - ok
22:03:52.0828 3420	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
22:03:53.0046 3420	dmboot - ok
22:03:53.0109 3420	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
22:03:53.0296 3420	dmio - ok
22:03:53.0343 3420	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:03:53.0515 3420	dmload - ok
22:03:53.0562 3420	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:03:53.0765 3420	DMusic - ok
22:03:53.0812 3420	dpti2o - ok
22:03:53.0859 3420	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:03:54.0046 3420	drmkaud - ok
22:03:54.0156 3420	ewido anti-spyware 4.0 driver (9b6b54865bd0ec9ed2532dad89554969) C:\Programme\ewido anti-spyware 4.0\guard.sys
22:03:54.0171 3420	ewido anti-spyware 4.0 driver ( UnsignedFile.Multi.Generic ) - warning
22:03:54.0171 3420	ewido anti-spyware 4.0 driver - detected UnsignedFile.Multi.Generic (1)
22:03:54.0265 3420	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:03:54.0453 3420	Fastfat - ok
22:03:54.0531 3420	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:03:54.0703 3420	Fdc - ok
22:03:54.0750 3420	FETNDIS         (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
22:03:54.0921 3420	FETNDIS - ok
22:03:55.0000 3420	FETNDISB        (b7186b33b6cf3a23841015531e6e7d68) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
22:03:55.0031 3420	FETNDISB - ok
22:03:55.0093 3420	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
22:03:55.0265 3420	Fips - ok
22:03:55.0296 3420	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:03:55.0484 3420	Flpydisk - ok
22:03:55.0546 3420	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:03:55.0718 3420	FltMgr - ok
22:03:55.0765 3420	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:03:55.0937 3420	Fs_Rec - ok
22:03:55.0968 3420	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:03:56.0156 3420	Ftdisk - ok
22:03:56.0234 3420	gameenum        (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:03:56.0406 3420	gameenum - ok
22:03:56.0437 3420	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:03:56.0453 3420	GEARAspiWDM - ok
22:03:56.0468 3420	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:03:56.0640 3420	Gpc - ok
22:03:56.0718 3420	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:03:56.0875 3420	HidUsb - ok
22:03:56.0906 3420	hpn - ok
22:03:56.0968 3420	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:03:56.0984 3420	HTTP - ok
22:03:57.0031 3420	i2omgmt - ok
22:03:57.0062 3420	i2omp - ok
22:03:57.0109 3420	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:03:57.0296 3420	i8042prt - ok
22:03:57.0359 3420	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:03:57.0515 3420	Imapi - ok
22:03:57.0546 3420	ini910u - ok
22:03:57.0593 3420	IntelIde - ok
22:03:57.0640 3420	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:03:57.0796 3420	intelppm - ok
22:03:57.0859 3420	ip6fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:03:58.0015 3420	ip6fw - ok
22:03:58.0093 3420	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:03:58.0265 3420	IpFilterDriver - ok
22:03:58.0312 3420	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:03:58.0468 3420	IpInIp - ok
22:03:58.0515 3420	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:03:58.0687 3420	IpNat - ok
22:03:58.0765 3420	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:03:58.0921 3420	IPSec - ok
22:03:59.0000 3420	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:03:59.0093 3420	IRENUM - ok
22:03:59.0156 3420	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:03:59.0328 3420	isapnp - ok
22:03:59.0390 3420	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:03:59.0562 3420	Kbdclass - ok
22:03:59.0593 3420	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:03:59.0750 3420	kbdhid - ok
22:03:59.0796 3420	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:03:59.0968 3420	kmixer - ok
22:04:00.0015 3420	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:04:00.0046 3420	KSecDD - ok
22:04:00.0156 3420	Lbd             (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
22:04:00.0671 3420	Lbd - ok
22:04:00.0703 3420	lbrtfdc - ok
22:04:00.0796 3420	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
22:04:00.0812 3420	MBAMProtector - ok
22:04:00.0875 3420	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:04:01.0046 3420	mnmdd - ok
22:04:01.0093 3420	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
22:04:01.0234 3420	Modem - ok
22:04:01.0265 3420	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:04:01.0421 3420	Mouclass - ok
22:04:01.0484 3420	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:04:01.0625 3420	mouhid - ok
22:04:01.0671 3420	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:04:01.0843 3420	MountMgr - ok
22:04:01.0890 3420	mraid35x - ok
22:04:01.0906 3420	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:04:02.0062 3420	MRxDAV - ok
22:04:02.0125 3420	MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:04:02.0171 3420	MRxSmb - ok
22:04:02.0250 3420	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:04:02.0406 3420	Msfs - ok
22:04:02.0437 3420	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:04:02.0593 3420	MSKSSRV - ok
22:04:02.0656 3420	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:04:02.0796 3420	MSPCLOCK - ok
22:04:02.0828 3420	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:04:02.0968 3420	MSPQM - ok
22:04:03.0031 3420	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:04:03.0187 3420	mssmbios - ok
22:04:03.0218 3420	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:04:03.0343 3420	Mup - ok
22:04:03.0390 3420	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:04:03.0546 3420	NDIS - ok
22:04:03.0609 3420	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:04:03.0765 3420	NdisTapi - ok
22:04:03.0796 3420	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:04:03.0968 3420	Ndisuio - ok
22:04:04.0031 3420	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:04:04.0187 3420	NdisWan - ok
22:04:04.0234 3420	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:04:04.0265 3420	NDProxy - ok
22:04:04.0328 3420	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:04:04.0484 3420	NetBIOS - ok
22:04:04.0562 3420	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:04:04.0718 3420	NetBT - ok
22:04:04.0828 3420	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:04:04.0984 3420	NIC1394 - ok
22:04:05.0031 3420	nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
22:04:05.0156 3420	nm - ok
22:04:05.0203 3420	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:04:05.0359 3420	Npfs - ok
22:04:05.0437 3420	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:04:05.0593 3420	Ntfs - ok
22:04:05.0671 3420	NTSIM           (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\System32\ntsim.sys
22:04:05.0703 3420	NTSIM ( UnsignedFile.Multi.Generic ) - warning
22:04:05.0703 3420	NTSIM - detected UnsignedFile.Multi.Generic (1)
22:04:05.0781 3420	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:04:05.0921 3420	Null - ok
22:04:06.0000 3420	nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:04:06.0218 3420	nv - ok
22:04:06.0296 3420	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:04:06.0437 3420	NwlnkFlt - ok
22:04:06.0484 3420	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:04:06.0625 3420	NwlnkFwd - ok
22:04:06.0671 3420	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:04:06.0812 3420	ohci1394 - ok
22:04:06.0859 3420	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
22:04:07.0000 3420	Parport - ok
22:04:07.0046 3420	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:04:07.0187 3420	PartMgr - ok
22:04:07.0250 3420	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:04:07.0406 3420	ParVdm - ok
22:04:07.0453 3420	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
22:04:07.0593 3420	PCI - ok
22:04:07.0625 3420	PCIDump - ok
22:04:07.0687 3420	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:04:07.0828 3420	PCIIde - ok
22:04:07.0890 3420	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:04:08.0015 3420	Pcmcia - ok
22:04:08.0062 3420	PDCOMP - ok
22:04:08.0093 3420	PDFRAME - ok
22:04:08.0140 3420	PDRELI - ok
22:04:08.0187 3420	PDRFRAME - ok
22:04:08.0218 3420	perc2 - ok
22:04:08.0250 3420	perc2hib - ok
22:04:08.0375 3420	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:04:08.0500 3420	PptpMiniport - ok
22:04:08.0562 3420	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
22:04:08.0703 3420	Processor - ok
22:04:08.0750 3420	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:04:08.0875 3420	PSched - ok
22:04:08.0937 3420	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:04:09.0078 3420	Ptilink - ok
22:04:09.0125 3420	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:04:09.0125 3420	PxHelp20 - ok
22:04:09.0156 3420	ql1080 - ok
22:04:09.0187 3420	Ql10wnt - ok
22:04:09.0218 3420	ql12160 - ok
22:04:09.0265 3420	ql1240 - ok
22:04:09.0312 3420	ql1280 - ok
22:04:09.0343 3420	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:04:09.0500 3420	RasAcd - ok
22:04:09.0546 3420	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:04:09.0671 3420	Rasl2tp - ok
22:04:09.0703 3420	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:04:09.0843 3420	RasPppoe - ok
22:04:09.0875 3420	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:04:10.0031 3420	Raspti - ok
22:04:10.0078 3420	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:04:10.0218 3420	Rdbss - ok
22:04:10.0281 3420	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:04:10.0421 3420	RDPCDD - ok
22:04:10.0484 3420	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:04:10.0625 3420	rdpdr - ok
22:04:10.0703 3420	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:04:10.0843 3420	RDPWD - ok
22:04:10.0921 3420	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:04:11.0078 3420	redbook - ok
22:04:11.0187 3420	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:04:11.0281 3420	Secdrv - ok
22:04:11.0375 3420	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:04:11.0515 3420	serenum - ok
22:04:11.0546 3420	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
22:04:11.0671 3420	Serial - ok
22:04:11.0750 3420	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:04:11.0906 3420	Sfloppy - ok
22:04:11.0953 3420	Simbad - ok
22:04:12.0000 3420	Sparrow - ok
22:04:12.0062 3420	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:04:12.0187 3420	splitter - ok
22:04:12.0250 3420	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
22:04:12.0312 3420	sr - ok
22:04:12.0359 3420	Srv             (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
22:04:12.0375 3420	Srv - ok
22:04:12.0406 3420	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:04:12.0593 3420	swenum - ok
22:04:12.0640 3420	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:04:12.0765 3420	swmidi - ok
22:04:12.0796 3420	symc810 - ok
22:04:12.0828 3420	symc8xx - ok
22:04:12.0859 3420	sym_hi - ok
22:04:12.0875 3420	sym_u3 - ok
22:04:12.0921 3420	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:04:13.0046 3420	sysaudio - ok
22:04:13.0125 3420	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:04:13.0156 3420	Tcpip - ok
22:04:13.0218 3420	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:04:13.0359 3420	TDPIPE - ok
22:04:13.0390 3420	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:04:13.0515 3420	TDTCP - ok
22:04:13.0546 3420	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:04:13.0687 3420	TermDD - ok
22:04:13.0734 3420	TosIde - ok
22:04:13.0812 3420	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:04:13.0937 3420	Udfs - ok
22:04:13.0953 3420	ultra - ok
22:04:14.0031 3420	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:04:14.0187 3420	Update - ok
22:04:14.0265 3420	USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:04:14.0281 3420	USBAAPL - ok
22:04:14.0328 3420	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:04:14.0453 3420	usbccgp - ok
22:04:14.0500 3420	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:04:14.0640 3420	usbehci - ok
22:04:14.0687 3420	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:04:14.0812 3420	usbhub - ok
22:04:14.0859 3420	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:04:14.0984 3420	usbscan - ok
22:04:15.0031 3420	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:04:15.0171 3420	USBSTOR - ok
22:04:15.0234 3420	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:04:15.0359 3420	usbuhci - ok
22:04:15.0375 3420	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:04:15.0515 3420	VgaSave - ok
22:04:15.0562 3420	viaagp1         (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
22:04:15.0562 3420	viaagp1 - ok
22:04:15.0609 3420	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:04:15.0734 3420	ViaIde - ok
22:04:15.0812 3420	viamraid        (65864aba65eee06ea586009301834e43) C:\WINDOWS\system32\DRIVERS\viamraid.sys
22:04:15.0828 3420	viamraid - ok
22:04:15.0875 3420	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
22:04:16.0015 3420	VolSnap - ok
22:04:16.0062 3420	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:04:16.0203 3420	Wanarp - ok
22:04:16.0218 3420	WDICA - ok
22:04:16.0265 3420	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:04:16.0406 3420	wdmaud - ok
22:04:16.0546 3420	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
22:04:16.0562 3420	WpdUsb - ok
22:04:16.0718 3420	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:04:16.0734 3420	WudfPf - ok
22:04:16.0921 3420	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:04:16.0937 3420	WudfRd - ok
22:04:17.0000 3420	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
22:04:17.0421 3420	\Device\Harddisk0\DR0 - ok
22:04:17.0453 3420	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
22:04:17.0828 3420	\Device\Harddisk1\DR1 ( TDSS File System ) - warning
22:04:17.0828 3420	\Device\Harddisk1\DR1 - detected TDSS File System (1)
22:04:17.0843 3420	Boot (0x1200)   (ac914bb143ad6195b31bb51f6b8a4c5d) \Device\Harddisk0\DR0\Partition0
22:04:17.0843 3420	\Device\Harddisk0\DR0\Partition0 - ok
22:04:17.0875 3420	Boot (0x1200)   (1f13dbf02700bbd348a65aef6cccd0a3) \Device\Harddisk0\DR0\Partition1
22:04:17.0875 3420	\Device\Harddisk0\DR0\Partition1 - ok
22:04:17.0906 3420	Boot (0x1200)   (f83c9920f2930d51cd81779d588e4a4b) \Device\Harddisk0\DR0\Partition2
22:04:17.0906 3420	\Device\Harddisk0\DR0\Partition2 - ok
22:04:17.0953 3420	Boot (0x1200)   (36d824b6768512f27198b260dcc71354) \Device\Harddisk1\DR1\Partition0
22:04:17.0953 3420	\Device\Harddisk1\DR1\Partition0 - ok
22:04:17.0953 3420	============================================================
22:04:17.0953 3420	Scan finished
22:04:17.0953 3420	============================================================
22:04:18.0093 1832	Detected object count: 3
22:04:18.0093 1832	Actual detected object count: 3
22:04:44.0890 1832	ewido anti-spyware 4.0 driver ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:44.0890 1832	ewido anti-spyware 4.0 driver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:04:44.0890 1832	NTSIM ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:44.0890 1832	NTSIM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:04:44.0906 1832	\Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
22:04:44.0906 1832	\Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip

Chris4You · 15.03.2012, 22:25

Hi,

hmm....

Wieviele Partitionen habt Ihr auf Festplatte 1 bzw. 2?

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden...

chris

Regression · 15.03.2012, 22:49

Bin mir nicht ganz sicher, ob ich verstanden habe, was du mit der Partionierung gemeint hast.
Also ich habe 3 Festplatten (C,D,E) und zusätzlich noch eine (G mit Sicherheitskopien). Alle 4 Sind jedoch nicht noch weiter irgendwie unterteilt, wenn ich das richtig sehe.

Das mit Combofix werde ich dann Morgen in Ruhe machen und vorher wohl nochmal mein Zeugs sichern, wenn ich von dem Risiko bei der Sache lese.
Werde mich dann wieder melden

Chris4You · 15.03.2012, 22:59

Hi,

was mich etwas stutzig macht sind die beiden aktiven MBRs.... und die Meldung vom Killer bezüglich des TDSS-Filesysstems...

Habt Ihr Umleitungen in Google? Das wäre typisch für TDSS...

Normalerweise passiert nichts bei CF, allerdings hatte ich bisher einen Fall wo sich CF und die Malware so in die Haare bekommen haben, dass Windows zerschossen wurde...

Alternativ:
(Weniger gefährlich, läuft allerdings ca. 5-7h, daher jetzt installieren und über Nacht laufen lassen):
Cureit
Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris

Regression · 16.03.2012, 09:06

Wenn du mit Umleitungen meinst, dass ich, wenn ich auf einen Sucheintrag klicke ganz woanders rauskomme, dann nein. Benutze die Suche nicht so oft, daher habe ich es jetzt nur schnell mal mit einigen Suchbegriffen getestet. Läuft ganz genauso wie sonst auch immer.
EDIT: Oder könnten diese Umleitungen Browserabhängig sein? Benutze den SRWare Iron (Chromium). Ansonsten hätte ich noch FF und IE wenn sich solche Umleitungen da eher zeigen.

Gut also wenn du meinst, dass CureIT genauso effektiv arbeitet, dann würde ich das zuerst ausprobieren wollen (auch wenn ich die Nacht zum laufen lassen jetzt verschlafen hab

). Wenn dabei nichts rauskommt, dann kann ich doch sicher immer noch Combofix machen.

Chris4You · 16.03.2012, 12:09

Hi,

TDDS fängt den gesamten Internetverkehr ab, daher ist es egal welcher Browser...

Lass CureIT los, CF ggf. dann später...

chris

Regression · 16.03.2012, 21:14

So hier nun das Ergebnis:

Code:

ATTFilter

facemoodssrv.exe;c:\programme\facemoods.com\facemoods\1.4.17.11;Adware.Funmoods.3;Verschoben.;
DriverScanner.exe;C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads;Program.Uniblue.7;;
SoftonicDownloader_for_last-fm-scrobbler.exe;C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads;Adware.Downware.21;Verschoben.;
WebInstaller.exe;C:\Dokumente und Einstellungen\Bianca\Eigene Dateien\Downloads;Trojan.DownLoader5.52228;Nicht desinfizierbar.Verschoben.;
uninstall.exe;C:\Programme\facemoods.com\facemoods\1.4.17.11;Adware.Funmoods.2;Verschoben.;
A0136753.exe;C:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP598;BackDoor.Bebloh.2;Gelöscht.;
A0149628.exe;C:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Adware.Funmoods.3;Verschoben.;
A0149629.exe;C:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Adware.Funmoods.2;Verschoben.;
DriverScanner.exe;G:\Sicherung 16.2.2012\Downloads;Program.Uniblue.7;;
SoftonicDownloader_for_last-fm-scrobbler.exe;G:\Sicherung 16.2.2012\Downloads;Adware.Downware.21;Verschoben.;
WebInstaller.exe;G:\Sicherung 16.2.2012\Downloads;Trojan.DownLoader5.52228;Nicht desinfizierbar.Verschoben.;
A0136754.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP598;Trojan.Damaged.1;Gelöscht.;
A0136755.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP598;Trojan.Damaged.1;Gelöscht.;
A0136756.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP598;Trojan.Damaged.1;Gelöscht.;
A0136757.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP598;Trojan.Damaged.1;Gelöscht.;
A0136758.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP598;Trojan.Damaged.1;Gelöscht.;
A0143065.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Program.Uniblue.7;;
A0143137.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Adware.Downware.21;Verschoben.;
A0143473.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Program.Uniblue.7;;
A0143550.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Adware.Downware.21;Verschoben.;
A0143580.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Trojan.DownLoader5.52228;Nicht desinfizierbar.Verschoben.;
A0149630.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Adware.Downware.21;Verschoben.;
A0149631.exe;G:\System Volume Information\_restore{95ACFC74-F860-41B3-8ED2-2DA1E609C344}\RP599;Trojan.DownLoader5.52228;Nicht desinfizierbar.Verschoben.;

Hoffe das Ergebnis ist brauchbar und hilft weiter

Ukash Bundespolizeivirus paysafecard (auf Windows XP)

Plagegeister aller Art und deren Bekämpfung: Ukash Bundespolizeivirus paysafecard (auf Windows XP)