Anzeige des Befalls und Zahlung von 50 Euro für Lösung /VIRUS oder TROJANER ?

jonastamtam · 27.03.2012, 22:58

hallo,
ich bin neu hier und hab vorhin in ein paar bildern von mir auf dem PC gestöbert (nicht im internet) als plötzlich der bildschirm schwarz wird und ein bild aufflackert, wo beschrieben wird, dass mein system befallen ist und ich doch 50 euro zahlen soll. hab dann per handy im internet gegoogelt und rausgefunden, dass das ein virus oder trojaner ist.

bin nun im sicherheitsmodus hochgefahren, hab ein ibm thinkpad t43, windows xp, antivir als virenprogramm laufen (was anscheinend nichts bringt außer einen befall zu finden und nicht zu verhindern, wenn überhaupt).

hab hier im forum schon diesbezüglich (wegen dem "50 euro virus") gesucht und schonmal ein malwaresuchlauf machen lassen:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.27.06

Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.18702
Administrator :: HB-9EE820F11D78 [Administrator]

27.03.2012 22:45:55
mbam-log-2012-03-27 (23-45-27).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 305111
Laufzeit: 58 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\System Volume Information\_restore{58FEB0D7-1432-4307-A138-CE3BD831DAF1}\RP176\A0026579.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.
C:\System Volume Information\_restore{58FEB0D7-1432-4307-A138-CE3BD831DAF1}\RP206\A0030529.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.
C:\Documents and Settings\Helga\Local Settings\Temp\cgs8h0.exe (Exploit.Drop) -> Keine Aktion durchgeführt.

(Ende)

Hoffe man kann den PC noch retten?!
Danke schonmal im voraus für eure Hilfe, bin echt verzweifelt...

Hab heut morgen nochmal die schritte durchlaufen lassen für hilfesuchende, da es gestern nacht bissl spät wurde dafür.
hier nochmal die dds-logfiles und gmer-logfiles:

Code:

ATTFilter

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_30
Run by Administrator at 8:03:10 on 2012-03-28
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.2038.1529 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [ Malwarebytes Anti-Malware ] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7A5EE647-1AD6-4D7A-ADF5-960DF9379868} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E42D4318-3302-45DB-95D5-A53926E980E5} : DhcpNameServer = 139.7.30.125 139.7.30.126
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\stejxxu1.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
S0 cerc6;cerc6; [x]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-24 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-24 86224]
S2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-24 110032]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-24 74640]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176]
S2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\netzmanager\nminfrais2\Netzmanager_Service.exe [2010-3-22 9728]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-12-28 9728]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-12-28 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2010-12-28 105088]
.
=============== Created Last 30 ================
.
2012-03-27 20:44:11	--------	d-----w-	c:\documents and settings\administrator\application data\Malwarebytes
2012-03-27 20:43:53	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-27 20:43:53	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-27 20:43:53	--------	d-----w-	c:\documents and settings\all users\application data\Malwarebytes
2012-03-27 20:36:11	--------	d-----w-	c:\documents and settings\administrator\local settings\application data\Mozilla
2012-03-27 20:30:35	--------	d-----w-	c:\documents and settings\administrator\application data\Avira
2012-03-27 20:24:02	--------	d-----w-	c:\documents and settings\administrator\local settings\application data\Microsoft Help
2012-03-27 20:24:02	--------	d-----w-	c:\documents and settings\administrator\application data\Intel
2012-03-27 20:21:22	--------	d-----w-	c:\program files\SFT_de3
2012-03-27 19:33:34	--------	d-sh--w-	c:\documents and settings\administrator\IETldCache
2012-03-27 19:33:34	--------	d-----w-	c:\documents and settings\administrator\local settings\application data\Microsoft
2012-03-27 19:33:34	--------	d-----w-	c:\documents and settings\administrator\local settings\application data\Adobe
2012-03-22 19:12:12	4435968	----a-w-	c:\windows\system32\GPhotos.scr
2012-03-18 13:06:26	592824	----a-w-	c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 13:06:26	44472	----a-w-	c:\program files\mozilla firefox\mozglue.dll
2012-03-02 20:22:49	37888	-c--a-w-	c:\windows\system32\dllcache\bthmodem.sys
2012-03-02 20:22:49	37888	----a-w-	c:\windows\system32\drivers\bthmodem.sys
2012-03-02 20:17:50	101120	-c--a-w-	c:\windows\system32\dllcache\bthpan.sys
2012-03-02 20:17:50	101120	----a-w-	c:\windows\system32\drivers\bthpan.sys
2012-03-02 20:17:32	59136	-c--a-w-	c:\windows\system32\dllcache\rfcomm.sys
2012-03-02 20:17:32	59136	----a-w-	c:\windows\system32\drivers\rfcomm.sys
2012-03-02 20:17:32	17024	-c--a-w-	c:\windows\system32\dllcache\bthenum.sys
2012-03-02 20:17:32	17024	----a-w-	c:\windows\system32\drivers\BthEnum.sys
2012-03-02 20:15:10	18944	-c--a-w-	c:\windows\system32\dllcache\bthusb.sys
2012-03-02 20:15:10	18944	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
.
==================== Find3M  ====================

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-28 08:50:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS541080G9AT00 rev.MB4IA60A
Running: xp1vycjb.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kgadqpod.sys


---- Kernel code sections - GMER 1.0.15 ----

?               C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys                                                       The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                          SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                          mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                          SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a4d43819                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a4d43819@b8f934212919         0xA0 0xEC 0x8F 0x9B ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0014a4d43819 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0014a4d43819@b8f934212919             0xA0 0xEC 0x8F 0x9B ...

Hoffe das nun alles hilfreiche meinerseits gepostet wurde.

sry dass das nun alles so nacheinander reinschwappt, aber bin bissl angepisst wegen dem ganzen scheiss (viren aufm pc etc..) und daher etwas unausgeglichen, jedenfalls hier noch der OTL-log von eben:

Code:

ATTFilter

OTL logfile created on: 28.03.2012 09:13:38 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,16% Memory free
3,84 Gb Paging File | 3,55 Gb Available in Paging File | 92,42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 38,63 Gb Free Space | 51,83% Space Free | Partition Type: NTFS
 
Computer Name: HB-9EE820F11D78 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found
DRV - (mbr) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (kgadqpod) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kgadqpod.sys File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (cerc6) --  File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ZTEusbnet) -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\WINDOWS\system32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (TPM) -- C:\WINDOWS\system32\drivers\tpm.sys (Winbond Electronics Corp.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.27 21:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.27 22:17:11 | 000,000,000 | ---D | M]
 
[2012.03.27 22:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012.03.27 22:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.03.18 15:06:25 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.12 14:07:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.12 14:07:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.12 14:07:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 14:07:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.23 21:45:17 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2012.02.12 14:07:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 14:07:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A5EE647-1AD6-4D7A-ADF5-960DF9379868}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E42D4318-3302-45DB-95D5-A53926E980E5}: DhcpNameServer = 139.7.30.125 139.7.30.126
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.29 23:00:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.28 08:03:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2012.03.28 08:03:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2012.03.28 08:03:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2012.03.28 08:03:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012.03.27 22:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012.03.27 22:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.27 22:43:53 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.27 22:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.27 22:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.03.27 22:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012.03.27 22:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012.03.27 22:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012.03.27 22:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012.03.27 22:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2012.03.27 22:24:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012.03.27 22:24:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012.03.27 22:24:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012.03.27 22:24:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012.03.27 22:24:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012.03.27 22:24:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012.03.27 22:24:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Intel
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012.03.27 22:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\SFT_de3
[2012.03.27 21:33:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012.03.27 21:33:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012.03.27 21:33:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012.03.27 21:33:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012.03.27 21:33:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012.03.27 21:33:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012.03.27 21:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012.03.27 21:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012.03.27 21:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2012.03.27 21:33:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012.03.22 21:12:12 | 004,435,968 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2012.03.02 22:22:49 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2012.03.02 22:17:50 | 000,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2012.03.02 22:17:32 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rfcomm.sys
[2012.03.02 22:17:32 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2012.03.02 22:15:10 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2011.12.09 19:34:35 | 018,907,104 | ---- | C] (DVDVideoSoft Ltd.                                           ) -- C:\Program Files\FreeYouTubeDownload3019.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.28 07:57:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012.03.28 07:42:38 | 000,000,484 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120328_074233.reg
[2012.03.28 07:37:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.28 07:36:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.27 22:43:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.27 21:24:06 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3398558F-9866-4456-8AF5-1436ACB4B580}.job
[2012.03.26 15:40:09 | 000,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.26 11:15:13 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.26 11:15:11 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.25 12:42:34 | 000,436,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.25 12:42:34 | 000,068,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.22 21:12:12 | 004,435,968 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.28 07:57:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012.03.28 07:42:36 | 000,000,484 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120328_074233.reg
[2012.03.27 22:43:54 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.27 21:33:34 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012.03.27 21:33:34 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012.03.26 15:40:09 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.15 12:04:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.06 15:50:55 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.11.09 00:10:46 | 000,159,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.05.13 19:28:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.05.13 19:08:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.05.13 18:55:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.05.13 17:10:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.05.13 17:03:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

< End of report >

cosinus · 28.03.2012, 15:18

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

jonastamtam · 28.03.2012, 17:37

Hab alles so gemacht wie beschrieben, hier das log von ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d12082f141b67f4b8e57e456f91c1426
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-28 04:32:04
# local_time=2012-03-28 06:32:04 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777175 100 0 13466238 13466238 0 0
# compatibility_mode=8192 67108863 100 0 375 375 0 0
# scanned=106344
# found=4
# cleaned=0
# scan_time=4347
C:\Documents and Settings\Helga\Application Data\Sun\Java\Deployment\cache\6.0\10\3adf4c8a-3d167e36	Java/Exploit.CVE-2012-0507.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Documents and Settings\Helga\Local Settings\Application Data\Skype\SkypePM.exe	Win32/LockScreen.AIG trojan (unable to clean)	00000000000000000000000000000000	I
C:\Documents and Settings\Helga\Local Settings\Temp\cgs8h0.exe	Win32/LockScreen.AIG trojan (unable to clean)	00000000000000000000000000000000	I
C:\Documents and Settings\Helga\My Documents\My Pictures\Downloads\SoftonicDownloader_fuer_windows-live-messenger.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I

cosinus · 28.03.2012, 20:29

Geht der normale Modus inzwischen wieder?

jonastamtam · 28.03.2012, 20:30

Hab ich noch nicht getestet, aber werd ich jetzt machen und berichten, ob das mit dem fehler noch aufflackert. Bis gleich.

Fehler ist noch da, allerdings hab ich ja noch nichts viel gemacht außer nach den Fehlern zu suchen, wie gesagt. also nichts gelöscht oder geändert.

Also Hochfahren ohne safe mode ist kein ding, allerdings ploppt dann halt einfach das schwarze fenster wieder auf mit der warnung, dass viren etc aufm pc sind und ich 50 flocken blechen soll etc...

Ok, aktueller Stand ist, dass ich nochmal maleware hab durchlaufen lassen und danach gab es keine probleme mehr im normalen Modus. bin allerdings danach wieder in den safe mode um weiteren befall zu vermeiden.
hier ist von heut morgen nochmal der aktuelle log von maleware:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.29.02

Windows XP Service Pack 3 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.18702
Administrator :: HB-9EE820F11D78 [Administrator]

29.03.2012 08:41:24
mbam-log-2012-03-29 (08-41-24).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 305882
Laufzeit: 56 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Documents and Settings\Helga\Local Settings\Application Data\Skype\SkypePM.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Documents and Settings\Helga\Local Settings\Temp\cgs8h0.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{58FEB0D7-1432-4307-A138-CE3BD831DAF1}\RP176\A0026579.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{58FEB0D7-1432-4307-A138-CE3BD831DAF1}\RP206\A0029573.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{58FEB0D7-1432-4307-A138-CE3BD831DAF1}\RP206\A0030529.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

hab die 5 sachen gelöscht und system neu gestartet, danach ploppte nix mehr auf und hat sich auch nichts nochmal gemeldet, bin dann off und im safe-mode wieder rein.

sry wenn ich vielleicht irgendwas vorweg nehme oder zu schnell bin, hab jedenfalls nochmal ein aktuellen OTL-durchlauf machen lassen.
hier das log von heute:

Code:

ATTFilter

OTL logfile created on: 29.03.2012 11:05:15 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 81,79% Memory free
3,84 Gb Paging File | 3,67 Gb Available in Paging File | 95,56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 37,13 Gb Free Space | 49,82% Space Free | Partition Type: NTFS
 
Computer Name: HB-9EE820F11D78 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (cerc6) --  File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ZTEusbnet) -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\WINDOWS\system32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (TPM) -- C:\WINDOWS\system32\drivers\tpm.sys (Winbond Electronics Corp.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.27 21:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.27 22:17:11 | 000,000,000 | ---D | M]
 
[2012.03.27 22:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012.03.27 22:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.03.18 15:06:25 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.12 14:07:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.12 14:07:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.12 14:07:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 14:07:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.23 21:45:17 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2012.02.12 14:07:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 14:07:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A5EE647-1AD6-4D7A-ADF5-960DF9379868}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E42D4318-3302-45DB-95D5-A53926E980E5}: DhcpNameServer = 139.7.30.125 139.7.30.126
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.29 23:00:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.28 17:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.28 17:15:24 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2012.03.28 09:00:51 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012.03.28 08:03:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2012.03.28 08:03:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2012.03.28 08:03:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2012.03.28 08:03:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012.03.27 22:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012.03.27 22:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.27 22:43:53 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.27 22:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.27 22:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.03.27 22:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012.03.27 22:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012.03.27 22:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012.03.27 22:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012.03.27 22:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2012.03.27 22:24:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012.03.27 22:24:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012.03.27 22:24:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012.03.27 22:24:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012.03.27 22:24:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012.03.27 22:24:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012.03.27 22:24:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Intel
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012.03.27 22:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\SFT_de3
[2012.03.27 21:33:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012.03.27 21:33:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012.03.27 21:33:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012.03.27 21:33:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012.03.27 21:33:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012.03.27 21:33:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012.03.27 21:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012.03.27 21:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012.03.27 21:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2012.03.27 21:33:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012.03.22 21:12:12 | 004,435,968 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2012.03.02 22:22:49 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2012.03.02 22:17:50 | 000,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2012.03.02 22:17:32 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rfcomm.sys
[2012.03.02 22:17:32 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2012.03.02 22:15:10 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2011.12.09 19:34:35 | 018,907,104 | ---- | C] (DVDVideoSoft Ltd.                                           ) -- C:\Program Files\FreeYouTubeDownload3019.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.29 10:45:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.29 10:44:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.29 10:43:02 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3398558F-9866-4456-8AF5-1436ACB4B580}.job
[2012.03.28 17:15:27 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2012.03.28 09:00:53 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012.03.28 07:57:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012.03.28 07:42:38 | 000,000,484 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120328_074233.reg
[2012.03.27 22:43:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.26 15:40:09 | 000,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.26 11:15:13 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.26 11:15:11 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.25 12:42:34 | 000,436,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.25 12:42:34 | 000,068,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.22 21:12:12 | 004,435,968 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.28 07:57:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012.03.28 07:42:36 | 000,000,484 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120328_074233.reg
[2012.03.27 22:43:54 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.27 21:33:34 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012.03.27 21:33:34 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012.03.26 15:40:09 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.15 12:04:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.06 15:50:55 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.11.09 00:10:46 | 000,159,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.05.13 19:28:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.05.13 19:08:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.05.13 18:55:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.05.13 17:10:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.05.13 17:03:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

< End of report >

Hoffe mal dass sich das problem bald erledigt hat

cosinus · 29.03.2012, 12:09

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

jonastamtam · 29.03.2012, 16:18

ok danke, werd ich machen, weiß nicht wie lang das dauert aber werds noch heute durchführen und txt posten. soll ich das dann auch ganz normal im safe-mode durchführen oder soll ich das schon im normalen mode machen, da der fehler zwar nicht mehr kommt, aber ich nicht weiß ob ich dem internetzugang im normal-mode trauen kann? danke im voraus

so hab den benutzerdefinierten scan gemacht wie beschrieben. hier der OTL.log:

Code:

ATTFilter

OTL logfile created on: 29.03.2012 17:29:34 - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 87,83% Memory free
3,84 Gb Paging File | 3,78 Gb Available in Paging File | 98,32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 37,13 Gb Free Space | 49,82% Space Free | Partition Type: NTFS
 
Computer Name: HB-9EE820F11D78 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (cerc6) --  File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ZTEusbnet) -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\WINDOWS\system32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (TPM) -- C:\WINDOWS\system32\drivers\tpm.sys (Winbond Electronics Corp.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1060284298-1677128483-1644491937-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.27 21:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.27 22:17:11 | 000,000,000 | ---D | M]
 
[2012.03.27 22:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012.03.27 22:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.03.18 15:06:25 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.12 14:07:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.12 14:07:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.12 14:07:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 14:07:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.23 21:45:17 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2012.02.12 14:07:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 14:07:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-1677128483-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A5EE647-1AD6-4D7A-ADF5-960DF9379868}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E42D4318-3302-45DB-95D5-A53926E980E5}: DhcpNameServer = 139.7.30.125 139.7.30.126
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.29 23:00:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Documents and Settings^Helga^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= -  File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= -  File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= -  File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= -  File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: SoundMAX - hkey= - key= - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: SynTPLpr - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
MsConfig - StartUpReg: SystemTray - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.28 17:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.28 17:15:24 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2012.03.28 09:00:51 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012.03.28 08:03:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2012.03.28 08:03:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2012.03.28 08:03:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2012.03.28 08:03:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012.03.27 22:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012.03.27 22:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.27 22:43:53 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.27 22:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.27 22:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.03.27 22:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012.03.27 22:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012.03.27 22:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012.03.27 22:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012.03.27 22:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2012.03.27 22:24:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012.03.27 22:24:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012.03.27 22:24:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012.03.27 22:24:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012.03.27 22:24:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012.03.27 22:24:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012.03.27 22:24:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Intel
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012.03.27 22:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\SFT_de3
[2012.03.27 21:33:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012.03.27 21:33:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012.03.27 21:33:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012.03.27 21:33:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012.03.27 21:33:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012.03.27 21:33:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012.03.27 21:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012.03.27 21:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012.03.27 21:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2012.03.27 21:33:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011.12.09 19:34:35 | 018,907,104 | ---- | C] (DVDVideoSoft Ltd.                                           ) -- C:\Program Files\FreeYouTubeDownload3019.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.29 17:23:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.29 17:23:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.29 10:43:02 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3398558F-9866-4456-8AF5-1436ACB4B580}.job
[2012.03.28 17:15:27 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2012.03.28 09:00:53 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012.03.28 07:57:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012.03.28 07:42:38 | 000,000,484 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120328_074233.reg
[2012.03.27 22:43:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.26 15:40:09 | 000,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.26 11:15:13 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.26 11:15:11 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.25 12:42:34 | 000,436,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.25 12:42:34 | 000,068,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.28 07:57:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012.03.28 07:42:36 | 000,000,484 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120328_074233.reg
[2012.03.27 22:43:54 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.27 21:33:34 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012.03.27 21:33:34 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012.03.26 15:40:09 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.15 12:04:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.06 15:50:55 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.11.09 00:10:46 | 000,159,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.05.13 19:28:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.05.13 19:08:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.05.13 18:55:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.05.13 17:10:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.05.13 17:03:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
 
========== LOP Check ==========
 
[2011.09.01 12:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011.07.22 17:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010.10.31 11:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netzmanager
[2010.12.28 21:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010.09.18 13:46:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}
[2011.09.01 12:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helga\Application Data\Babylon
[2011.12.12 20:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helga\Application Data\DVDVideoSoft
[2011.11.21 22:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helga\Application Data\DVDVideoSoftIEHelpers
[2011.11.02 13:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helga\Application Data\Fotobuchexpress24
[2011.11.01 13:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helga\Application Data\Imaxel
[2011.04.04 13:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helga\Application Data\OpenOffice.org
[2011.08.03 07:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helga\Application Data\PriceGong
[2011.03.19 12:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helga\Application Data\Simfy
[2012.01.10 10:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helga\Application Data\toolplugin
[2010.12.28 21:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helga\Application Data\Vodafone
[2010.12.28 21:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone
[2012.03.29 10:43:02 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3398558F-9866-4456-8AF5-1436ACB4B580}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2012.03.27 22:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011.10.24 20:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011.09.01 12:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011.12.23 21:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010.12.28 21:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2012.03.27 22:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010.05.13 17:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2012.03.27 22:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.07.22 16:37:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012.03.29 10:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011.07.29 16:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2011.07.22 17:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011.11.18 11:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010.10.31 11:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netzmanager
[2011.08.04 17:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011.03.18 19:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010.12.28 21:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010.05.13 19:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010.09.18 13:46:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2010.03.22 17:38:12 | 003,586,031 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH                                                                                                                                                                                                                                                              ) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Netzmanager1.045.1230_100322a.exe
[2005.09.23 07:01:16 | 000,609,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 2.0\mDotNet.dll\install.exe
[2006.10.30 03:25:56 | 000,099,600 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\NETFX3\Win\Microsoft.NET\Framework\URTInstallPath\CSetupMM\DeleteTemp.exe
[2006.10.30 03:25:54 | 000,194,320 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\NETFX3\Win\Microsoft.NET\Framework\URTInstallPath\CSetupMM\RebootStub.exe
[2006.10.30 03:25:56 | 000,167,176 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\NETFX3\Win\Microsoft.NET\Framework\URTInstallPath\CSetupMM\runmsi.exe
[2006.10.30 03:25:56 | 000,365,320 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\NETFX3\Win\Microsoft.NET\Framework\URTInstallPath\CSetupMM\setup.exe
[2006.10.30 03:25:56 | 000,626,440 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\WCF_x86\Win\Microsoft.NET\Framework\URTInstallPath\CSetupMM\install.exe
[2006.10.30 03:34:02 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\WCF_x86\Win\Microsoft.NET\Framework\v3.0\WCF\ComSvcConfig.exe
[2006.10.30 03:33:58 | 000,741,376 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\WCF_x86\Win\Microsoft.NET\Framework\v3.0\WCF\infocard.exe
[2006.10.30 03:34:02 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\WCF_x86\Win\Microsoft.NET\Framework\v3.0\WCF\ServiceModelReg.exe
[2006.10.30 03:34:02 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\WCF_x86\Win\Microsoft.NET\Framework\v3.0\WCF\SMSvcHost.exe
[2006.10.30 03:34:02 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\WCF_x86\Win\Microsoft.NET\Framework\v3.0\WCF\WsatConfig.exe
[2006.10.30 03:33:58 | 000,556,296 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\WCF_x86\Win\System\icardagt.exe
[2006.07.25 21:32:00 | 000,014,648 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\Wf_x86\Files\PerformanceCounterInstaller.exe
[2006.10.17 02:10:58 | 000,221,488 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\WIC\spuninst.exe
[2006.10.17 02:10:58 | 000,023,856 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\WIC\spupdsvc.exe
[2006.10.17 02:10:58 | 000,742,192 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\WIC\update\update.exe
[2006.10.20 21:21:24 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\WPF_x86\PresentationFontCache.exe
[2006.10.20 21:29:58 | 000,344,352 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\WPF_x86\PresentationHost.exe
[2006.10.20 21:21:26 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\WPF_x86\XamlViewer_v0300.exe
[2006.10.20 21:29:54 | 000,304,928 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\WPF_x86\XPSViewer.exe
[2006.10.15 02:44:44 | 000,671,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\XPS\printfilterpipelinesvc.exe
[2006.06.29 23:07:36 | 000,213,216 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\XPS\spuninst.exe
[2006.06.29 23:07:36 | 000,022,752 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\XPS\spupdsvc.exe
[2006.06.29 23:07:36 | 000,716,000 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Microsoft .NET Framework 3.0\mFileBagIDE.dll\bag\XPS\update\update.exe
[2010.03.22 17:19:05 | 000,038,912 | ---- | M] (Deutsche Telekom AG) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\OFFLINE\5403D92B\86C0540D\LocalShareAdmin.exe
[2010.03.22 17:19:11 | 001,540,096 | ---- | M] (Deutsche Telekom AG) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\OFFLINE\EE27AF34\86C0540D\netzmanager.exe
[2010.03.22 16:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\OFFLINE\F_\TAHMInstall\Netzmanager\bin\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
[2010.03.22 17:19:06 | 000,028,672 | ---- | M] (Deutsche Telekom AG) -- C:\Documents and Settings\All Users\Application Data\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\OFFLINE\F7E47DAD\86C0540D\NMAppAdmin.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\18915\AcrobatUpdater.exe
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\18915\AdobeARM.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\18915\AdobeARMHelper.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\18915\ReaderUpdater.exe
[2012.01.03 19:46:15 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1031-7B44-A95000000001}\Setup.exe
[2011.12.23 21:46:58 | 000,056,969 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
[2011.12.23 21:47:00 | 000,057,591 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
[2010.11.20 12:28:20 | 000,054,128 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
[2010.11.20 12:28:20 | 000,054,153 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
[2011.12.23 21:47:03 | 000,056,458 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
[2011.12.23 21:47:08 | 000,064,957 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
[2011.12.23 21:47:02 | 000,062,879 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
[2011.12.23 21:47:04 | 000,057,275 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
[2011.12.23 21:47:05 | 000,054,166 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
[2011.12.23 21:47:06 | 000,057,037 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
[2010.11.20 12:28:07 | 000,054,101 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
[2011.12.23 21:46:55 | 000,061,667 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
[2011.12.23 21:46:57 | 000,063,228 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\OVSHelper\Uninstaller.exe
[2010.11.20 12:28:49 | 000,057,736 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Player\Uninstaller.exe
[2010.11.20 12:28:01 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
[2010.11.20 12:26:08 | 000,144,696 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
[2011.12.23 21:45:25 | 000,927,072 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
[2010.11.20 12:28:16 | 000,054,644 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
[2010.11.20 12:28:24 | 000,084,038 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
[2011.12.23 21:47:07 | 000,061,792 | ---- | M] (DivX, LLC) -- C:\Documents and Settings\All Users\Application Data\DivX\Update\Uninstaller.exe
[2010.11.20 12:28:54 | 000,056,997 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
[2011.08.03 07:22:43 | 000,527,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
 
< %APPDATA%\*. >
[2012.03.28 16:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012.03.27 22:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2012.03.27 22:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Intel
[2011.03.19 12:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012.03.27 22:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012.03.27 22:31:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012.03.27 22:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
 
< %APPDATA%\*.exe /s >
[2011.11.02 13:25:30 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.04.14 09:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
 
< MD5 for: AHCIX86.SYS  >
[2008.10.13 09:14:18 | 000,184,848 | ---- | M] (Advanced Micro Devices, Inc) MD5=1ED718CA8A8B3F5AB77416A873C2BF9D -- C:\WINDOWS\Dell\ATI\ahcix86.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 09:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 09:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 09:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\WINDOWS\Dell\Intel\IaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: NVGTS.SYS  >
[2008.01.21 15:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\WINDOWS\Dell\NVidia\nvgts.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 09:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 09:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 09:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 09:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 09:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 09:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 09:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 09:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 09:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 09:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2010.05.13 18:53:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.05.13 18:53:04 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.05.13 18:53:03 | 000,917,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

und noch der normale OTL-scan.log:

Code:

ATTFilter

OTL logfile created on: 29.03.2012 17:45:53 - Run 4
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 84,05% Memory free
3,84 Gb Paging File | 3,73 Gb Available in Paging File | 97,01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 37,13 Gb Free Space | 49,82% Space Free | Partition Type: NTFS
 
Computer Name: HB-9EE820F11D78 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (cerc6) --  File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ZTEusbnet) -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\WINDOWS\system32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (TPM) -- C:\WINDOWS\system32\drivers\tpm.sys (Winbond Electronics Corp.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.27 21:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.27 22:17:11 | 000,000,000 | ---D | M]
 
[2012.03.27 22:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012.03.27 22:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.03.18 15:06:25 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.12 14:07:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.12 14:07:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.12 14:07:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 14:07:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.23 21:45:17 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2012.02.12 14:07:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 14:07:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A5EE647-1AD6-4D7A-ADF5-960DF9379868}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E42D4318-3302-45DB-95D5-A53926E980E5}: DhcpNameServer = 139.7.30.125 139.7.30.126
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.29 23:00:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.28 17:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.28 17:15:24 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2012.03.28 09:00:51 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012.03.28 08:03:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2012.03.28 08:03:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2012.03.28 08:03:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2012.03.28 08:03:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012.03.27 22:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012.03.27 22:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.27 22:43:53 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.27 22:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.27 22:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.03.27 22:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012.03.27 22:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012.03.27 22:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012.03.27 22:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012.03.27 22:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2012.03.27 22:24:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012.03.27 22:24:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012.03.27 22:24:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012.03.27 22:24:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012.03.27 22:24:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012.03.27 22:24:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012.03.27 22:24:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Intel
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012.03.27 22:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012.03.27 22:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\SFT_de3
[2012.03.27 21:33:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012.03.27 21:33:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012.03.27 21:33:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012.03.27 21:33:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012.03.27 21:33:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012.03.27 21:33:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012.03.27 21:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012.03.27 21:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012.03.27 21:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2012.03.27 21:33:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012.03.22 21:12:12 | 004,435,968 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2012.03.02 22:22:49 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2012.03.02 22:17:50 | 000,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2012.03.02 22:17:32 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rfcomm.sys
[2012.03.02 22:17:32 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2012.03.02 22:15:10 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2011.12.09 19:34:35 | 018,907,104 | ---- | C] (DVDVideoSoft Ltd.                                           ) -- C:\Program Files\FreeYouTubeDownload3019.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.29 17:23:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.29 17:23:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.29 10:43:02 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3398558F-9866-4456-8AF5-1436ACB4B580}.job
[2012.03.28 17:15:27 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2012.03.28 09:00:53 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012.03.28 07:57:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012.03.28 07:42:38 | 000,000,484 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120328_074233.reg
[2012.03.27 22:43:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.26 15:40:09 | 000,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.26 11:15:13 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.26 11:15:11 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.25 12:42:34 | 000,436,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.03.25 12:42:34 | 000,068,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.03.22 21:12:12 | 004,435,968 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.28 07:57:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012.03.28 07:42:36 | 000,000,484 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120328_074233.reg
[2012.03.27 22:43:54 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.27 21:33:34 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012.03.27 21:33:34 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012.03.26 15:40:09 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.15 12:04:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.06 15:50:55 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.11.09 00:10:46 | 000,159,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.05.13 19:28:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.05.13 19:08:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.05.13 18:55:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.05.13 17:10:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.05.13 17:03:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

< End of report >

hoffe es war alles so richtig, verwundert bin ich allerdings dass mir immer beim OTL log angezeigt wird, dass bei prozessen die grad aktiv sind der explorer läuft, hab ja eigentlich keine programme am laufen außer OTL. ist das so normal? hoffe dass das keine all zu blöde frage ist

Danke schonmal im voraus für deine Hilfe !! echt klasse

cosinus · 29.03.2012, 19:33

Der normale Modus geht aber schon noch vernünftig?
Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

jonastamtam · 29.03.2012, 20:05

also ich bin eben nochmal im normal-modus gegangen und es ist alles so wie vor dem 50 euro-trojaner/virus befall. leere ordner, zeug das ich nicht kenne gibt es nicht, hab auch paar sachen geöffnet, um zu gucken ob das geht etc.
läuft alles normal.

bin jetzt allerdings noch im save-mode um mögliche rückfälle beim downloaden von scan-programmen oder durch benutzung des i-nets/anderen programmen nicht irgendwelche neuen fehler aufzurufen, bevor nicht von deiner seite aus klar ist, dass wieder alles soweit ok ist oder ich jetzt explizit nurnoch den normal-modus benutzen soll.

cosinus · 29.03.2012, 20:37

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-1677128483-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.29 23:00:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[2011.09.01 12:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

jonastamtam · 29.03.2012, 21:14

hab alles gemacht wie beschrieben, aber nachdem otl den fix hat durchlaufen lassen wurde ich aufgefordert, das system neu zu starten um den löschvorgang zu komplettieren. ein log-file gab es allerdings nicht ?! soll ich OTL einfach nochmal so durchlaufen lassen? oder wird das file noch irgendwo anders automatisch gespeichert? hab nichts gefunden nach dem neustart...sry

ok gab doch ein logfile nachdem ich OTL nochmal geöffnet hab, hehe

hier die OTL-file

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-89AF-189327213627} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1060284298-1677128483-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 5175157 bytes
->Temporary Internet Files folder emptied: 1278831 bytes
->FireFox cache emptied: 96960630 bytes
->Flash cache emptied: 57090 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Helga
->Temp folder emptied: 822793 bytes
->Temporary Internet Files folder emptied: 6115561 bytes
->Java cache emptied: 14319 bytes
->FireFox cache emptied: 1468121107 bytes
->Flash cache emptied: 2024637 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2832913 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 279033 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 107133590 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.615,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Helga
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03292012_214751

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 29.03.2012, 21:39

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

jonastamtam · 29.03.2012, 21:58

hab den killer durchlaufen lassen, gab keine probleme. hier das log-file

Code:

ATTFilter

22:53:30.0062 0652	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
22:53:30.0218 0652	============================================================
22:53:30.0218 0652	Current date / time: 2012/03/29 22:53:30.0218
22:53:30.0218 0652	SystemInfo:
22:53:30.0218 0652	
22:53:30.0218 0652	OS Version: 5.1.2600 ServicePack: 3.0
22:53:30.0218 0652	Product type: Workstation
22:53:30.0218 0652	ComputerName: HB-9EE820F11D78
22:53:30.0218 0652	UserName: Helga
22:53:30.0218 0652	Windows directory: C:\WINDOWS
22:53:30.0218 0652	System windows directory: C:\WINDOWS
22:53:30.0218 0652	Processor architecture: Intel x86
22:53:30.0218 0652	Number of processors: 1
22:53:30.0218 0652	Page size: 0x1000
22:53:30.0218 0652	Boot type: Normal boot
22:53:30.0218 0652	============================================================
22:53:32.0250 0652	Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
22:53:32.0250 0652	\Device\Harddisk0\DR0:
22:53:32.0250 0652	MBR used
22:53:32.0250 0652	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E0D1
22:53:32.0515 0652	Initialize success
22:53:32.0515 0652	============================================================
22:53:57.0781 2000	============================================================
22:53:57.0781 2000	Scan started
22:53:57.0781 2000	Mode: Manual; SigCheck; TDLFS; 
22:53:57.0781 2000	============================================================
22:53:58.0078 2000	Abiosdsk - ok
22:53:58.0093 2000	abp480n5 - ok
22:53:58.0171 2000	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:53:59.0921 2000	ACPI - ok
22:54:00.0125 2000	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:54:00.0296 2000	ACPIEC - ok
22:54:00.0312 2000	adpu160m - ok
22:54:00.0406 2000	aeaudio         (cde1f62fe63631b932ace2249fb11da0) C:\WINDOWS\system32\drivers\aeaudio.sys
22:54:00.0500 2000	aeaudio - ok
22:54:00.0578 2000	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:54:00.0812 2000	aec - ok
22:54:00.0859 2000	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:54:00.0937 2000	AFD - ok
22:54:00.0937 2000	Aha154x - ok
22:54:00.0953 2000	aic78u2 - ok
22:54:00.0968 2000	aic78xx - ok
22:54:01.0015 2000	Alerter         (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:54:01.0140 2000	Alerter - ok
22:54:01.0171 2000	ALG             (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:54:01.0234 2000	ALG - ok
22:54:01.0406 2000	AliIde - ok
22:54:01.0421 2000	amsint - ok
22:54:01.0609 2000	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:54:01.0640 2000	AntiVirSchedulerService - ok
22:54:01.0703 2000	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:54:01.0718 2000	AntiVirService - ok
22:54:01.0750 2000	AppMgmt         (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:54:01.0843 2000	AppMgmt - ok
22:54:01.0859 2000	asc - ok
22:54:01.0875 2000	asc3350p - ok
22:54:01.0890 2000	asc3550 - ok
22:54:02.0000 2000	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:54:02.0062 2000	aspnet_state - ok
22:54:02.0109 2000	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:54:02.0328 2000	AsyncMac - ok
22:54:02.0406 2000	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:54:02.0562 2000	atapi - ok
22:54:02.0781 2000	Atdisk - ok
22:54:02.0812 2000	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:54:03.0062 2000	Atmarpc - ok
22:54:03.0093 2000	AudioSrv        (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:54:03.0218 2000	AudioSrv - ok
22:54:03.0250 2000	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:54:03.0390 2000	audstub - ok
22:54:03.0421 2000	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:54:03.0468 2000	avgntflt - ok
22:54:03.0484 2000	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:54:03.0500 2000	avipbb - ok
22:54:03.0531 2000	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:54:03.0546 2000	avkmgr - ok
22:54:03.0640 2000	b57w2k          (66dd574749c38153c6067ebba929befc) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:54:03.0687 2000	b57w2k - ok
22:54:03.0750 2000	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:54:03.0859 2000	Beep - ok
22:54:03.0937 2000	BITS            (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:54:04.0218 2000	BITS - ok
22:54:04.0406 2000	Browser         (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:54:04.0531 2000	Browser - ok
22:54:04.0609 2000	BthEnum         (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
22:54:04.0718 2000	BthEnum - ok
22:54:04.0750 2000	BTHMODEM        (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
22:54:04.0937 2000	BTHMODEM - ok
22:54:04.0968 2000	BthPan          (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
22:54:05.0078 2000	BthPan - ok
22:54:05.0171 2000	BTHPORT         (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
22:54:05.0250 2000	BTHPORT - ok
22:54:05.0296 2000	BthServ         (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
22:54:05.0421 2000	BthServ - ok
22:54:05.0453 2000	BTHUSB          (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
22:54:05.0578 2000	BTHUSB - ok
22:54:05.0625 2000	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:54:05.0796 2000	cbidf2k - ok
22:54:05.0906 2000	cd20xrnt - ok
22:54:05.0968 2000	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:54:06.0125 2000	Cdaudio - ok
22:54:06.0156 2000	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:54:06.0296 2000	Cdfs - ok
22:54:06.0359 2000	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:54:06.0546 2000	Cdrom - ok
22:54:06.0562 2000	cerc6 - ok
22:54:06.0578 2000	Changer - ok
22:54:06.0609 2000	CiSvc           (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:54:06.0812 2000	CiSvc - ok
22:54:06.0859 2000	ClipSrv         (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:54:07.0046 2000	ClipSrv - ok
22:54:07.0156 2000	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:54:07.0218 2000	clr_optimization_v2.0.50727_32 - ok
22:54:07.0265 2000	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:54:07.0453 2000	CmBatt - ok
22:54:07.0468 2000	CmdIde - ok
22:54:07.0484 2000	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:54:07.0671 2000	Compbatt - ok
22:54:07.0687 2000	COMSysApp - ok
22:54:07.0703 2000	Cpqarray - ok
22:54:07.0765 2000	CryptSvc        (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:54:07.0953 2000	CryptSvc - ok
22:54:08.0156 2000	dac2w2k - ok
22:54:08.0171 2000	dac960nt - ok
22:54:08.0234 2000	DcomLaunch      (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:54:08.0375 2000	DcomLaunch - ok
22:54:08.0406 2000	Dhcp            (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:54:08.0609 2000	Dhcp - ok
22:54:08.0687 2000	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:54:08.0937 2000	Disk - ok
22:54:08.0953 2000	dmadmin - ok
22:54:09.0031 2000	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:54:09.0218 2000	dmboot - ok
22:54:09.0390 2000	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:54:09.0531 2000	dmio - ok
22:54:09.0578 2000	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:54:09.0796 2000	dmload - ok
22:54:09.0843 2000	dmserver        (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:54:10.0046 2000	dmserver - ok
22:54:10.0109 2000	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:54:10.0296 2000	DMusic - ok
22:54:10.0375 2000	Dnscache        (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:54:10.0468 2000	Dnscache - ok
22:54:10.0531 2000	Dot3svc         (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:54:10.0734 2000	Dot3svc - ok
22:54:10.0734 2000	dpti2o - ok
22:54:10.0781 2000	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:54:10.0953 2000	drmkaud - ok
22:54:11.0187 2000	EapHost         (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:54:11.0390 2000	EapHost - ok
22:54:11.0437 2000	ERSvc           (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:54:11.0640 2000	ERSvc - ok
22:54:11.0687 2000	Eventlog        (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:54:11.0734 2000	Eventlog - ok
22:54:11.0812 2000	EventSystem     (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:54:11.0843 2000	EventSystem - ok
22:54:12.0046 2000	EvtEng          (53cca6b4df0977074e85c9a18f42b5cc) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:54:12.0125 2000	EvtEng - ok
22:54:12.0328 2000	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:54:12.0593 2000	Fastfat - ok
22:54:12.0703 2000	FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:54:12.0765 2000	FastUserSwitchingCompatibility - ok
22:54:12.0812 2000	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:54:12.0937 2000	Fdc - ok
22:54:12.0953 2000	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:54:13.0062 2000	Fips - ok
22:54:13.0093 2000	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:54:13.0218 2000	Flpydisk - ok
22:54:13.0296 2000	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:54:13.0453 2000	FltMgr - ok
22:54:13.0640 2000	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:54:13.0656 2000	FontCache3.0.0.0 - ok
22:54:13.0828 2000	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:54:13.0968 2000	Fs_Rec - ok
22:54:14.0046 2000	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:54:14.0250 2000	Ftdisk - ok
22:54:14.0343 2000	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:54:14.0453 2000	Gpc - ok
22:54:14.0609 2000	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:54:14.0625 2000	gupdate - ok
22:54:14.0625 2000	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:54:14.0640 2000	gupdatem - ok
22:54:14.0671 2000	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:54:14.0687 2000	gusvc - ok
22:54:14.0828 2000	helpsvc         (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:54:15.0062 2000	helpsvc - ok
22:54:15.0062 2000	HidServ - ok
22:54:15.0156 2000	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:54:15.0281 2000	hidusb - ok
22:54:15.0343 2000	hkmsvc          (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:54:15.0484 2000	hkmsvc - ok
22:54:15.0671 2000	hpn - ok
22:54:15.0734 2000	HSFHWICH        (e7bcc7ec37dd2dd36a39bb9ac87a897b) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
22:54:15.0796 2000	HSFHWICH - ok
22:54:15.0890 2000	HSF_DPV         (822c60f2abee73a0e089230d94064f39) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:54:16.0015 2000	HSF_DPV - ok
22:54:16.0078 2000	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:54:16.0125 2000	HTTP - ok
22:54:16.0281 2000	HTTPFilter      (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:54:16.0500 2000	HTTPFilter - ok
22:54:16.0531 2000	i2omgmt - ok
22:54:16.0546 2000	i2omp - ok
22:54:16.0625 2000	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:54:16.0765 2000	i8042prt - ok
22:54:16.0906 2000	ialm            (643162fbc619e35d3f1a90a095a5bb42) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:54:17.0109 2000	ialm - ok
22:54:17.0203 2000	IBMPMDRV        (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
22:54:17.0218 2000	IBMPMDRV - ok
22:54:17.0265 2000	IBMPMSVC        (a75ce11915e4ecc5e1597d6e0f7bb2db) C:\WINDOWS\system32\ibmpmsvc.exe
22:54:17.0281 2000	IBMPMSVC - ok
22:54:17.0453 2000	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:54:17.0531 2000	idsvc - ok
22:54:17.0843 2000	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:54:18.0093 2000	Imapi - ok
22:54:18.0218 2000	ImapiService    (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:54:18.0343 2000	ImapiService - ok
22:54:18.0359 2000	ini910u - ok
22:54:18.0421 2000	IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:54:18.0531 2000	IntelIde - ok
22:54:18.0593 2000	intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:54:18.0781 2000	intelppm - ok
22:54:18.0812 2000	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:54:18.0968 2000	Ip6Fw - ok
22:54:19.0046 2000	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:54:19.0218 2000	IpFilterDriver - ok
22:54:19.0250 2000	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:54:19.0406 2000	IpInIp - ok
22:54:19.0453 2000	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:54:19.0609 2000	IpNat - ok
22:54:19.0671 2000	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:54:19.0843 2000	IPSec - ok
22:54:19.0921 2000	irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
22:54:20.0000 2000	irda - ok
22:54:20.0062 2000	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:54:20.0140 2000	IRENUM - ok
22:54:20.0265 2000	Irmon           (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
22:54:20.0343 2000	Irmon - ok
22:54:20.0406 2000	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:54:20.0593 2000	isapnp - ok
22:54:20.0812 2000	JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
22:54:20.0828 2000	JavaQuickStarterService - ok
22:54:20.0859 2000	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:54:21.0046 2000	Kbdclass - ok
22:54:21.0187 2000	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:54:21.0390 2000	kmixer - ok
22:54:21.0421 2000	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:54:21.0500 2000	KSecDD - ok
22:54:21.0625 2000	LanmanServer    (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:54:21.0718 2000	LanmanServer - ok
22:54:21.0812 2000	lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:54:21.0859 2000	lanmanworkstation - ok
22:54:21.0875 2000	lbrtfdc - ok
22:54:21.0921 2000	LmHosts         (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:54:22.0156 2000	LmHosts - ok
22:54:22.0250 2000	massfilter      (112db6314bb175ba5f27a66e11c01d77) C:\WINDOWS\system32\DRIVERS\massfilter.sys
22:54:22.0296 2000	massfilter - ok
22:54:22.0375 2000	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
22:54:22.0375 2000	MBAMProtector - ok
22:54:22.0484 2000	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:54:22.0515 2000	MBAMService - ok
22:54:22.0750 2000	mdmxsdk         (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:54:22.0828 2000	mdmxsdk - ok
22:54:22.0875 2000	Messenger       (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:54:23.0140 2000	Messenger - ok
22:54:23.0250 2000	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:54:23.0265 2000	Microsoft Office Groove Audit Service - ok
22:54:23.0359 2000	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:54:23.0484 2000	mnmdd - ok
22:54:23.0531 2000	mnmsrvc         (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:54:23.0656 2000	mnmsrvc - ok
22:54:23.0703 2000	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:54:23.0843 2000	Modem - ok
22:54:23.0953 2000	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:54:24.0109 2000	Mouclass - ok
22:54:24.0140 2000	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:54:24.0296 2000	mouhid - ok
22:54:24.0328 2000	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:54:24.0515 2000	MountMgr - ok
22:54:24.0531 2000	mraid35x - ok
22:54:24.0562 2000	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:54:24.0687 2000	MRxDAV - ok
22:54:24.0796 2000	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:54:24.0875 2000	MRxSmb - ok
22:54:24.0937 2000	MSDTC           (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:54:25.0078 2000	MSDTC - ok
22:54:25.0218 2000	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:54:25.0437 2000	Msfs - ok
22:54:25.0437 2000	MSIServer - ok
22:54:25.0531 2000	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:54:25.0671 2000	MSKSSRV - ok
22:54:25.0703 2000	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:54:25.0812 2000	MSPCLOCK - ok
22:54:25.0828 2000	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:54:25.0968 2000	MSPQM - ok
22:54:26.0015 2000	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:54:26.0140 2000	mssmbios - ok
22:54:26.0203 2000	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:54:26.0234 2000	Mup - ok
22:54:26.0296 2000	napagent        (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:54:26.0453 2000	napagent - ok
22:54:26.0546 2000	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:54:26.0734 2000	NDIS - ok
22:54:26.0828 2000	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:54:26.0890 2000	NdisTapi - ok
22:54:26.0953 2000	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:54:27.0140 2000	Ndisuio - ok
22:54:27.0234 2000	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:54:27.0437 2000	NdisWan - ok
22:54:27.0546 2000	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:54:27.0578 2000	NDProxy - ok
22:54:27.0640 2000	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:54:27.0843 2000	NetBIOS - ok
22:54:27.0937 2000	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:54:28.0062 2000	NetBT - ok
22:54:28.0109 2000	NetDDE          (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:54:28.0234 2000	NetDDE - ok
22:54:28.0250 2000	NetDDEdsdm      (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:54:28.0359 2000	NetDDEdsdm - ok
22:54:28.0437 2000	Netlogon        (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:54:28.0562 2000	Netlogon - ok
22:54:28.0687 2000	Netman          (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:54:28.0828 2000	Netman - ok
22:54:28.0968 2000	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:54:28.0984 2000	NetTcpPortSharing - ok
22:54:29.0078 2000	Netzmanager Service (450d0d2062c54dda23583a78c0eb63d9) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
22:54:29.0093 2000	Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
22:54:29.0093 2000	Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
22:54:29.0234 2000	Nla             (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:54:29.0250 2000	Nla - ok
22:54:29.0328 2000	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:54:29.0515 2000	Npfs - ok
22:54:29.0687 2000	NSCIRDA         (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
22:54:29.0796 2000	NSCIRDA - ok
22:54:29.0875 2000	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:54:30.0093 2000	Ntfs - ok
22:54:30.0140 2000	NtLmSsp         (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:54:30.0250 2000	NtLmSsp - ok
22:54:30.0359 2000	NtmsSvc         (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:54:30.0484 2000	NtmsSvc - ok
22:54:30.0546 2000	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:54:30.0671 2000	Null - ok
22:54:30.0718 2000	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:54:30.0953 2000	NwlnkFlt - ok
22:54:31.0000 2000	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:54:31.0140 2000	NwlnkFwd - ok
22:54:31.0281 2000	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:54:31.0312 2000	odserv - ok
22:54:31.0390 2000	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:54:31.0406 2000	ose - ok
22:54:31.0593 2000	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:54:31.0812 2000	Parport - ok
22:54:31.0843 2000	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:54:32.0046 2000	PartMgr - ok
22:54:32.0125 2000	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:54:32.0296 2000	ParVdm - ok
22:54:32.0312 2000	PcdrNdisuio - ok
22:54:32.0359 2000	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:54:32.0562 2000	PCI - ok
22:54:32.0578 2000	PCIDump - ok
22:54:32.0593 2000	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
22:54:32.0750 2000	PCIIde - ok
22:54:32.0796 2000	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:54:32.0906 2000	Pcmcia - ok
22:54:32.0921 2000	PDCOMP - ok
22:54:32.0937 2000	PDFRAME - ok
22:54:32.0953 2000	PDRELI - ok
22:54:32.0968 2000	PDRFRAME - ok
22:54:32.0984 2000	perc2 - ok
22:54:33.0000 2000	perc2hib - ok
22:54:33.0062 2000	PlugPlay        (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:54:33.0078 2000	PlugPlay - ok
22:54:33.0109 2000	PolicyAgent     (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:54:33.0218 2000	PolicyAgent - ok
22:54:33.0250 2000	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:54:33.0359 2000	PptpMiniport - ok
22:54:33.0375 2000	ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:54:33.0500 2000	ProtectedStorage - ok
22:54:33.0515 2000	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:54:33.0718 2000	PSched - ok
22:54:33.0906 2000	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:54:34.0046 2000	Ptilink - ok
22:54:34.0078 2000	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:54:34.0093 2000	PxHelp20 - ok
22:54:34.0109 2000	ql1080 - ok
22:54:34.0125 2000	Ql10wnt - ok
22:54:34.0140 2000	ql12160 - ok
22:54:34.0156 2000	ql1240 - ok
22:54:34.0187 2000	ql1280 - ok
22:54:34.0203 2000	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:54:34.0375 2000	RasAcd - ok
22:54:34.0390 2000	RasAuto         (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:54:34.0562 2000	RasAuto - ok
22:54:34.0609 2000	Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
22:54:34.0656 2000	Rasirda - ok
22:54:34.0703 2000	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:54:34.0812 2000	Rasl2tp - ok
22:54:34.0875 2000	RasMan          (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:54:35.0000 2000	RasMan - ok
22:54:35.0015 2000	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:54:35.0125 2000	RasPppoe - ok
22:54:35.0140 2000	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:54:35.0265 2000	Raspti - ok
22:54:35.0296 2000	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:54:35.0437 2000	Rdbss - ok
22:54:35.0453 2000	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:54:35.0593 2000	RDPCDD - ok
22:54:35.0640 2000	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:54:35.0765 2000	rdpdr - ok
22:54:35.0921 2000	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:54:36.0000 2000	RDPWD - ok
22:54:36.0062 2000	RDSessMgr       (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:54:36.0203 2000	RDSessMgr - ok
22:54:36.0343 2000	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:54:36.0578 2000	redbook - ok
22:54:36.0718 2000	RegSrvc         (7c4391419852dfc331f6af620c33af3c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:54:36.0734 2000	RegSrvc - ok
22:54:36.0953 2000	RemoteAccess    (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:54:37.0093 2000	RemoteAccess - ok
22:54:37.0156 2000	RemoteRegistry  (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:54:37.0390 2000	RemoteRegistry - ok
22:54:37.0468 2000	RFCOMM          (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
22:54:37.0562 2000	RFCOMM - ok
22:54:37.0625 2000	RpcLocator      (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:54:37.0750 2000	RpcLocator - ok
22:54:37.0812 2000	RpcSs           (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:54:37.0875 2000	RpcSs - ok
22:54:37.0921 2000	RSVP            (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:54:38.0078 2000	RSVP - ok
22:54:38.0265 2000	S24EventMonitor (55ccc8ced5778556f6b516b3858ac970) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
22:54:38.0375 2000	S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
22:54:38.0375 2000	S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
22:54:38.0531 2000	s24trans        (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
22:54:38.0640 2000	s24trans - ok
22:54:38.0703 2000	SamSs           (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:54:38.0937 2000	SamSs - ok
22:54:39.0000 2000	SCardSvr        (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:54:39.0125 2000	SCardSvr - ok
22:54:39.0187 2000	Schedule        (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:54:39.0312 2000	Schedule - ok
22:54:39.0359 2000	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:54:39.0406 2000	Secdrv - ok
22:54:39.0437 2000	seclogon        (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:54:39.0546 2000	seclogon - ok
22:54:39.0578 2000	SENS            (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:54:39.0765 2000	SENS - ok
22:54:39.0796 2000	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:54:39.0906 2000	serenum - ok
22:54:40.0046 2000	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:54:40.0171 2000	Serial - ok
22:54:40.0203 2000	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:54:40.0343 2000	Sfloppy - ok
22:54:40.0421 2000	SharedAccess    (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:54:40.0656 2000	SharedAccess - ok
22:54:40.0718 2000	ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:54:40.0750 2000	ShellHWDetection - ok
22:54:40.0765 2000	Simbad - ok
22:54:40.0843 2000	smwdm           (b09f23bf6e451b7a492b4a3d5eacfb24) C:\WINDOWS\system32\drivers\smwdm.sys
22:54:40.0875 2000	smwdm - ok
22:54:40.0921 2000	SNMP            (60c377be6b3cc83f6a8584934b181d2e) C:\WINDOWS\System32\snmp.exe
22:54:41.0109 2000	SNMP - ok
22:54:41.0171 2000	SNMPTRAP        (80a050795a107a76c2b1cd4cfbe010e6) C:\WINDOWS\System32\snmptrap.exe
22:54:41.0375 2000	SNMPTRAP - ok
22:54:41.0437 2000	SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
22:54:41.0453 2000	SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
22:54:41.0453 2000	SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
22:54:41.0578 2000	Sparrow - ok
22:54:41.0656 2000	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:54:41.0875 2000	splitter - ok
22:54:41.0937 2000	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:54:41.0984 2000	Spooler - ok
22:54:42.0046 2000	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:54:42.0156 2000	sr - ok
22:54:42.0203 2000	srservice       (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:54:42.0312 2000	srservice - ok
22:54:42.0375 2000	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:54:42.0468 2000	Srv - ok
22:54:42.0515 2000	SSDPSRV         (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:54:42.0640 2000	SSDPSRV - ok
22:54:42.0843 2000	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:54:42.0859 2000	ssmdrv - ok
22:54:42.0906 2000	stisvc          (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:54:43.0187 2000	stisvc - ok
22:54:43.0250 2000	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:54:43.0375 2000	swenum - ok
22:54:43.0437 2000	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:54:43.0562 2000	swmidi - ok
22:54:43.0578 2000	SwPrv - ok
22:54:43.0640 2000	symc810 - ok
22:54:43.0656 2000	symc8xx - ok
22:54:43.0671 2000	sym_hi - ok
22:54:43.0687 2000	sym_u3 - ok
22:54:43.0750 2000	SynTP           (1cde0a5c0416187b9b89e03980c6e8de) C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:54:43.0796 2000	SynTP - ok
22:54:43.0843 2000	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:54:44.0015 2000	sysaudio - ok
22:54:44.0062 2000	SysmonLog       (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:54:44.0234 2000	SysmonLog - ok
22:54:44.0375 2000	TapiSrv         (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:54:44.0562 2000	TapiSrv - ok
22:54:44.0671 2000	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:54:44.0703 2000	Tcpip - ok
22:54:44.0828 2000	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:54:45.0093 2000	TDPIPE - ok
22:54:45.0125 2000	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:54:45.0234 2000	TDTCP - ok
22:54:45.0281 2000	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:54:45.0390 2000	TermDD - ok
22:54:45.0437 2000	TermService     (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:54:45.0546 2000	TermService - ok
22:54:45.0625 2000	Themes          (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:54:45.0640 2000	Themes - ok
22:54:45.0812 2000	TlntSvr         (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
22:54:45.0906 2000	TlntSvr - ok
22:54:45.0921 2000	TosIde - ok
22:54:45.0968 2000	TPM             (317b746b6069a10d635fdbdf48723845) C:\WINDOWS\system32\DRIVERS\tpm.sys
22:54:46.0015 2000	TPM - ok
22:54:46.0109 2000	TrkWks          (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:54:46.0265 2000	TrkWks - ok
22:54:46.0312 2000	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:54:46.0546 2000	Udfs - ok
22:54:46.0562 2000	ultra - ok
22:54:46.0656 2000	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:54:46.0765 2000	Update - ok
22:54:46.0875 2000	upnphost        (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:54:46.0953 2000	upnphost - ok
22:54:47.0000 2000	UPS             (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:54:47.0109 2000	UPS - ok
22:54:47.0171 2000	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:54:47.0328 2000	usbccgp - ok
22:54:47.0390 2000	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:54:47.0546 2000	usbehci - ok
22:54:47.0734 2000	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:54:47.0968 2000	usbhub - ok
22:54:48.0125 2000	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:54:48.0343 2000	usbscan - ok
22:54:48.0453 2000	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:54:48.0593 2000	USBSTOR - ok
22:54:48.0593 2000	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:54:48.0703 2000	usbuhci - ok
22:54:48.0750 2000	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:54:48.0859 2000	VgaSave - ok
22:54:48.0875 2000	ViaIde - ok
22:54:48.0921 2000	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:54:49.0046 2000	VolSnap - ok
22:54:49.0109 2000	VSS             (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:54:49.0187 2000	VSS - ok
22:54:49.0390 2000	w29n51          (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
22:54:49.0593 2000	w29n51 - ok
22:54:49.0828 2000	W32Time         (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:54:50.0015 2000	W32Time - ok
22:54:50.0078 2000	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:54:50.0187 2000	Wanarp - ok
22:54:50.0203 2000	WDICA - ok
22:54:50.0281 2000	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:54:50.0390 2000	wdmaud - ok
22:54:50.0406 2000	WebClient       (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:54:50.0531 2000	WebClient - ok
22:54:50.0640 2000	winachsf        (5ea185425bfcbc2d4b96d673d8c4deaf) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:54:50.0671 2000	winachsf - ok
22:54:50.0921 2000	winmgmt         (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:54:51.0046 2000	winmgmt - ok
22:54:51.0109 2000	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:54:51.0156 2000	WmdmPmSN - ok
22:54:51.0250 2000	Wmi             (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:54:51.0343 2000	Wmi - ok
22:54:51.0406 2000	WmiApSrv        (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:54:51.0609 2000	WmiApSrv - ok
22:54:51.0859 2000	WMPNetworkSvc   (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:54:51.0968 2000	WMPNetworkSvc - ok
22:54:52.0125 2000	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:54:52.0156 2000	WpdUsb - ok
22:54:52.0203 2000	wscsvc          (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:54:52.0437 2000	wscsvc - ok
22:54:52.0484 2000	wuauserv        (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:54:52.0609 2000	wuauserv - ok
22:54:52.0671 2000	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:54:52.0703 2000	WudfPf - ok
22:54:52.0750 2000	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:54:52.0781 2000	WudfRd - ok
22:54:52.0812 2000	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:54:52.0843 2000	WudfSvc - ok
22:54:52.0890 2000	WZCSVC          (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:54:53.0140 2000	WZCSVC - ok
22:54:53.0296 2000	xmlprov         (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:54:53.0468 2000	xmlprov - ok
22:54:53.0640 2000	ZTEusbmdm6k     (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
22:54:53.0796 2000	ZTEusbmdm6k - ok
22:54:53.0843 2000	ZTEusbnet       (d788e7d89cc491644d7a45b227f9b25e) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
22:54:53.0875 2000	ZTEusbnet - ok
22:54:53.0906 2000	ZTEusbnmea      (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
22:54:53.0937 2000	ZTEusbnmea - ok
22:54:53.0968 2000	ZTEusbser6k     (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
22:54:53.0984 2000	ZTEusbser6k - ok
22:54:54.0015 2000	ZTEusbvoice     (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
22:54:54.0046 2000	ZTEusbvoice - ok
22:54:54.0093 2000	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:54:54.0328 2000	\Device\Harddisk0\DR0 - ok
22:54:54.0343 2000	Boot (0x1200)   (c6408866e36171154b36f9dff9dd5f7f) \Device\Harddisk0\DR0\Partition0
22:54:54.0343 2000	\Device\Harddisk0\DR0\Partition0 - ok
22:54:54.0343 2000	============================================================
22:54:54.0343 2000	Scan finished
22:54:54.0343 2000	============================================================
22:54:54.0484 3256	Detected object count: 3
22:54:54.0484 3256	Actual detected object count: 3
22:55:19.0875 3256	Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:19.0875 3256	Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:55:19.0875 3256	S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:19.0875 3256	S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:55:19.0875 3256	SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
22:55:19.0875 3256	SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip

ach ja bin nun im normalen modus online geblieben, wenn ich wieder im save-mode wechseln soll um weitere suchläufe oder dateilöschungen durchzuführen, dann bitte melden. danke

cosinus · 30.03.2012, 08:45

Den Safemode brauchen wir wohl erstmal nicht mehr
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

jonastamtam · 30.03.2012, 09:13

soo, guten morgen erstmal

hab combofix ausgeführt wie beschrieben, gab keine fehlermeldungen, musste allerdings das microsoft-wiederherstellungszeitpunkt-tool runterladen, bzw combofix hat das dann gemacht, danach lief alles reibungslos, boot war normal.
hier das log-file:

Code:

ATTFilter

ComboFix 12-03-30.02 - Helga 30.03.2012   9:56.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.2038.1527 [GMT 2:00]
ausgeführt von:: c:\documents and settings\Helga\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Helga\Application Data\PriceGong
c:\documents and settings\Helga\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Helga\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Helga\Local Settings\Application Data\Skype\SkypePM.exe
c:\program files\FreeYouTubeDownload3019.exe
c:\windows\system32\Cache
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-28 bis 2012-03-30  ))))))))))))))))))))))))))))))
.
.
2012-03-29 19:47 . 2012-03-29 19:47	--------	d-----w-	C:\_OTL
2012-03-29 07:47 . 2012-03-29 07:47	--------	d-----w-	c:\documents and settings\Helga\Application Data\Malwarebytes
2012-03-28 15:16 . 2012-03-28 15:16	--------	d-----w-	c:\program files\ESET
2012-03-27 20:43 . 2012-03-27 20:43	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-27 20:43 . 2012-03-27 20:43	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-27 20:43 . 2011-12-10 13:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-27 20:24 . 2012-03-29 07:39	--------	d-----w-	c:\documents and settings\Helga\Local Settings\Application Data\Skype
2012-03-27 20:21 . 2012-03-27 20:21	--------	d-----w-	c:\program files\SFT_de3
2012-03-27 19:33 . 2012-03-28 05:57	--------	d-----w-	c:\documents and settings\Administrator
2012-03-22 19:12 . 2012-03-22 19:12	4435968	----a-w-	c:\windows\system32\GPhotos.scr
2012-03-18 13:06 . 2012-03-18 13:06	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 13:06 . 2012-03-18 13:06	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 11:51 . 2012-03-14 11:51	--------	d-sh--w-	c:\documents and settings\Default User\IETldCache
2012-03-02 20:22 . 2008-04-13 23:16	37888	-c--a-w-	c:\windows\system32\dllcache\bthmodem.sys
2012-03-02 20:22 . 2008-04-13 23:16	37888	----a-w-	c:\windows\system32\drivers\bthmodem.sys
2012-03-02 20:17 . 2008-04-13 23:21	101120	-c--a-w-	c:\windows\system32\dllcache\bthpan.sys
2012-03-02 20:17 . 2008-04-13 23:21	101120	----a-w-	c:\windows\system32\drivers\bthpan.sys
2012-03-02 20:17 . 2008-04-13 23:16	59136	-c--a-w-	c:\windows\system32\dllcache\rfcomm.sys
2012-03-02 20:17 . 2008-04-13 23:16	59136	----a-w-	c:\windows\system32\drivers\rfcomm.sys
2012-03-02 20:17 . 2008-04-13 23:16	17024	-c--a-w-	c:\windows\system32\dllcache\bthenum.sys
2012-03-02 20:17 . 2008-04-13 23:16	17024	----a-w-	c:\windows\system32\drivers\BthEnum.sys
2012-03-02 20:15 . 2008-04-13 23:16	18944	-c--a-w-	c:\windows\system32\dllcache\bthusb.sys
2012-03-02 20:15 . 2008-04-13 23:16	18944	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 08:36 . 2011-10-24 18:45	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-03 09:22 . 2008-04-14 07:00	1860096	----a-w-	c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 10:04	3072	------w-	c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-05-13 15:02	139784	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-18 13:06 . 2011-12-31 16:30	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Helga^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\documents and settings\Helga\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07	843712	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 04:42	110592	----a-w-	c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-09-15 07:50	77824	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-09-15 07:54	118784	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-09-15 07:53	94208	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2004-08-06 05:27	860160	----a-w-	c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 07:11	1388544	----a-w-	c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2003-06-24 12:33	561152	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2003-06-24 12:34	126976	----a-w-	c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
2008-04-14 07:00	3072	----a-w-	c:\windows\system32\systray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24.10.2011 20:45 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [24.10.2011 20:45 86224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [27.03.2012 22:43 652360]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [22.03.2010 16:40 9728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27.03.2012 22:43 20464]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13.05.2010 19:28 136176]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13.05.2010 19:28 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [28.12.2010 21:42 9728]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [28.12.2010 21:42 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [28.12.2010 21:42 105088]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 17:28]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 17:28]
.
2012-03-30 c:\windows\Tasks\User_Feed_Synchronization-{3398558F-9866-4456-8AF5-1436ACB4B580}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&ss=1&affID=100365&mntrId=fc05ff450000000000000010c6e38716
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\documents and settings\Helga\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Helga\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Helga\Application Data\Mozilla\Firefox\Profiles\ssmzqt09.default\
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: browser.search.selectedEngine - Search the web
FF - user.js: browser.search.order.1 - Search the web
FF - user.js: browser.search.defaultenginename - Search the web
FF - user.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-SkypePM - c:\documents and settings\Helga\Local Settings\Application Data\Skype\SkypePM.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-30 10:05
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3872)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\progra~2\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\System32\snmp.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-30  10:10:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-30 08:10
.
Vor Suchlauf: 41.691.111.424 bytes free
Nach Suchlauf: 41.627.451.392 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin
.
- - End Of File - - AE31D53A672BDEF9C70EB8ED88C40F16

ne frage, wobei handelt es sich denn bei diesem price-gong was da gelöscht wurde ? weil mir das absolut nichts sagt..

28.03.2012, 20:29	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Anzeige des Befalls und Zahlung von 50 Euro für Lösung /VIRUS oder TROJANER ? Geht der normale Modus inzwischen wieder? __________________ Logfiles bitte immer in CODE-Tags posten

29.03.2012, 19:33	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Anzeige des Befalls und Zahlung von 50 Euro für Lösung /VIRUS oder TROJANER ? Der normale Modus geht aber schon noch vernünftig? Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Anzeige des Befalls und Zahlung von 50 Euro für Lösung /VIRUS oder TROJANER ?

Plagegeister aller Art und deren Bekämpfung: Anzeige des Befalls und Zahlung von 50 Euro für Lösung /VIRUS oder TROJANER ?